The EU Member States fear that the future dependence on the economy and society on the 5G mobile communications standard could "significantly worsen" the consequences of network disruptions. The greatest danger comes from state or state-supported actors. Because they "can have the motivation, intent and above all the ability to carry on durable and sophisticated attacks on the security of 5G". This is stated in a report published by the European Commission on Wednesday.
The report summarizes the assessments of the Member States and the Commission wanted to conduct an EU-wide risk assessment. The Federal Government's assessment had already published Netzpolitik.org in August. The European Agency for Information Security (Enisa) is to supplement the estimates with a more detailed paper in the technical details. By the end of this year, recommendations for the construction of secure 5G grids in Europe will emerge.
On the whole, EU states fear that government or government-backed hackers "could cause large-scale disruptions or disruptions to telecommunications services by exploiting undocumented features or attacking critical infrastructures such as power."
Warning also against organized crime and "cyber-terrorists"
The report also states: "Several Member States have found that certain non-EU countries pose a particular cyber threat to their national interests, based on past methods of attack or the existence of a third-party offensive cyber program against them. "
The report also suggests that contractors or insiders - such as network operators or their suppliers - could be considered as potential threats. Finally, they could be exploited by a government "to gain access to critical components".
Other dangerous actors include organized crime groups, companies that expect theft of intellectual property to be a competitive advantage, and "cyber-terrorists."
Network operators should not rely on a single supplier
Many of the threat scenarios would also apply to existing mobile networks, the report says. But because 5G is "software-based to a large extent, serious vulnerabilities could make it easier for attackers to insert backdoors into products."
Who is meant by state or state-supported actors is not explained in the report. The fears of some governments, China can force the network equipment Huawei and ZTE to espionage and sabotage, can be read only indirectly, but in several places. For example, suppliers and equipment suppliers may be controlled by non-EU countries,
- if there are strong links between the government and the company anyway,
- if the laws of the country allow,
- if certain ownership structures exist in a company
- or if the government can put pressure on the company.
According to some experts, all this applies to Huawei. However, there is no evidence of state-run espionage by Huawei. Nevertheless, the EU states warn against relying on individual suppliers in the construction of 5G networks.