EU Warns Of State-Sponsored Attacks On 5G Networks

The European Union has issued a blunt warning about the future security of 5G networks, and urged operators not to rely too much on a single supplier.

It carefully did not mention Huawei, ZTE or China by name, but the EU report did warn about operator reliance on a “supplier being subject to interference from a non-EU country.”

The warning comes at time when China and the United States are conducting high level trade talks, and reports of a potential softening of the US stance on supplying technology to Huawei.

BT

State threat

The European Union member states, with the support of the Commission and the European Agency for Cybersecurity, published a report on cybersecurity for 5G networks.

The report warned that the roll-out of 5G networks could increase exposure to attacks and more potential entry points for attackers.

It said that due to new characteristics of the 5G network architecture and new functionalities, certain pieces of network equipment or functions are becoming more sensitive, such as base stations or key technical management functions of the networks.

And then it addressed the issue of supplier safety.

There is “an increased exposure to risks related to the reliance of mobile network operators on suppliers,” the report warned.

It added that non-EU States or State-backed actors are considered as the most serious threats and are the most likely to target 5G networks.

“In this context of increased exposure to attacks facilitated by suppliers, the risk profile of individual suppliers will become particularly important, including the likelihood of the supplier being subject to interference from a non-EU country,” the report stated.

And it urged operators not to rely too much on a single supplier, as there were “increased risks from major dependencies on suppliers.”

The report also highlighted threats to availability and integrity of networks as 5G networks become the backbone of many critical IT applications.

The report said that the end of the year, there should be an agreed “toolbox of mitigating measures to address the identified cybersecurity risks at national and Union level.”

And by October 2020, member states should assess the effects of the recommendation in order to determine whether there is a need for further action

Chinese threat?

One security expert noted that technology and communications has now become the major factor in the world economy, and that Chinese suppliers should be avoid.

“One hundred years ago, oil occupied the ‘commanding heights’ heights of the world economy,” said Richard Bejtlich, author and principal security strategist at Corelight. “Today, telecommunications holds that post.”

“These technologies and services must be provided by parties that are trustworthy and capable of developing and maintaining secure code and configurations,” said Bejtlich. “China’s national champions have shown they are neither trustworthy nor competent, and should be avoided by those who recognize the centrality of telecommunications to modern life.”

Another expert acknowledged that China is one of the most active adversaries online.

“Nation States are always actively seeking methods to compromise enterprises and other governments around the world,” said Zeki Turedi, head technology strategist at CrowdStrike.

“Our recent OverWatch report showed that China remains one of the most active adversaries across industries including chemical, gaming, healthcare, hospitality, manufacturing, technology and telecoms,” said Turedi.

“But we also know that where Nation States go, eCriminals are not far behind, capitalising on the tools and skills employed by Governments,” said Turedi. “This year already we have seen eCrime campaigns jump from 25 to 65 percent of all those we saw in 2018 to 2019 respectively, while state-sponsored activity shifted from 75 to 39 percent.”

Huawei for its part has always denied that use of its network equipment poses a national security risk.

Last month founder and CEO of Huawei Technologies, Ren Zhengfei, said he is willing to licence the firm’s 5G technology to an American firm to allay US national security concerns.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago