EU auditors scrutinise 5G security in Europe

The European Court of Auditors (ECA) has launched an audit to assess whether the EU and its Member States are implementing secure 5G networks in a timely and concerted manner. The audit follows on from the ECA’s recent review of the EU’s response to China’s state-driven investment strategy, which flagged 5G security as an issue of concern. The auditors will examine the EU’s 5G set-up, the European Commission’s support for the Member States, and the latter’s 5G roll-out and consideration of security concerns. They will focus on network security, encompassing cybersecurity and hardware.

“The way 5G is deployed across the EU will affect many aspects of citizens’ life, through developments such as e-health, smart cars and smart electricity networks. 5G will also impact Europe’s digitalisation efforts and, due to its cross-border nature, the functioning of the single market,” said Annemie Turtelboom, the ECA Member leading the audit. “It is therefore essential that this new key technology is implemented in a fast, secure and concerted way.”

The fifth generation of mobile and wireless telecommunication systems (‘5G’) offers ultra-highspeed connection supporting not only individual users but also a high number of connected devices, known as the ‘internet of things’. In this way, it marks a revolutionary advance on the former standards, 3G and 4G. A European Commission study estimates that benefits of €113 billion a year will arise from the introduction of 5G capabilities across four key strategic industries – automotive, health, transport and energy. It also indicates that 5G investments are likely to create 2.3 million jobs in the Member States.

However, another reason why 5G demands a concerted EU approach is that its infrastructure and potential threats to its security are of a cross-border nature. Any significant vulnerabilities and cybersecurity incidents concerning networks in one Member State would affect the EU as a whole. In recent years, the EU has allocated considerable funding to 5G projects in Member States, including loans by the European Investment Bank. The EU’s action plan envisaged the launch of 5G services in all Member States by the end of 2020; by October this year, 5G had been deployed in 17 EU countries plus the United Kingdom. Delays in achieving appropriate 5G coverage, as well as security issues, may have huge implications for the EU’s competitiveness and strategic independence.

Background information
The division of responsibilities relating to 5G networks and their security is complex. The Commission supports and coordinates Member States’ action on technical and security aspects; national authorities are responsible for developing and implementing their 5G plans as well as ensuring security. Furthermore, telecom operators are responsible for the roll-out of secure 5G networks using vendor equipment. A recent study shows that several vendors have applied for patents in the 5G industry: the main ones are China’s Huawei (16%) and ZTE (10%), South Korea’s Samsung (14%) and LG (12%), and Europe’s Nokia (11%) and Ericsson (7%).

The auditors will cover action taken since 2016 and examine data gathered in a sample of four Member States: Finland, Germany, Poland and Spain. The final report is expected in a year’s time. It will not cover 5G’s potential impact on human and animal health or the environment. For more details, see the full audit preview “Implementing secure 5G networks in the EU and its Member States”, which is available in English at Audit previews are based on preparatory work before the start of an audit and should not be regarded as audit observations, conclusions or recommendations.

In September, the ECA published a review which highlighted the lack of a concerted approach to 5G security among Member States and the use of Chinese 5G equipment in critical EU infrastructure as issues of concern. On 7 January, the auditors will host a webinar “Towards 5G: Securing Europe’s Digital Future?”

Source: ECA