EU warns over overseas 5G supplier risks
Written by Peter Walker
The European Union has published a joint risk-assessment warning that 5G networks could be at risk from suppliers with links to national governments.
The report, prepared by an EU security group, stopped short of naming the likes of Huawei and ZTE, but highlighted the increased security problems posed by well-resourced state-backed organisations and called for a new approach to securing telecoms infrastructure across Europe.
It stated that companies from outside the EU bidding for 5G network contracts could be "subject to interference" when they have strong state ties or work in a system that lacks "democratic checks and balances".
The report suggested that EU member states should build long-term relationships with 5G technology suppliers and aim for diversity in equipment and solutions – warning of risks around end-to-end 5G networks being given to a single vendor.
A paper will be published by the end of the year that will explore in detail the specific steps required to deal with the security risks, potentially also naming particular products the EU authorities regards as insecure.
Huawei welcomed the EU's latest report, stating that it is always ready to work jointly with European partners on the issue of 5G network security. The company has previously failed to satisfy the US government, with the Commerce Department putting Huawei on a list of firms that need special permission to buy US technology and components.
In the UK, the government has swung from a potential ban on Huawei network components - over state 'back door' concerns - to the Science and Technology Select Committee stating there were no technological grounds for such a ban, although "ethical concerns must be taken into account".
Earlier this week, authorities in the Czech Republic barred Huawei and ZTE from two public tenders for communications systems on security grounds.
Richard Bejtlich, author and principal security strategist at Corelight, said: “These technologies and services must be provided by parties that are trustworthy and capable of developing and maintaining secure code and configurations.
“China's national champions have shown they are neither trustworthy nor competent, and should be avoided by those who recognize the centrality of telecommunications to modern life.”