EU Sees 5G Networks as Major Security
October 11, 2019
Today, Member States, with the support of the Commission and the European Agency for Cybersecurity published a report on the EU coordinated risk assessment on cybersecurity in Fifth Generation (5G) networks. This major step is part of the implementation of the European Commission Recommendation adopted in March 2019 to ensure a high level of cybersecurity of 5G networks across the EU.
5G networks is the future backbone of our increasingly digitised economies and societies. Billions of connected objects and systems are concerned, including in critical sectors such as energy, transport, banking, and health, as well as industrial control systems carrying sensitive information and supporting safety systems. Ensuring the security and resilience of 5G networks is therefore essential.
The report is based on the results of the national cybersecurity risk assessments by all EU Member States. It identifies the main threats and threats actors, the most sensitive assets, the main vulnerabilities (including technical ones and other types of vulnerabilities) and a number of strategic risks.
This assessment provides the basis to identify mitigation measures that can be applied at national and European level.
Main insights of the EU coordinated risk assessment
The report identifies a number of important security challenges, which are likely to appear or become more prominent in 5G networks, compared with the situation in existing networks:
These security challenges are mainly linked to:
Specifically, the roll-out of 5G networks is expected to have the following effects:
Together, these challenges create a new security paradigm, making it necessary to reassess the current policy and security framework applicable to the sector and its ecosystem and essential for Member states to take the necessary mitigating measures.
European Agency for Cybersecurity threat landscape: To complement the Member States' report, the European Agency for Cybersecurity is finalising a specific threat landscape mapping related to 5G networks, which considers in more detail certain technical aspects covered in the report.
By 31 December 2019, the Cooperation Group should agree on a toolbox of mitigating measures to address the identified cybersecurity risks at national and Union level.
By 1 October 2020, Member States – in cooperation with the Commission – should assess the effects of the Recommendation in order to determine whether there is a need for further action. This assessment should take into account the outcome of the coordinated European risk assessment and of the effectiveness of the measures.
On 26 March 2019, after receiving the support from the European Council, the Commission adopted a Recommendation on Cybersecurity of 5G networks calling on Member States to complete national risk assessments and review national measures and to work together at EU level on a coordinated risk assessment and a common toolbox of mitigating measures.
At national level, each Member State has completed a national risk assessment of 5G network infrastructures and transmitted the results to the Commission and ENISA, the EU Agency for cybersecurity. The national risk assessments reviewed in particular main threats and threat actors affecting 5G networks, sensitive 5G assets as well as relevant vulnerabilities, including both technical ones and other types of vulnerabilities, such as those potentially arising from the 5G supply chain, in line with the EC Recommendation.