We are in the midst of a global pandemic that has already cost more than half a million lives. Because of it, we are now entering a massive economic downturn that requires an equally massive recovery plan.
To top it off, within the EU we are working on this plan without an agreement on our next multiannual budget. Against this backdrop, the German EU Council Presidency recently presented its priorities to the European Parliament, with digitalisation featuring prominently.
While it might surprise some people, this is absolutely a sensible choice. Because as much as solidarity needs to be at the heart of our response to COVID- 19, we need to ensure that we come out of this crisis strengthened. What this means can be best explained in the words of the incoming presidency itself: “focusing firmly on the future”.
Our future must be sustainable, but it must also be digital. That is where artificial intelligence, the Digital Services Act, the Comprehensive Data Strategy and 5G technology come in. 5G is a bit of a misnomer, because it’s more than just an evolution from 4G standards.
“By interconnecting vast amounts of services, 5G provides a single attack surface with a far greater potential for damage than ever before in the digital sphere”
This new technology standard for cellular networks offers significantly higher transfer speeds, shorter response times and ultrareliable connections which opens the door to technologies such as autonomous driving, precision agriculture and remotely operated personalised medicine.
Estimates place worldwide 5G revenues at €225bn as early as 2025, and the number of 5G users at 1.5 billion. The EU has so far been a leading investor and early adopter, with an investment of more than €1bn. Around 200 5G trials across EU Member States and 138 5G-enabled cities have been set up so far.
And as the ongoing COVID-19 crisis demonstrates, we increasingly depend on communications networks. In short, 5G offers enormous societal and economic benefits. So why aren’t the following paragraphs pleading to go full steam ahead? Because 5G does not come without serious security risks. 5G technology will speed up the integration process of digital services such as the Internet of Things.
By interconnecting vast amounts of services, 5G provides a single attack surface with a far greater potential for damage than ever before in the digital sphere. Attacks on 5G infrastructure may result in damage in the physical space ranging from identity fraud to network and service outages.
The EU agency for cybersecurity explicitly points to 5G infrastructure as a ‘vital component to protect’ if countries want to ‘maintain dominance, independence and sovereignty’. While that may seem like an exaggeration more suited to a science fiction novel, it is very much rooted in the current reality of geopolitics. As regrettable as it is, cyberwarfare is here to stay.
The complexity of the technology also leads to a limited number of companies being able to provide the necessary infrastructure, which in turn creates a playing field tilted towards dependency on individual suppliers. It may be an element that the public debate surrounding Huawei as a potential supplier misses: no dependency on one supplier is without serious security risks.
Our rules-based approach to the internal market should therefore be aimed at promoting a diverse, competitive and sustainable market for 5G technology and equipment. That said, the European Commission’s ‘toolbox’ on 5G security rightfully points to “high-risk vendors” as suppliers that could be “subject to interference from a non-EU country”.
It is not a description given in a vacuum. The Commission communication on tackling COVID-19 disinformation pointedly stated: “Foreign actors and certain third countries, in particular Russia and China, have engaged in targeted influence operations and disinformation campaigns around COVID-19 in the EU.”
Adding to this, Commission President Ursula von der Leyen has said cyberattacks “cannot be tolerated”. We must not be naive about companies that operate in countries where such practices are accompanied by a national intelligence law, adopted in 2017, that requires them to cooperate with Chinese intelligence.
“While 5G security clearly is an issue of strategic importance for the EU’s digital sovereignty, it remains a risky business, regardless of the supplier’s country of origin”
A Consult surveyed the current cellular infrastructure and pointed out that the 4G radio access network (RAN) network in several European countries is run entirely on Chinese equipment. So, it is understandable that, because of the greater potential for harm, many would rather not see the same dependency with 5G infrastructure.
Yet it would be a mistake to reduce the 5G debate to a pro or against China discussion. Technology will always profoundly impact our lives and those who manage to channel it will reap the benefits alongside the inevitable disruption to tradition.
With 5G in particular, the polarising challenge of managing the risks and rewards is one that we must meet head-on. Europe’s strategic digital autonomy should not devolve into a defensive anti-this or that country narrative. Instead, we should grasp both the potential of 5G and the need for continuous risk assessment.
The Cybersecurity Act’s introduction of a certification scheme for ICT and the Commission’s toolbox for 5G are a good start. It should, however, concern everybody that many aspects of this continuous risk assessment are fragmented, which is reflected in the fragmented debate on the issue.
While 5G security clearly is an issue of strategic importance for the EU’s digital sovereignty, it remains a risky business, regardless of the supplier’s country of origin.