5G mobile networks could bring new cybersecurity vulnerabilities to European infrastructure, according to a joint risk assessment report published by EU member states.
The European Commission and Finland, which currently holds the rotating EU presidency, warned in a joint statement:
“In this context of increased exposure to attacks facilitated by suppliers, the risk profile of individual suppliers will become particularly important, including the likelihood of the supplier being subject to interference from a non-EU country.”
Europe has largely resisted calls from US officials to boycott the Chinese tech firm Huawei as a 5G supplier, and the report stopped short of naming the company as a threat, according to Reuters. But the comission noted:
“Among the various potential actors, non-EU states or state-backed are considered as the most serious ones and the most likely to target 5G networks.”
US officials have said that equipment from Huawei could enable spying by the Chinese government, to which the company is closely tied. The tech giant has denied the accusations.
Reactions among European states have been mixed. The UK has signalled that it could block the company’s involvement with certain critical parts of 5G networks, while Germany is offering Huawei vendors a chance to compete.
While the report’s language on state-backed actors “can be read as diplomatic code for Huawei,” according to TechCrunch,
“We are pleased to note that the EU delivered on its commitment to take an evidence-based approach, thoroughly analyzing risks rather than targeting specific countries or actors.”
The asessment highlights a number of ways that 5G networks could create new risks.
Unlike its predecessor networks, 5G would directly connect billions of sensors and cameras in homes, offices, and cities, opening obvious security risks.
And with 5G based more on software than prior networks, security flaws could arise from software development. This could also make it relatively easy for bad actors to intentionally create backdoors.
The nature of 5G network architecture also means some equipment and functions will be more sensitive to attacks. Finally, mobile network operators will rely more heavily on suppliers (such as Huawei). Depending too heavily on a single supplier increases this risk, according to the assessment.
The report was compiled from risk assessments by EU member states, with help from the Commission and the European Agency for Cybersecurity. By the end of the year, a toolbox of measures to mitigate the risks is expected from the EU’s Network and Information Systems Cooperation Group.