Prague Summit Calls For Tighter 5G Security Rules

A Huawei sign at CeBIT 2017

The summit does not single out Huawei, but calls for restrictions that take state influence into account

Attendees at a 5G security summit in Prague this week have published a statement calling for countries to take conditions in a supplier’s home country into account when building next-generation telecoms networks.

The statement called for rules that take into account the “risk of influence on a supplier by a third country”, as well as conditions in the supplier’s home country, including “rule of law, security environment, vendor malfeasance” and compliance with international standards.

“The overall risk of influence on a supplier by a third country should be taken into account, notably in relation to its model of governance, the absence of cooperation agreements on security,” a non-binding statement published by the conference said.

“Security and risk assessments of vendors and network technologies should take into account rule of law, security environment, vendor malfeasance, and compliance with open, interoperable, secure standards and industry best practices.”

Huawei

Huawei ban

The two-day summit, attended by 32 countries, including the UK – but to which Russia and China were not invited – did not single out any single vendor, but was widely seen as targeting major Chinese telecommunications equipmenet vendors such as Huawei and ZTE.

The US, currently locked in a trade conflict with China, has tried with varied success to convince its allies to bar Huawei, in particular, from being used in their networks.

The US has raised fears that equipment from China could be more vulnerable than that from other countries to hacking, while other countries’ security agencies have said such risks can be mitigated.

The US has also indicated it considers the competitive success of Huawei and other Chinese firms in key areas of networking technology to be a national security threat in itself.

Ahead of the Prague event, US officials said they were encouraging allies to apply stringent security critera to all firms contributing to the 5G supply chain, without singling out any particular vendor.

Doing so would have the effect of banning Huawei and other Chinese companies, said Robert Strayer, deputy assistant secretary for cyber, international communications and information policy at the US State Department, at the time.

5G rollout

In Europe, Austria, Belgium, Czech Republic, France, Germany, Greece, Hungary, Ireland, the Netherlands, Lithuania and Portugal are all planning to auction licences for 5G spectrum this year, enabling network operators to begin rolling out services.

EU members, including the UK, are set to complete their own assessments of 5G network security risks by the end of June, followed by an EU-wide assessment by 1 October.

The EU as a whole is set to agree on risk-mitigation measures by the end of this year.

Huawei said it was “encouraged” by the conference’s emphasis on the importance of research and development, open markets and competition, but urged policymakers to avoid measures that would increase bureaucracy and costs.

“As the EU continues its deliberations, we firmly believe that any future security principles should be based on verifiable facts and technical data,” the company stated.