Following the Commission Recommendation for a common European approach to the security of 5G networks, 24 EU Member States have now completed the first step and submitted national risk assessments.
These assessments will feed into the next phase, a EU-wide risk assessment which will be completed by 1 October.
National risk assessments include an overview of:
· the main threats and actors affecting 5G networks;
· the degree of sensitivity of 5G network components and functions as well as other assets; and
· various types of vulnerabilities, including both technical ones and other types of vulnerabilities, such as those potentially arising from the 5G supply chain.
In addition, the work on national risk assessments involved a range of responsible actors in the Member States, including cybersecurity and telecommunication authorities and security and intelligence services, strengthening their cooperation and coordination.
Based on the information received, Member States, together with the Commission and the EU Agency for Cybersecurity (ENISA), will prepare a coordinated EU-wide risk assessment by 1 October 2019. In parallel, ENISA is analysing the 5G threat landscape as an additional input.
By 31 December 2019, the NIS Cooperation Group that leads the cooperation efforts together with the Commission will develop and agree on a toolbox of mitigating measures to address the risks identified in the risk assessments at Member State and EU level.
Following the recent entry into force of the Cybersecurity Act at the end of June, the Commission and the EU Agency for Cybersecurity will set up an EU-wide certification framework. Member States are encouraged to cooperate with the Commission and the EU Agency for Cybersecurity to prioritise a certification scheme covering 5G networks and equipment.
By 1 October 2020, Member States should assess in cooperation with the Commission, the effects of measures taken to determine whether there is a need for further action. This assessment should take into account the coordinated European risk assessment.
Fifth generation (5G) networks will form essential digital infrastructure in the future, connecting billions of objects and systems, including in critical sectors such as energy, transport, banking, and health, as well as industrial control systems carrying sensitive information and supporting safety systems.
The European Commission recommended on 26 March 2019 a set of concrete actions to assess cybersecurity risks of 5G networks and to strengthen preventive measures, following the support from Heads of State or Government for a concerted approach to the security of 5G networks.
The Commission called on Member States to complete national risk assessments and review national measures as well as to work together at EU level on a coordinated risk assessment and a common toolbox of mitigating measures.
For More Information