European Commission weighs in on 5G security

The European Commission (EC) has released a set of operational recommendations that target cybersecurity across 5G networks in Europe. The recommendations are the result of a March 22 European Council meeting (PDF), in which heads of state called for a “concerted approach to the security of 5G networks.”

The recommendations call for each EU member state to complete a national risk assessment of 5G network infrastructures by the end of June 2019, and then update existing security requirements for network providers to include conditions for ensuring the security of public 5G networks. The EC said such measures are meant to protect the economies, societies and democratic systems that’ll be impacted by 5G technologies moving forward.

It asks that member states exchange information with one another and the European Agency for Cybersecurity (ENISA) in order to complete a coordinated risk assessment by October 2019. Member states will then decide upon a set of measures, ranging from certification requirements, tests, controls and the identification of products or suppliers that are considered potentially nonsecure.

Finally, it asks member states to further collaborate with industry stakeholders to develop a dedicated EU-wide certification scheme for 5G, which should then become mandatory for 5G suppliers.

RELATED: AT&T CEO says Huawei makes it difficult for carriers to swap 5G equipment

“The resilience of our digital infrastructure is critical to government, business, the security of our personal data and the functioning of our democratic institutions,” said Commissioner Julian King, who is in charge of the Security Union, in a statement. “We need to develop a European approach to protecting the integrity of 5G, which is going to be the digital plumbing of our interconnected lives.”

The measures are in response to growing concern among leaders globally over the vulnerabilities of 5G networks built using too few suppliers. The U.S. government has launched a lobbying campaign against China-based 5G vendor Huawei over security concerns that has resulted in a handful of countries banning Huawei products from 5G deployments.

In Europe, countries have been less interested in banning Huawei altogether, opting instead to shore up security guidelines around 5G networks. Germany’s telecom regulatory body, the Federal Network Agency (BNetzA), for example, announced earlier this year it would not ban Huawei products from 5G deployments, which prompted a U.S. ambassador to threaten to withhold intel from Germany.