Europe warns: 5G networks can increase state-backed hacker attacks

European Commission and the European Agency for Cybersecurity reports about potentially increased security risks due to 5G technology

According to European Commission countries will have increased risk of state-backed hacker attacks after the 5G network. According to the European Union report,^[1] 5G network can increase the vulnerability of state-backed hacker attacks due to trusting a single vendor.^[2] The statement warns that mobile network operators should consider this and not rely on suppliers that much. Especially the ones that are interfering with non-EU countries since this one of the main aspects in the assessment of non-technical vulnerabilities related to 5G networks.

The following factors are listed as risks regarding the suppliers:

• strong links between suppliers and government of a third country;
• legislation of the given third country;
• lack of data protection agreements between the EU^[3] and third country;
• characteristics of the supplier's corporate ownership;
• any form of pressure concerning the place of equipment manufacturing;
• suppliers ability to assure the supply;
• the overall quality of products and the cybersecurity practices of the supplier.

Poor software development makes it easier for actors to insert malicious script into products

This risk assessment report identifies many risks and security challenges regarding the 5G and operating such networks. The role of suppliers noted as one of the security risks, but other effects that should follow the 5G rollout in the report include:

• Increased exposure to attacks and an increased number of potential entry points for attackers. Improperly developed software can make it easier for criminals to insert their malware to make those programs harder to detect.
• Certain network equipment issues. New functionalities can make functions or software more sensitive to exploits.
• The number of attack paths that might get exploited increases due to reliance on suppliers and the increased severity of such attacks. It this case, the most serious ones are state-backed actors that can target 5G networks.^[4]
• The individual supplier with particular risks. The likelihood of the supplier becoming a subject to interference from other countries outside of Europe come to play.
• Exposure to potential supply interruption. Significant dependencies on suppliers aggravate the potential impact of vulnerabilities and possible exploitation of those flaws.
• Privacy threats and confidentiality are expected to become the backbone of various IT applications. In regards to 5G networks, the integrity and availability of such apps will become a security concern for countries.

The next step is to determine further actions by October 2020

According to a report from Brussels, by December 31st this year, cybersecurity risks at the national and European Union level should be addressed by agreeing on a toolbox of mitigating measures. Other recommendations should be assessed by this time next year and suggestions for further actions.

The report is not addressing the particular Huawei 5G network. However, Huawei products got reported by the United States as posing a security risk due to potential use for spying.^[5] The company denied such accusations and called for evidence from the government to back up these claims. Huawei remains one of the largest suppliers; its market share in Europe is estimated at around 40%.

The report concludes that challenges create a new paradigm of security and make it necessary to release essential measures, and security frameworks applicable to the sector, warning that current 3G and 4G networks should get redesigned.

This requires identifying potential gaps in existing frameworks and enforcement mechanisms, ranging from the implementation of cybersecurity legislation, the supervisory role of public authorities, and the respective obligations and liability of operators and suppliers.