Member states publish report on EU coordinated risk assessment of 5G networks security

Oct 10, 2019
Member states, with the support of the Commission and the European Agency for Cybersecurity, published a report on the EU coordinated risk assessment on cybersecurity in Fifth Generation (5G) networks. This is part of the implementation of the European Commission Recommendation, adopted in March 2019, to ensure a high level of cybersecurity of 5G networks across the EU.

The report is based on the results of the national cybersecurity risk assessments by all EU Member States and identifies the main threats and threats actors, the most sensitive assets, the main vulnerabilities (including technical ones and other types of vulnerabilities) and a number of strategic risks.

This assessment provides the basis to identify mitigation measures that can be applied at national and European level.

Main insights of the EU coordinated risk assessment

The report identifies a number of important security challenges, which are likely to appear or become more prominent in 5G networks, compared with the situation in existing networks:

These security challenges are mainly linked to:
  • key innovations in the 5G technology (which will also bring a number of specific security improvements), in particular, the important part of software and the wide range of services and applications enabled by 5G;
  • the role of suppliers in building and operating 5G networks and the degree of dependency on individual suppliers.

European Agency for Cybersecurity threat landscape

To complement the Member States' report, the European Agency for Cybersecurity is finalising a specific threat landscape mapping related to 5G networks, which considers in more detail certain technical aspects covered in the report.

Next Steps

By 31 December 2019, the Cooperation Group should agree on a toolbox of mitigating measures to address the identified cybersecurity risks at national and Union level.

By 1 October 2020, Member States – in cooperation with the Commission – should assess the effects of the recommendation in order to determine whether there is a need for further action. This assessment should take into account the outcome of the coordinated European risk assessment and of the effectiveness of the measures.  

(Source: European Commission)