The European Commission said today that EU nations will work together to assess and prevent security risks associated with 5G networks. In doing so, the EU has effectively rejected demands from the United States that it ban Huawei and other Chinese companies from participating in these networks.
“The European Commission recommended today a set of concrete actions to assess cybersecurity risks of 5G networks and to strengthen preventive measures,” an EC announcement reads. “The recommendations are a combination of legislative and policy instruments meant to protect our economies, societies and democratic systems … 5G is a key asset for Europe to compete in the global market and its cybersecurity is crucial for ensuring the strategic autonomy of the Union.”
Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!
"*" indicates required fields
The EC’s recommendations include requiring each member state to complete a national risk assessment of 5G network infrastructures by the end of June and then update their security requirements for network providers. The EC says that EU member states—rather than the EU as a whole—will have the right to exclude companies that don’t meet their unique security requirements.
“Today’s Recommendation will make use of the wide-range of instruments already in place or agreed to reinforce cooperation against cyber-attacks and enable the EU to act collectively in protecting its economy and society, including the first EU-wide legislation on cybersecurity, the Cybersecurity Act recently approved by the European Parliament, and the new telecoms rules,” the announcement continues. “The Recommendation will help Member States to implement these new instruments in a coherent manner when it comes to 5G security.”
Huawei says it welcomes the EU decision.
“Huawei understands the cybersecurity concerns that European regulators have,” Huawei’s Abraham Liu said. “Huawei looks forward to contributing to the European framework on cybersecurity. We are firmly committed to continue working with all regulators and partners to make the 5G rollout in Europe a success.”
skane2600
<blockquote><em><a href="#415888">In reply to MachineGunJohn:</a></em></blockquote><p>It would be an expensive and ineffective method for spying if only certain units were installed with malware. You couldn't control who bought the compromised product or possibly even know who ended up buying it. Yet a single unit being "caught" would bring the entire company and possibly other Chinese companies down. It would be a high risk/ low value strategy.</p>
skane2600
<blockquote><em><a href="#416154">In reply to YouWereWarned:</a></em></blockquote><p>The idea that buying ammo is the same as buying networking equipment or smartphones is absurd. </p><p><br></p><p><br></p><p><br></p><p>As far as the bloomberg story is concerned, Amazon and Apple have denied it and there doesn't seem to be any confirmation that it is true (at least as recently as last October).</p><p><br></p><p><br></p><p><br></p><p>www.apple.com/newsroom/2018/10/what-businessweek-got-wrong-about-apple/</p><p><br></p><p>As I've mentioned before the technology to strip down any chip to determine its function has existed for decades. It was one way the Atari 2600 was reverse-engineered at a time when its specs were a trade secret.</p>
skane2600
<blockquote><em><a href="#416629">In reply to YouWereWarned:</a></em></blockquote><p>I can't argue with hearsay "testimony" although I note that simply working at a company doesn't mean you know the truth of everything that happens there. </p>
skane2600
<blockquote><em><a href="#416003">In reply to red.radar:</a></em></blockquote><p>Here is my take on this. </p><p><br></p><p>You can't test your way into <em>developing </em>a perfectly secure product, but you can test to determine if an already developed product contains malware with some level of confidence in the context of spying. State sponsored spying has a much narrower focus than what generic malware is designed to accomplish. Depending on the user to navigate to a fake website in order to exploit an deliberately embedded vulnerability isn't really going to cut it. To be effective, the full malware has to be present in the device either initially or through an update.</p>
skane2600
<blockquote><em><a href="#415640">In reply to red.radar:</a></em></blockquote><p>You mean the way Volkswagen cheated and never got caught? Oh wait.</p>
skane2600
<blockquote><em><a href="#415658">In reply to red.radar:</a></em></blockquote><p>If that was your point you failed to convey it. If Huawei was caught (regardless of when) putting malware in their 5G implementation, it would be game over for them. China has far more to gain through legitimate competition than it does through spying.</p>
skane2600
<blockquote><em><a href="#415673">In reply to lvthunder:</a></em></blockquote><p>Really digging deep into the hypotheticals aren't we. What do you think would happen to a US CEO and board members if they knowingly covered up a major security breach that endangered national security? Would they use the "we were afraid people would say; I told you so" defense?</p>
skane2600
<blockquote><em><a href="#415889">In reply to lvthunder:</a></em></blockquote><p>What national security breaches were Yahoo and Equifax responsible for?</p>
PeterC
<p>Good.</p>
skane2600
<blockquote><em><a href="#415656">In reply to lvthunder:</a></em></blockquote><p>The US can do what it wants, but if the US doesn't want other countries telling us what to do, then we should stop telling them what to do. Historically we have been much more arrogant than any other country in this regard.</p>
skane2600
<blockquote><em><a href="#415665">In reply to prjman:</a></em></blockquote><p>We never "saved the world" but we did help save it along with others. But nearly every military action we've taken since WWII has caused more harm than benefit. </p>
skane2600
<blockquote><em><a href="#415905">In reply to AnOldAmigaUser:</a></em></blockquote><p>The US hasn't been very "pure" with respect to colonialism either. We spent years financially supporting the French's war to recover their Vietnam colony and we still have "<span style="background-color: rgb(255, 255, 255); color: rgb(34, 34, 34);">territories" whose people have varying degrees of rights none of which equal those of people living in US states.</span></p>
skane2600
<blockquote><em><a href="#415892">In reply to MachineGunJohn:</a></em></blockquote><p>That's a bit like a mugger saying "I'm not going to tell you what to do, I'm just informing you that if you don't give me your money I'll shoot". The US tried to use leverage to get the EU to do what it wanted them to do, that goes beyond merely informing them of the US's own policy. Note that the US could still quietly stop sharing information, the only reason to announce it was to persuade the EU and other countries to adopt US policy.</p>
Bats
<p>Seriously, is there a point to all this? So what with regards to the way the EU is handling Huawei? So what? From what I have been reading the EU is so F'd up, that I'll happily pick the intel off my guys over there in DC and Langley rather than those boneheads in the …..lol…..EU. I work for an international law firm, based in the UK…ya know that whole Brexit thing. Not just that, but I interact with all most of our offices located in countries throughout the EU. I know the EU. I know the laws. I know the whole GDPR thing going on….very well. I know economics. I know finance. I know law. The EU is a joke. I could care less with what the EU governments think and do.</p><p><br></p><p>Our (American) guys are much smarter than those Europeans. They really are. This is why WE..not them….are a Superpower. We have the intelligence, the technology, and the money. What do they have? Problems and delusions. LOL…it's hilarious. </p><p><br></p><p>I happen to like Huawei. I owned a fabulous Nexus 6p phone that I still use today (in a limited capacity). However, I love my country more. Until our guys say it's ok….I have no problem refraining from Huawei products. Plus, the Chinese are economic cheaters. One of the advantages of being employed by an international law firm, is that I get to talk to people from all around the world. I know what's going on. I know what China is doing. I don't need to read bias reporting that may or may not be painting China in a good or bad light. Huawei is specifically banned from the USA because smarter people have advised our government to do so. I'll go with them instead of some "reporter."</p>
skane2600
<blockquote><em><a href="#415699">In reply to Bats:</a></em></blockquote><p>Please present your evidence that "our guys" (presumably women don't count) are smarter than Europeans. It's more likely that our "Superpower" status is the result of advantageous Geography than anything else.</p>
skane2600
<blockquote><em><a href="#415891">In reply to Rob_Wade:</a></em></blockquote><p>I was considering "superpower" in the more narrow sense of military might. While the other measures are valid, it seems that in practice we don't refer to any country without dominant military power as a superpower. Arguably the economy and political structure of the Soviet Union wasn't a strength, but they were considered a superpower anyway because of their military power.</p>
skane2600
<blockquote><em><a href="#415903">In reply to MachineGunJohn:</a></em></blockquote><p>"it's not a matter of smarter"</p><p><br></p><p>I was just reacting to the "smarter claim". I wasn't intending to get into a discussion about political philosophy. Having said that, as an old guy who had trouble finding work, my social security check gives me a different perspective on "socialism" than perhaps some younger people who are still making the big bucks. </p>
skane2600
<blockquote><em><a href="#415981">In reply to mikes_infl:</a></em></blockquote><p>I doubt that security experts would just examine a device once and never examine it again. All firmware updates would be detectable since they have to occur through communication that can be monitored.</p>
skane2600
<blockquote><em><a href="#416052">In reply to sharpsone:</a></em></blockquote><p>A backdoor could be rather easily detected and as I said updates can be monitored. Unless US intelligence agencies found no evidence and just announced there was a problem to avoid doing the real work.</p>