© unsplash/Jake Blucker

Towards a secure European 5G infrastructure

From telemedicine operations to fully networked production facilities, high-performance 5G networks will drive the digitalisation of all areas of life. As a result, 5G networks will be the highway for highly sensitive data. Therefore, manufacturers of 5G network components must be trustworthy. In order to maintain the highest possible level of security, a European-wide applicable cybersecurity standard is urgently required for 5G components.

On the way to the gigabit society, 5G technology plays a key role for our economy. The innovation potential is enormous. High-performance mobile communication infrastructures are indispensable for the visions of autonomous driving, increased efficiency in logistics, and the fully networked smart factory. 

5G will also be decisive in enabling human-machine interaction over long distances: There is a lack of doctors everywhere in Germany. Telemedicine can be a solution here. However, in order to perform an operation remotely using surgical robots, low latencies, stable transmission and very high data rates are required. This is the only way to ensure real-time transmission of high-resolution images.

This is where 5G comes into play. The great advantage of 5G lies in the enormously high data rates of 1 to 20 GBit/s that can be transmitted. Moreover, with 5G latency – meaning the time it takes for an information or data packet to travel from its source to its destination – will drop below five milliseconds or even one millisecond. By comparison, the blink of an eye takes 100 milliseconds.

Security and speed: Germany swiftly needs a reliable 5G infrastructure

For German industry, an efficient and secure 5G network is of integral importance in order to strengthen the competitiveness of its industry in the long run. At the same time, the 5G network infrastructure needs to be developed rapidly – this is the only way to exploit the potential of Industry 4.0. Legal certainty is crucial here, especially regarding the network components that can be used.

With the IT Security Act 2.0 in conjunction with the catalog of security requirements and the list of critical functions of the Federal Network Agency the federal legislature has created the framework for a cyber-resilient 5G network. The coming months and years will have to show whether the guarantee declaration in interaction with the technical and political trustworthiness review is appropriate for this purpose. In the future, too, cybersecurity requirements must be manufacturer-independent and as European as possible.

5G: Who will be allowed to provide network components? – EU standards required

When it comes to the digital transformation, Germany is reliant on technical solutions from both national and international companies. Neither from a technological nor from an economic or temporal perspective would a systematic ban of international suppliers from the installation of digital infrastructure or the provision of digital devices be expedient. Digital sovereignty must not be confused with digital autarky.

In the view of BDI, safety must be the top priority. Therefore, all suppliers of network components should have to meet the same high security requirements – no matter where the company headquarters are located. There must not be a lex specialis for individual suppliers. BDI therefore expressly welcomes the manufacturer-independent approach chosen by the Federal Network Agency and the federal legislature. The guarantee of resilient products, networks and services must be ensured equally by all manufacturers. After all, the quality, resilience and trustworthiness of the weakest link determine the security of the entire 5G network.

If, based on technical, political, legal or intelligence criteria, there are justified doubts as to the trustworthiness of a manufacturer, the relevant provider must be excluded from participating in the construction of the German network.

Ensuring cyber-security requires everyone’s contribution

Regardless of the cyber resilience of telecommunication networks, it is crucial that companies, just like Internet users, implement basic cyber hygiene measures and take far-reaching resilience measures, especially for sensitive data and systems. Given current trends toward a steady rise in working from home, as well as increasing interconnection of machinery and equipment to complex internet-connected systems, it is encouraging that global cybersecurity spending is expected to increase by more than 12 percent to $150 billion in 2021, according to Gartner. On cloud security alone, organizations worldwide plan to spend an average of 40 percent more than they did last year. Only extensive digital and analog measures can sustainably strengthen resilience against cybercrime, digital industrial espionage and sabotage.

In the future, companies and internet users should increasingly focus on encrypting their data at the application level. End-to-end encryption, which is already applied by some e-mail and messaging providers, for example, must become the standard. At the same time, everyone must be aware that 100 percent security is not possible.