The project was launched in March, when the Commission (the administrative branch) responded to the Council’s (the heads of state or government) expectations to see a “recommendation on a concerted approach to the security of 5G networks”. According to the Commission’s statement, the assessment should be conducted on three main areas:
- the main threats and actors affecting 5G networks;
- the degree of sensitivity of 5G network components and functions as well as other assets; and
- various types of vulnerabilities, including both technical ones and other types of vulnerabilities, such as those potentially arising from the 5G supply chain.
All member states were requested to complete the national assessment by the end of June. The Commission does not publish the names of the countries that have missed the deadline.
“The completion of the risk assessments underlines the commitment of Member States not only to set high standards for security but also to make full use of this groundbreaking technology,” Julian King, Commissioner for the Security Union, and Mariya Gabriel, Commissioner for the Digital Economy and Society, said in a joint statement.
“We hope that the outcomes will be taken into account in the process of 5G spectrum auctions and network deployment, which is taking place across the EU now and in the coming months. Several Member States have already taken steps to reinforce applicable security requirements while others are considering introducing new measures in the near future.”
The national assessments will feed into the pan-EU 5G risk assessment, led by the EU Agency for Cybersecurity (ENISA), tasked to be completed by 1 October 2019. By the end of the year, a toolbox to mitigate the risks identified at national and EU levels will be developed by the NIS Cooperation Group, the EU’s cross-agency identity responsible for cybersecurity. By 1 October 2020, member states are requested to undertake an evaluation of the effectiveness of the measures taken and determine whether further actions should be taken.
Meanwhile, ENISA will also take the lead to develop an EU-wide certification framework to cover 5G networks and equipment, which member states are encouraged to adopt.―Telecoms