The European Commission has recommended a range of measures to safeguard high levels of cybersecurity across the EU’s 5G networks.
5G, the “fifth generation” of data connectivity networks, is set to be rolled out throughout Member States in the next few years: global revenues from 5G deployment are predicted to hit €225 billion by 2025. As businesses, public bodies and democratic processes rely increasingly on 5G data networks, the security and reliability of these networks has become a pressing priority for governments.
Vice-President Andrus Ansip, in charge of the Digital Single Market, said: “5G technology will transform our economy and society and open massive opportunities for people and businesses. But we cannot accept this happening without full security built in. It is therefore essential that 5G infrastructures in the EU are resilient and fully secure from technical or legal backdoors.”
The recommendation from the Commission comprises an array of legislative and policy instruments to shore up the 5G network security protocols pertaining to the EU’s digital infrastructure. Operational measures laid out in the recommendation fell into two categories:
National 5G network security measures
- Member States should conduct risk assessments into the security of their 5G networks by 30 June 2019;
- Risk assessments must take account of outside risk factors, such as technical concerns and the risk of network security breaches or errors on the part of 5G suppliers and operators; and
- Based on the results of those risk assessments, Member State governments must update their existing cybersecurity requirements and the obligations placed on network suppliers.
EU-wide security measures
- The 5G risk assessments conducted individually by Member States will inform a single EU-wide coordinated risk assessment, to be completed by 1 October 2019;
- Member States will then negotiate a set of 5G network security measures to be deployed on a national level; and
- Member States must develop cybersecurity requirements specifically designed to refer to public procurement of 5G networks.
Commissioner in charge of the EU’s Security Union Julian King said: “The resilience of our digital infrastructure is critical to government, business, the security of our personal data and the functioning of our democratic institutions. We need to develop a European approach to protecting the integrity of 5G, which is going to be the digital plumbing of our interconnected lives.”
Once the national and EU-wide risk assessments have been conducted and submitted, the Network and Information Systems Coordination Group is scheduled to produce a set of risk mitigation measures by 31 December 2019. The Commission’s recommended steps to protect 5G network security are set to run in tandem with the 2018 EU Cybersecurity Act.
Mariya Gabriel, Commissioner in charge of the Digital Economy and Society, said: “Protecting 5G networks aims at protecting the infrastructure that will support vital societal and economic functions – such as energy, transport, banking, and health, as well as the much more automated factories of the future. It also means protecting our democratic processes, such as elections, against interference and the spread of disinformation.”