The European Union (EU) is allowing its members to decide what role China’s Huawei Technologies can play in their 5G telecommunications networks, amid a push by the United States for an outright ban.
EU Toolbox of Risk-Mitigating Measures
The toolbox identifies a set of risk categories and sample scenarios that should be mitigated. Among them are lack of access controls, low quality of products in the supply chain, dependency on a single supplier or lack of diversity in the supply chain, state interference, exploitation of 5G networks by malicious groups or individuals targeting end-users, disruptions or massive failure of networks due to interdependence between 5G networks and other critical systems such as electricity grid, and exploitation of end-user devices such as smartphones.The measures put forth to mitigate the risks include strengthening the role of national authorities, performing audits on mobile operators, restricting or even excluding high-risk suppliers for key assets, ensuring that each network operator uses a diverse range of suppliers, and controlling the use of third-line support by suppliers.
On a more detailed level, the measures include secure network design, strict access control, reinforcing physical security, software integrity including updates and patches, security standards for suppliers, using EU certification for 5G network components, and non-5G products and services such as devices or cloud services.
The toolbox allows EU countries to either restrict or exclude high-risk 5G vendors such as Huawei from core parts of their telecom networks. Some of its measures can be implemented at a national level, while others may require coordination and joint action at the EU level.
Comments on EU Approach to 5G Security
Britain granted Huawei a limited role in its 5G mobile network on Jan. 28, despite warnings from the United States, which has a firm stance against U.S. companies using telecommunications equipment or services that can pose a national security risk. Examples are Chinese telecom companies, which are required by law to serve the interests of the Chinese Communist Party and its intelligence services.The European Union sees 5G as key to boosting economic growth and competing with the United States and China and, in its recommendations, allows individual countries to assess the risks and decide whether to exclude suppliers from their core infrastructure.
The approach means non-EU providers are welcome in Europe as long as they comply with the rules, Breton said at a news conference after the guidelines were issued.
“We are not picking on anybody; we are not ostracizing firms,” he said.
“Europe holds half of all the patents in the world when it comes to 5G,“ Breton wrote, adding that China holds around 30 percent and the United States holds 14 percent. “This means that Europe can count on its own suppliers of 5G technologies” that “are ready to immediately deploy” the technology.
Huawei, competing with Sweden’s Ericsson and Finland’s Nokia, welcomed the guidelines, describing them as “non-biased and fact-based,” according to EU Reporter.
The EU Commission said it was ready to bolster the bloc’s 5G cybersecurity by using trade defense tools against dumping or foreign subsidies.
“All parts of future 5G networks should be considered critical infrastructure and each country should have measures in place to protect the safety, security, and privacy of citizens who rely on these networks,” Pompeo said.
The United States agrees with the EU’s assessment that high-risk suppliers “from countries that lack democratic checks and balances” should face restrictions, says the statement. The United States has excluded vendors such as Huawei and ZTE, which are controlled by the Chinese Communist Party, from its 5G networks.
“It is misguided to think that the risks associated with“ equipment from such vendors ”can be mitigated,” Pompeo said.
“We call on our European allies and partners to implement the EU recommendations by adopting strong, risk-based security measures that exclude high-risk suppliers from all parts of their 5G networks.”
Lobbying group European Telecommunications Network Operators Association (ETNO), which includes members Deutsche Telekom, Orange, and Telefonica, who all use Huawei equipment, have warned against disproportionate actions that may affect their investments.