EU warns about cyber risks from state-backed entities

The European Agency for Cybersecurity is also finalising a map of specific threats related to 5G networks in EU countries. PHOTO: DPA
The European Agency for Cybersecurity is also finalising a map of specific threats related to 5G networks in EU countries. PHOTO: DPA

Equipment suppliers with substantial market share in the bloc a major concern

BRUSSELS • The European Union warned yesterday of increased cyber attacks by state-backed entities and non-EU actors, saying that it is crucial to assess the risks posed by telecoms equipment suppliers with a significant market share in the bloc.

The comments came in a report prepared by EU countries on cyber-security risks to 5G networks, seen as crucial to the bloc's economic growth.

While the report does not name any country or company, observers have frequently cited China and the world's biggest telecoms equipment maker, Huawei Technologies, as potential threats.

"Among the various potential actors, non-EU states or state-backed are considered as the most serious ones and the most likely to target 5G networks," the European Commission and Finland, which currently holds the rotating EU presidency, said in a joint statement.

"In this context of increased exposure to attacks facilitated by suppliers, the risk profile of individual suppliers will become particularly important, including the likelihood of the supplier being subject to interference from a non-EU country," the statement said.

The commission sought to explore the full range of risks ranging from vital industries capacity to function to "democratic processes, such as elections" that will eventually rely on the 5G system to work.

The statement also warned against over-dependence on a single telecoms equipment supplier.

"A major dependency on a single supplier increases the exposure to a potential supply interruption, resulting for instance from a commercial failure, and its consequences," it said.

"It also aggravates the potential impact of weaknesses or vulnerabilities, and of their possible exploitation by threat actors, in particular where the dependency concerns a supplier presenting a high degree of risk."

 
 
 

The US government wants Europe to ban Huawei's equipment because it says this can be used by Beijing for spying, something the company has repeatedly denied.

While any decision to ban Huawei would ultimately rest with the capitals - and no European country has yet decided to fully ban the company from its networks - the EU-wide approach could make it more difficult for Beijing to retaliate against any individual European country that takes too hard a line against Huawei.

US and European officials have raised concerns about partnering Chinese equipment makers like Huawei following a 2017 Chinese law that mandates any organisation and citizen to support and assist national intelligence in their investigations.

The EU will now seek to come up with a so-called toolbox of measures by the end of the year to address the cyber-security risks at national and EU level.

The European Agency for Cybersecurity is also finalising a map of specific threats related to 5G networks.

REUTERS, BLOOMBERG

A version of this article appeared in the print edition of The Straits Times on October 10, 2019, with the headline 'EU warns about cyber risks from state-backed entities'. Print Edition | Subscribe