The rollout of 5G systems in the EU has become a cybersecurity issue with member states choosing different ways. Why does cybersecurity matter to EU and how can it be regulated?
These were the main questions at a webinar on Monday (29 March) organised by The Brussels Times with the support of Huawei, and with participation of experts from international organisations in both the public and private sector.
The fifth generation of mobile and wireless telecommunication systems (‘5G’) offers ultra-highspeed connection supporting not only individual users but also a high number of connected devices and marks a revolutionary advance on the former standards of previous systems.
The importance of the cybersecurity in connection with 5G has prompted the European Court of Auditors (ECA) to launch an audit to assess whether the EU and its member states are implementing secure 5G networks in a timely and concerted manner. ECA will examine the European Commission’s support for the member states and their consideration of security concerns.
Despite the existence of a so-called Commission toolbox on 5G cybersecurity, member states appear to be going in different directions. At the webinar, this was illustrated by the current situation in Sweden and Germany.
In Sweden, the government regulator, the Post and Telecom Authority, excluded last year Chinese telecommunication companies ZTE and Huawei - the latter one of the main vendors holding patents in the 5G industry - from participating in an auction to rollout 5G in the country.
Huawei’s Swedish competitor, Ericsson, protested to no avail. According to Swedish daily Dagens Nyheter, its CEO sent messages to the Swedish trade minister and questioned the decision to ban the Chinese companies. He even hinted that Ericsson might have to leave Sweden. The multinational Swedish company, active also in China where is has 10 % of the 5G market, fears that limitations of free competition will backfire against it.
For the time being, the implementation has been halted and the case is tested in a Swedish court but Björn Hultin, Managing Director of Intercity Consulting, thought that it could be difficult to revert the decision. He explained that the public administration in Sweden works independently of the government and ministers are forbidden to interfere in their decisions.
In Germany, the political structure differs and the government will have the last word in any decision after taking into account the opinion of the regulator. This is the main difference between the two countries, and one of the primary factors, according to Matthias Bauer, Senior Economist at The European Centre for International Political Economy (ECIPE), that has led the two countries to diverge in their approach.
Bauer added that "considering the country's impressive socioeconomic track record as a small open economy”, he was "surprised" upon learning about the decision by Sweden’s telecom authority.
Sophie Batas, Director for Cybersecurity at Huawei in Brussels assured that EU has nothing to fear and that Huawei can be trusted. “Our track record is clean. There is no evidence whatsoever that cybersecurity has been compromised in our systems. We have R&D centres around in Europe for everyone to visit. Huawei’s commitment to cybersecurity is clear and we would never risk damaging that.”
So are the concerns about backdoor or unauthorised access to data in the future 5G system justified? “My biggest concern is not the origin or location of the company,” replied Iva Tasheva, Co-Founder and Cybersecurity Management Lead of CyEn. “Threats to IT-systems are evolving and hacking can happen from everywhere.“
She added that 100 % security is hardly possible but that the setting and assessment of standards in collaboration between regulators and industry can mitigate the risks. “If we would have looked for 100% security when the internet was developed, it would have perhaps not been implemented.” According to Tasheva, EU has been too passive. “It’s up to EU to give the answers and set the standards.”
The Brussels Times