View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 9, 2019updated 10 Oct 2019 8:46am

Europe Rings 5G Security Alarm, Hints at Homegrown Industry

"The risk profile of individual suppliers will become particularly important"

By CBR Staff Writer

Europe has warned that 5G networks will be “a major security challenge” and that the EU’s current policy and security framework needs reassessing in the face of a “new security paradigm”, as 5G networks look set to emerge as the backbone of many critical IT applications.

The comments came in a sweeping new report on 5G security, published today by Europe’s member states, the European Commission (EC) and the European Agency for Cybersecurity (ENISA).

The report (“EU coordinated risk assessment of the cybersecurity of 5G networks“), notes that “hostile third countries may exercise pressure on 5G suppliers in order to facilitate cyberattacks serving their national interests”, among other security concerns.

Europe 5G Security Report: Attack Surface Growing

Emphasising supply chain risk, without naming any specific providers (both Huawei and Cisco regularly suffer from serious security issues) the report suggests trying to build a home-grown 5G infrastructure industry: “Consideration should also be given to the development of the European industrial capacity in terms of software development, equipment manufacturing, laboratory testing, conformity evaluation, etc.”

Other key points: That 5G will increase the overall attack surface and –

  • “Enhanced functionality at the edge of the network and a less centralised architecture than in previous generations of mobile networks means that some functions of the core networks may be integrated in other parts of the networks making the corresponding equipment more sensitive (e.g. base stations or MANO functions);

See also: EU Cybersecurity Act Agreed – “Traffic Light” Labelling Creeps Closer

  • “The increased part of software in 5G equipment leads to increased risks linked to software development and update processes, creates new risks of configuration errors, and gives a more important role in the security analysis to the choices made by each mobile network operator in the deployment phase of the network.”

In itself, the report carries little immediate weight, but does suggest key threat concerns, and strategic pointers for their amelioration.

The European Agency for Cybersecurity is finalising a specific threat landscape mapping of 5G networks, which “considers in more detail certain technical aspects covered in the report”, the EC said today. 

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Europe’s Cooperation Group (a collection of member state, EC, and ENISA members dedicated to ensuring a “high common level of security of network and information systems in the European Union”) meanwhile has been tasked with agreeing on a “toolbox of mitigating measures to address the identified cybersecurity risks at national and Union level”.

This is due to be published by December 31, 2019. By 1 October 2020, meanwhile, EU member states should “assess the effects of the Recommendation in order to determine whether there is a need for further action”, the EC said. 

See also: 10 Key Takeaways from the UK’s Damning Report on Huawei’s Risk to UK Infrastructure

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.