A rules-based approach to 5G cybersecurity

With cybersecurity a Member State competence, fragmented policy across the bloc poses a threat to the internal market. The EU needs to stand together on this, writes Kris Peeters.
Photo credit: Adobe Stock

By Kris Peeters

Kris Peeters (BE, EPP) is a member of Parliament’s Internal Market Committee and Security and Defence sub-Committee

05 Dec 2019

@peeters_kris1


With the German government in deep discussions over who should be allowed to roll out its 5G network, it is useful to look at the debate from a European perspective.

The 5G debacle is about more than just tech; it is geopolitical. Earlier this year, while some Member States such as Poland closed the door to the Oriental powerhouse that is Huawei, others, like Germany, have left the door ajar.

There is no doubt that the EU’s cybersecurity strategy is falling under the scrutiny of global actors and a coherent European answer is needed to tackle the problem of fragmented cybersecurity.

The US State Department voiced its concerns and advised Europe to avoid Chinese equipment in 5G rollouts, a message was echoed by NATO Secretary- General Jens Stoltenberg.


RELATED CONTENT


Despite the warnings, the EU has, at best, given a vague answer up to now. Poland and Romania have signed joint 5G declarations with the US, while the British concluded that using this equipment was a manageable risk.

The threat of a legal patchwork in the internal market is looming, given that cybersecurity is a Member States competence.

"We need to remind ourselves that the EU is still the biggest economic market, and that this time our purchasing power should be used to set the rules"

To deal with the fragmented nature of cybersecurity policy, EU Commissioner for Digital Economy, Mariya Gabriel, welcomed the recent adoption of the Cybersecurity Act. This introduces, for the first time, an EU-wide cybersecurity certification framework for ICT products, services, and processes.

However, due to the voluntary nature of the certification scheme, it is doubtful that this piece of legislation will prevent other geopolitical actors from spying – something the European Court of Auditors confirmed in March this year.

The European Commission is well aware of this risk, which was explicit in its 5G risk security assessment. Commissioner for Security Union, Julian King, stressed: “threats posed by states or state-backed are perceived to be of the highest relevance”.

Despite King’s clear message, German government officials published their own security catalogue, which stated that no single equipment vendor would be barred in order to create a level playing field.

This message was backed by Chancellor Merkel. Recently, however the CDU ignored the Chancellor’s position and passed a motion stipulating that the German parliament has the final say on the matter.

"Due to the voluntary nature of the certification scheme, it is doubtful that this piece of legislation will prevent other geopolitical actors from spying"

It is clear that Europe needs to stand united. We need to remind ourselves that the EU is still the biggest economic market, and that this time our purchasing power should be used to set the rules. After all, a European rules-based approach is the only guarantee for preventing trade conflicts based on nationalism.

So, to answer the critical question on who should be allowed to supply the 5G network infrastructure, the EU should do what it has always done; guarantee a rules-based approach that creates a level playing field in the internal market.

First, it should tackle the security challenges of state-backed actors, particularly 5G suppliers with opaque corporate ownership structures. According to a recent report, third-country companies have used state aid to undercut European competitors.

The European Commission should at least launch an investigation into this claim, if it is confirmed as valid by many EU industry leaders.

Second, another risk arises when you ban certain players from the internal market. When there is a major dependency on a single supplier, the potential failure of this supplier will cause the entire infrastructure to collapse.

Assuming the future importance of 5G, we must avoid a monopoly at all costs. The EU needs to do what the EU always has done; guaranteeing the rules on the internal market, which involves compliance with state subsidy rules and the avoidance of monopolies.

At each and every stage, competitors should play the game by the rules. Luckily, we still have a situation where several players have proven that they are able to deliver the required 5G infrastructure.

Read the most recent articles written by Kris Peeters - 5G: A risky business