After months of discussion, the Christian Democrats (CDU) and the Christian Social Union (CSU) voted against excluding Huawei from Germany’s 5G network. Yet, strict criteria to minimise security risks will be imposed, EURACTIV Germany reports.
The conservative CDU/CSU Union held a vote on Tuesday (11 February) to take a position on Huawei’s participation in the country’s 5G networks.
Although the Union was previously divided on the matter, EURACTIV found out that the corresponding position paper has been adopted unanimously.
In the position paper, the two conservative parties call for a catalogue of security criteria that 5G suppliers have to “verifiably fulfil”. Among other things, it must be ensured that “any influence by a foreign state on our 5G infrastructure is excluded”.
Internal split
Although China is not mentioned by name, this formulation refers primarily to the Asian economic giant.
It was not a foregone conclusion, as Union parties initially appeared divided on the issue. In October, the head of the German intelligence service, Bruno Kahl, pointed to risks that the Chinese government might be able to influence Huawei and use its technology to penetrate European 5G networks.
The warning was echoed by Norbert Röttgen, a former Environment Minister who currently chairs the Foreign Affairs Committee in the Bundestag. German Chancellor Angela Merkel, for her part, did not want to exclude Huawei outright.
Now it seems that Merkel’s position has prevailed – and with it that of the European Commission. In its non-binding recommendations on secure 5G networks, sent to the member states, the Commission did not mention Huawei explicitly but recommended strict security criteria for equipment suppliers.
Unavoidable risk
In Germany, this catalogue of security criteria has yet to be drawn up, and the CDU/CSU parties are calling on the government to do this “swiftly”. The position paper says federal authorities should be responsible for ensuring that these criteria are met.
According to Business Insider, this is a reference to the Federal Office for Information Security and the Federal Network Agency. The German secret services, such as the BND, whose head had warned strongly against Huawei and China’s influence, would not be involved in the control.
The paper warns against state influence in general, but avoids the word “China”. At the same time, the parties appeared unsure as to whether they will be able to meet their own demands.
Although the “influence by a foreign state on our 5G infrastructure must be ruled out,” it should be noted that “state actors can infiltrate the network of any manufacturer with a correspondingly large input of resources”. Therefore, security risks can “not be completely eliminated despite comprehensive technical checks, but at best minimised,” the paper says.
Encryption and sanctions
However, in order not to be “defencelessly exposed” to spying on 5G networks, the Union parties recommend relying on “strong cryptography”, and in particular end-to-end encryption, where theoretically only the sender and recipient can view messages in unencrypted form. To ensure this, the two parties call for more research and development in the area of cryptography.
Another measure to minimise risks is to avoid “monocultures” where a single provider gets a disproportionate share of the network. This was already part of the CSU’s digital strategy proposed in January. Still, the party was more specific at the time and demanded that “one provider in the 5G network should not account for more than 50% of all components”. Such a figure is missing from the current position paper.
The paper threatens companies that violate security regulations with retroactive sanctions and the withdrawal of their security licences.
[Edited by Frédéric Simon]