Europe Aims to Accelerate and Secure its 5G Future
 

European policymakers are moving to accelerate the rollout of Europe’s 5G wireless network as a catalyst for innovation in business communications and applications — and 5G security is at the top of their policy agendas.

European Businesses Cite Lagging 5G Rollout and 5G Security Measures

The European Round Table for Industry recently called for urgent action by policymakers, complaining that, “Under current market conditions, the U.S., Japan, South Korea and China will have the fastest migration to 5G, going from early adoption to lead technology in the period to 2025…Europe will lag behind with around 30% of adoption at that time.”

5G is key to competing in a global market, the group said, enabling new enterprise-oriented use cases like smart manufacturing and connected healthcare. Europe’s delay is due to a variety of causes, including conflicting national policies for essentials like spectrum licenses and construction permits.

At the same time, 5G can create new cyber and network security vulnerabilities or magnify existing weaknesses, the group said, and fragmented cybersecurity regulation also challenges Europe’s 5G rollout and operational resilience.[1] The World Economic Forum has issued a similar call for action on 5G cybersecurity: “While it is important not to overburden companies with regulation, it should be recognized that the market has failed to deliver technological systems free from vulnerability, and therefore policy solutions will need to be found that can deliver integrity and promote innovation.”[2]

EU and National Leaders Advance 5G Policy Solutions

5G and concerns over 5G security have been the focus of policymakers worldwide. The technology promises great economic potential with ubiquitous connectivity and futuristic applications enabled by its high speed, lower latency and connections to billions more devices on the Internet of Things (IoT). At the same time, 5G poses new cyber and network security challenges. For one thing, it presents a vastly expanded attack surface due to all those IoT devices. And the stakes are expected to rise as more and more real-time, mission-critical communications and applications run over the network.

In Europe, late 2020 brought a flurry of policy pronouncements focused on 5G and cybersecurity in Europe, with concrete steps expected to follow in 2021. Among them:

• Investment: The European Commission urged more 5G investment in member states.[3]
• Security: A new EU Cybersecurity Strategy was released, including proposed directives setting a high, common level of cybersecurity across the EU and another mandating that “entities providing essential services must be resilient, i.e., able to resist, absorb, accommodate to and recover from incidents that can lead to serious, potentially cross-sectoral and cross-border disruptions.” The directive would expand measures that previously covered only the energy and transport sectors, such as regular risk assessments, to include operators of 5G networks and other digital infrastructure.[4]
• 5G threat landscape: The European Union Agency for Cybersecurity (ENISA) updated its 5G Threat Landscape Report with new vulnerabilities and security controls.[5]
• K. fines: The U.K. government has gone a step further, with a proposed law requiring telecom companies to follow tougher rules for 5G security or face fines of up to 10% of revenue.[6]
• German penalties: A proposed German law would require 5G network equipment vendors to declare their equipment safe, making them financially liable for cyber and network security breaches. They could also be banned from operating in Germany if failing to meet requirements.
• Supply chain: The focus on Chinese equipment suppliers, considered to be “high risk” by some countries’ political leaders, is reflected to different degrees in European national policies.
• EU-U.S. cooperation: A new trans-Atlantic agenda proposed by the European Commission for future relations with the U.S. includes joint efforts on 5G technology, trade and standards.[7]

Businesses Set Public-Private Agenda

While urging European policymakers to take action, the European Round Table for Industry has also encouraged businesses to cooperate in national, regional and international policymaking and standard-setting and to follow a set of principles in their own approach to cybersecurity amid emerging technologies. Those principles include:

• Assume ownership of cyber and network security across the organization, from the board level to the front lines of business.
• Simplify and reduce the security responsibilities that customers must assume.
• Adopt security by design, security by default and security monitoring.
• Ensure continuous protection via updates, upgrades and patches.
• Claim responsibility throughout the digital supply chain, including IoT, through transparent, collaborative cyber risk management.

The Bottom Line

Europeans are hoping to accelerate their rollout of 5G technology and steel this increasingly critical infrastructure against cyber and network security threats. Europe’s businesses see 5G security as essential to innovation and competition in global markets. A flurry of new policy proposals in late 2020 could determine how far, how fast and how secure Europe’s 5G transformation will take hold in the coming years.

[1] Position papers on 5G rollout, regulation and cybersecurity, European Round Table for Industry

[2] “Cybersecurity, Emerging Technology and Systemic Risk,” World Economic Forum

[3] “Commission Calls on Member States to Boost Fast Network Connectivity,” European Commission

[4] “New EU Cybersecurity Strategy and New Rules to Make Physical and Digital Critical Entities More Resilient,” European Commission

[5] “Updated ENISA 5G Threat Landscape Report to Enhance 5G Security,” European Union Agency for Cybersecurity

[6] “New Telecoms Security Law to Protect U.K. from Cyber Threats,” U.K. Government

[7] “A New E.U.-U.S. Agenda for Global Change,” European Commission