The European Union (EU) recently published a report warning of various risks surrounding 5G adoption, one of which is having countries and wireless network providers depend on single suppliers that could be forced by their own governments to take “hostile” actions against its customers.
The report (PDF), which includes input on the security challenges brought by the arrival of 5G technology by the 28 EU member nations, warned that handing over the entire networking gear and software infrastructure to a single company could leave countries at risk.
EU’s report identified two primary classes of risks that will come from the implementation of 5G technology. One is related to 5G technology enabling new software innovations that will bring benefits, but also new challenges and larger attack surfaces while exposing consumers to more security threats than ever. The second class of risk is related to suppliers of 5G equipment and how much each country would depend on a single supplier for its 5G network.
More specifically, the threats identified by the EU report include:
The report concludes that these challenges create a whole new security paradigm, which requires the EU to reassess the current policy and security framework around wireless networks.
Too Little Too Late?
While what the report’s findings sounds plausible, it does feel like it’s too little too late. Many wireless operators have already entered into contracts worth billions of dollars with certain providers, which are now apparently considered high-risk.
It’s also why we’ve seen some pushback from Internet service providers (ISPs) against banning Huawei from Europe. That’s not necessarily because Huawei’s products are far better than any other competitor, but because ISPs don’t want money and time they have dedicated to the deployment of their 5G networks starting a few years back to go to waste.Furthermore, there’s now limited time for 5G tech suppliers to increase their products’ security.
It’s not clear what, if any, actions the European Commission (the executive body of the EU) and the European Parliament will take as a result of this report. But at the very least we might see the enforcement of a recommendation it proposed earlier to member states. The proposal included nation state members requiring 4G network providers to secure their networks. It also required exchanging network threat information with other EU member states. The member states can also work together to create certifications, which providers would have to abide to if they wanted their contracts with wireless operators approved.
The EU didn’t name Huawei in its report, but it’s quite clear that these calls for better security started after the conflict between the U.S. government and Huawei exploded, with the U.S. accusing Huawei of aiding the Chinese government in espionage. Huawei has denied all such allegations so far, but has also been dragging its feet regarding improving its networks’ security.