miércoles, 24 de abril de 2019

Europe & Cybersecurity of 5G networks

Since the beginning of the year, there´s a growing concern of the cybersecurity of 5G networks in Europe. Perhaps, the best way to understand what has happened is a sentence that many time ago Bruce Schneier introduced in the quotes collection of the cybersecurity specialist,  "security is a mind state". Before US government began what we may benignly call a campaign on the need of a trusty 5G infrastructure, Europe had a blind trust in their network operators and their proceedings for infrastructure deployment. Now, this trust is broken, instability has been introduced in the European cybersecurity mind state and something has to be done to solve this trust crisis and achieve a new stable mind state.

From my point of view, it doesn't matter now the origin of this trust crisis, although we should not forget it. The center of the US campaign for a trusty 5G infrastructure has been the manufacturer which provides a growing share of the current 4G infrastructure in Europe, which will be the base for the deployment of 5G networks due to the evolutionary approach of its architecture. Therefore, although the accusations may have the smell of the "weapons of mass destruction" campaign before the second Irak war, Europe can not afford doing nothing and wait to see how it happens the first real cybersecurity incident in its 5G networks.

Due to the tiny size of each European national telecom market, there´s no space for nothing different than a shared European solution to this crisis of trust. Although Germany or UK may lead by example (as they are doing) with different national proposals for security requirements for mobile telecom operators, Europe will be sidelined of 5G race without a shared approach to a security assurance scheme for 5G networks. GSMA has politely remembered during the last MWC with its called for a proportionate and risk-based, as well as common, consistent and agreed, security assurance, testing and certification regime for Europe. It was not a surprise that all the eyes turned to the European Commission to make a proposal for this shared approach to cybersecurity for 5G networks.

However, the European Commission may has chosen the long and winding road for cybersecurity on 5G networks in Europe. Although the recently approved European Electronic Communications Code allow the European Commision to adopt an implementing act establishing armonised technical and organisational measures to appropriately manage the risks posed to the security of networks and services, the Commission has chosen to adopt only a recommendation for Member States with a set of actions to assess cybersecurity risks of 5G networks and to strengthen preventive measures in the national sphere by June 2019, with a later exchange of best practices in order to build up by December 2019 a toolbox of mitigating measures to address the identified cybersecurity risks on 5G networks. It is pretty sure that all Member States will make their best, but it has to be seen yet if this cooperative path produce a coherent approach to cybersecurity of 5G in Europe on time. Just after the publication of the European Commission recommendation, a 5G expert warned in the Financial Times that "This timescale is incompatible with the EU’s other objective to be a leader in 5G".

And while Europe is lost like a modern Teseo in the cybersecurity labyrinth, their competitors reap the first successes. Since April 3rd, 5G reduced commercial offers are available in a reduced scale in Corea and USA who passionately dispute the glory of being the first. Each month of delay in the deployment of reduced commercial offers in Europe may mean a delay in having full commercial 5G networks in the Union by 2025. This might mean for Europe a huge economic impact in the future, as the European Commission has estimated benefits of €113.1 billion per annum from 2025 in Europe from the introduction of 5G capabilities.

Someone may think that the US offensive in favour of cyber security of 5G networks would have a collateral benefit for Europe on the manufacturer area. The first market analyzes published this year are looking to confirm this approach with the dethronation of Huawei as the first mobile provider and Ericsson´s leadership in the share of expected shipments of 5G equipment. However, the security assurance of 5G networks in Europe will imply the security testing and certification of all the providers, and it is still to be see if Ericsson or Nokia would pass an strict cybersecurity scrutiny like the one that Huawei is yearly passing at the UK government.

Europe began to lose its importance as a technological competitor on the race for 4G deployment. The delay in 4G an effective spectrum assignment in some European countries blocked a uniform deployment of 4G networks across the Union preventing network operators to take advantage of the scalability of the European market.  When everything was looking bright in 5G deployment in Europe, an slow reaction to cybersecurity deployment may strike a final blow on Europe dreams of catching up US and China in the digital race.

No hay comentarios:

Publicar un comentario

palyginti kainas