European Commission recommends common EU approach to the security of 5G networks

Gabriel 2019_

Visit by Mariya Gabriel, Member of the EC in charge of Digital Economy and Society, to Romania. © European Union, 2019 Photographer: Mircea Roşca.

This article is brought to you in association with the European Commission.


Today the European Commission has recommended a set of operational steps and measures to ensure a high level of cybersecurity of 5G networks across the EU.

Fifth generation (5G) networks will form the future backbone of our societies and economies, connecting billions of objects and systems, including in critical sectors such as energy, transport, banking, and health, as well as industrial control systems carrying sensitive information and supporting safety systems. Democratic processes, such as elections, increasingly rely on digital infrastructures and 5G networks, highlighting the need to address any vulnerabilities and making the Commission’s recommendations all the more pertinent ahead of the European Parliament elections in May.

Following the support from Heads of State or Government expressed at the European Council on 22 March for a concerted approach to the security of 5G networks, the European Commission is today recommending a set of concrete actions to assess cybersecurity risks of 5G networks and to strengthen preventive measures. The recommendations are a combination of legislative and policy instruments meant to protect our economies, societies and democratic systems. With worldwide 5G revenues estimated at €225 billion in 2025, 5G is a key asset for Europe to compete in the global market and its cybersecurity is crucial for ensuring the strategic autonomy of the Union.

Vice-President Andrus Ansip, in charge of the Digital Single Market, said:”5G technology will transform our economy and society and open massive opportunities for people and businesses. But we cannot accept this happening without full security built in. It is therefore essential that 5G infrastructures in the EU are resilient and fully secure from technical or legal backdoors.

Commissioner Julian King, in charge of the Security Union, stated: “The resilience of our digital infrastructure is critical to government, business, the security of our personal data and the functioning of our democratic institutions. We need to develop a European approach to protecting the integrity of 5G, which is going to be the digital plumbing of our interconnected lives.”

Commissioner Mariya Gabriel, in charge of the Digital Economy and Society, added:“Protecting 5G networks aims at protecting the infrastructure that will support vital societal and economic functions – such as energy, transport, banking, and health, as well as the much more automated factories of the future. It also means protecting our democratic processes, such as elections, against interference and the spread of disinformation.”

Any vulnerability in 5G networks or a cyber-attack targeting the future networks in one Member State would affect the Union as a whole. This is why concerted measures taken both at national and European levels must ensure a high level of cybersecurity.

Today’s Recommendation sets out a series of operational measures:

1. At national level

Each Member State should complete a national risk assessment of 5G network infrastructures by the end of June 2019. On this basis, Member States should update existing security requirements for network providers and include conditions for ensuring the security of public networks, especially when granting rights of use for radio frequencies in 5G bands. These measures should include reinforced obligations on suppliers and operators to ensure the security of the networks. The national risk assessments and measures should consider various risk factors, such as technical risks and risks linked to the behaviour of suppliers or operators, including those from third countries. National risk assessments will be a central element towards building a coordinated EU risk assessment.

EU Member States have the right to exclude companies from their markets for national security reasons, if they do not comply with the country’s standards and legal framework.

2. At EU level

Member States should exchange information with each other and with the support of the Commission and the European Agency for Cybersecurity (ENISA), will complete a coordinated risk assessment by 1 October 2019. On that basis, Member States will agree on a set of mitigating measures that can be used at national level. These can include certification requirements, tests, controls, as well as the identification of products or suppliers that are considered potentially non-secure. This work will be done by the Cooperation Group of competent authorities, as set out under the Directive on Security of Network and Information Systems, with the help of the Commission and ENISA. This coordinated work should support Member States’ actions at national level and provide guidance to the Commission for possible further steps at EU level. In addition, Member States should develop specific security requirements that could apply in the context of public procurement related to 5G networks, including mandatory requirements to implement cybersecurity certification schemes.

Today’s Recommendation will make use of the wide-range of instruments already in place or agreed to reinforce cooperation against cyber-attacks and enable the EU to act collectively in protecting its economy and society, including the first EU-wide legislation on cybersecurity (Directive on Security of Network and Information Systems), the Cybersecurity Act recently approved by the European Parliament, and the new telecoms rules. The Recommendation will help Member States to implement these new instruments in a coherent manner when it comes to 5G security.

In the field of cybersecurity, the future European cybersecurity certification framework for digital products, processes and services foreseen in the Cybersecurity Act should provide an essential supporting tool to promote consistent levels of security. When implementing it, Member States should also immediately and actively engage with all other involved stakeholders in the development of dedicated EU-wide certification schemes related to 5G. Once they become available, Member States should make certification in this area mandatory through national technical regulations.

In the field of telecoms, Member States have to ensure that the integrity and security of public communications networks are maintained, with obligations to ensure that operators take technical and organisational measures to appropriately manage the risks posed to security of networks and services.

 

Next steps

  • Member States should complete their national risk assessments by 30 June 2019 and update necessary security measures. The national risk assessment should be transmitted to the Commission and European Agency for Cybersecurity by 15 July 2019.
  • In parallel, Member States and the Commission will start coordination work within the NIS Cooperation Group. ENISA will complete a 5G threat landscape that will support Member States in the delivery by 1 October 2019 of the EU-wide risk assessment.
  • By 31 December 2019, the NIS Cooperation Group should agree on mitigating measures to address the cybersecurity risks identified at national and EU levels.
  • Once the Cybersecurity Act, recently approved by the European Parliament, enters into force in the coming weeks, the Commission and ENISA will set up the EU-wide certification framework. Member States are encouraged to cooperate with the Commission and ENISA to prioritise a certification scheme covering 5G networks and equipment.
  • By 1 October 2020, Member States – in cooperation with the Commission – should assess the effects of the Recommendation in order to determine whether there is a need for further action. This assessment should take into account the outcome of the coordinated European risk assessment and of the effectiveness of the toolbox.

 

Background

In its conclusions of 22 March, the European Council expressed its support for the European Commission recommending a concerted approach to the security of 5G networks. The European Parliament’s Resolution on security threats connected with the rising Chinese technological presence in the Union, voted on 12 March, also calls on the Commission and Member States to take action at Union level.

In addition, the cybersecurity of 5G networks is key for ensuring the strategic autonomy of the Union, as underlined in the Joint Communication “EU-China, a Strategic Outlook”. That is why it is essential and urgent to review and strengthen existing security rules in this area to ensure that they reflect the strategic importance of 5G networks, as well as the evolution of the threats, including the growing number and sophistication of cyber-attacks. 5G is a key asset for Europe to compete in the global market. Worldwide 5G revenues should reach the equivalent of €225 billion in 2025. Another source indicates that the benefits of the introduction of 5G across four key industrial sectors, namely automotive, health, transport and energy, may reach €114 billion per year.

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

the sting Milestone

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

EU Youth Conference in Amsterdam: enabling young people to engage in a diverse, connected and inclusive Europe

China is a renewable energy champion. But it’s time for a new approach

The four top Americans who flew to Europe perplexed things about Trump’s intentions

Wednesday’s Daily Brief: Guterres in Kenya, Prisoners sick in Iran, #GlobalGoals, Myanmar, Ukraine updates, and new space partnership

Iraqis paying an ‘unthinkable price’ to be heard, UN envoy tells politicians in Baghdad

From Russia with love: Brussels and Moscow close to an agreement on Ukraine’s gas supplies

Migration: Better travel safe than sorry

Myanmar military target civilians in deadly helicopter attack, UN rights office issues war crimes warning

European Youth Forum welcomes the European Commission’s proposed revision of the Union Code on Visas, however it does not go far enough

Innovation can transform the way we solve the world’s water challenges

Effective multilateralism the antidote to today’s ‘divisions’, Holy See tells UN Assembly

How building renovations can speed up the electric vehicle revolution

Online shopping across the EU to be easier from 3 December

Key economic forum in Russia: New technology a ‘vector of hope’ but also ‘a source of fear’ says Guterres

Canada has the most comprehensive and elaborate migration system, but some challenges remain

Nuclear non-proliferation treaty an ‘essential pillar’ of international peace, says UN chief

Food safety: more transparency, better risk prevention

Number of members in Parliament’s committees to change after Brexit

Worldwide UN family celebrates enduring universal values of human rights

UN chief hopeful for Libya, after Quartet meeting in Tunis

‘Dangerous nationalism’ seriously threatens efforts to tackle statelessness: UNHCR chief

Why do medical students need to go abroad to become a doctor in 2017?

State aid: France to recover €8.5 million of illegal aid to Ryanair at Montpellier airport

A Sting Exclusive: “Europe needs decisive progress for stronger cybersecurity”, EU Commissioner Gabriel highlights from Brussels

Facility for Refugees in Turkey: €127 million to boost EU’s largest ever humanitarian programme

Employment: Commission proposes €1.6 million from Globalisation Adjustment Fund to help 400 workers made redundant in Carrefour Belgique

Tiny Iceland teaches the West how to treat bankers

Yanis Varoufakis: “Unsustainable debt turns the creditor into Leviathan; Life under it is becoming nasty, brutish and short”

Following the World Cup? Then you’re watching high-performing migrants at work

EU cross-border payments outside Eurozone: MEPs scrap excessive fees

UN urges protection of indigenous peoples’ rights during migration

This incredibly detailed map of Africa could help aid and development

The movement of anti-vaccers: taking humanity back 200 years

The city of Quito just made commuting quicker and safer

Mind control using sound waves? We ask a scientist how it works

Tech companies are changing, for the better

MARKUP initiative to boost market access to Europe for East African SMEs

Tourism offers much to the EU gets a little

Why India can show us how to achieve growth with purpose

Gender equality in STEM is possible. These countries prove it

3 ways to use digital identity systems in global supply chains

Chinese economy to raise speed and help the world grow

How India is harnessing technology to lead the Fourth Industrial Revolution

After swallowing effortlessly the right to be forgotten time for Google Ads now to behave

EU Youth Conference in Riga concludes with recommendations for ministers

Ozone on track to heal completely in our lifetime, UN environment agency declares on World Day.

With half of Somaliland children not in school, UNICEF and partners launch education access programme

Security Council calls for dialogue in Haiti

Spain will soon overtake Japan in life expectancy rankings. Here’s why

Thursday’s Daily Brief: Press Freedom Day, Tuna Day, cultural dialogue, #GlobalGoals awards, updates on Syria, Somalia, Mali

The Irish Presidency bullies the Parliament over EU budget

Multilateralism must weather ‘challenges of today and tomorrow’ Guterres tells Paris Peace Forum

Friday’s Daily Brief: human rights in Sudan, sombre anniversaries for Rwanda and Nigeria, and fears of ‘chaos’ in Libya

European Youth Forum demands immediate action & binding agreement on climate change

Economic sentiment and business climate stagnate in miserable euro area

Climate change recognized as ‘threat multiplier’, UN Security Council debates its impact on peace

Easier Schengen Visas for non-EU holiday makers: A crucial issue for south Eurozone countries

Here’s how to rebut the climate doom-mongers

Backed by UN, Asia-Pacific countries to advance space technology for ‘development transformation’

Rural women a ‘powerful force’ for global climate action: UN Secretary-General

More Stings?

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s