The Commission released two recommendations in an effort to create a common European approach to the security of 5G networks.The first step is for all Member States to submit a national risk assessment.
So far, 24 Member States have submitted a national risk assessment. The assessments carried out by each state include a large range of responsible actors from cybersecurity and telecommunication authorities to security and intelligence services. The assessments provide an overview of: the main threats and actors affecting 5G networks; the degree of sensitivity of 5G network components as well as other assets; various types of vulnerabilities including technical ones and other types that can potentially arise from the 5G supply chain.
Using the information received, the Commission, Member States and the EU Agency for Cybersecurity (ENISA) will prepare a coordinated EU wide risk assessment to be completed by 1 October. In parallel, ENISA is analysing the 5G threat landscape to provide additional input. By 31 December, the National Information Security (NIS) Cooperation Group together with the Commission will develop and agree on a toolbox of mitigating measures that will be used to address the risks identified in the risk assessments at the Member State and EU level. The Commission and ENISA will also set up an EU wide certification framework following the Cybersecurity Act that came into effect at the end of June. In October 2020, the Member states should cooperate with the Commission to assess the effects of the measures taken and determine whether there is a need for further action.
Fifth Generation (5G) networks will form essential digital infrastructure in the future, connecting billions of objects and systems. This includes critical sectors such as energy, transport, banking, and health as well as industrial control systems carrying sensitive information and supporting safety systems.
For more information – Press Release