Towards a secure European 5G infrastructure

On the way to the gigabit society, 5G technology plays a key role for our economy. The innovation potential is enormous. High-performance mobile communication infrastructures are indispensable for the visions of autonomous driving, increased efficiency in logistics, and the fully networked smart factory. 

5G will also be decisive in enabling human-machine interaction over long distances: There is a lack of doctors everywhere in Germany. Telemedicine can be a solution here. However, in order to perform an operation remotely using surgical robots, low latencies, stable transmission and very high data rates are required. This is the only way to ensure real-time transmission of high-resolution images.

This is where 5G comes into play. The great advantage of 5G lies in the enormously high data rates of 1 to 20 GBit/s that can be transmitted. Moreover, with 5G latency – meaning the time it takes for an information or data packet to travel from its source to its destination – will drop below five milliseconds or even one millisecond. By comparison, the blink of an eye takes 100 milliseconds.

Security and speed: Germany swiftly needs a reliable 5G infrastructure

For German industry, an efficient and secure 5G network is of integral importance in order to strengthen the competitiveness of its industry in the long run. At the same time, the 5G network infrastructure needs to be developed rapidly – this is the only way to exploit the potential of technologies associated with Industry 4.0, such as digital twins, the industrial metaverse and Artificial Intelligence.

With the IT Security Act 2.0 in conjunction with the catalog of security requirements and the list of critical functions of the Federal Network Agency the federal legislature has created the framework for a cyber-resilient 5G network. Based on technical security certification of components in conjunction with checking a manufacturer's trustworthiness, the German government is endeavouring to strengthen the resilience of digital infrastructures. While in theory, this approach could enhance the resilience of digital networks against espionage and sabotage, the mechanism does not work in practice. For example, the Federal MInistry of the Interior revoked its trustworthyness check shortly after introducing it.

Based on our experience so far, BDI urges the German government to update the mechanism to identify trustworthy manufacturers and secure components. Moreover, to enhance legal certainty and investment security a final decision regarding the usage of technologies from certain countries is paramount. In general, the resilience of digital infrastructures can best be increased by using multiple providers (redundancy) in combination with technical and organisational security measures. Cybersecurity requirements should always be manufacturer-independent and European to avoid market distortions and a regulatory hotch-potch.

If, based on technical, political, legal or intelligence criteria, there are justified doubts as to the trustworthiness of a manufacturer, the relevant provider must be excluded from participating in the construction of the German network.

Ensuring cyber-security requires everyone’s contribution

Regardless of the cyber resilience of telecommunication networks, it is crucial that companies, just like Internet users, implement basic cyber hygiene measures and take far-reaching resilience measures, especially for sensitive data and systems. Given current trends toward a steady rise in working from home, as well as increasing interconnection of machinery and equipment to complex internet-connected systems, it is encouraging that global cybersecurity spending is expected to increase by more than 14 percent to $215 billion in 2024, according to Gartner.

In the future, companies and internet users should increasingly focus on encrypting their data at the application level. End-to-end encryption, which is already applied by some e-mail and messaging providers, for example, must become the standard. At the same time, everyone must be aware that 100 percent security is not possible.