© unsplash/Jake Blucker

Towards a secure European 5G infrastructure

From telemedicine operations to fully networked production facilities, high-performance 5G networks will drive the digitalisation of all areas of life. As a result, 5G networks will be the highway for highly sensitive data. Therefore, manufacturers of 5G network components must be trustworthy. In order to maintain the highest possible level of security, a European-wide applicable cybersecurity standard is urgently required for 5G components.

On the way to the gigabit society, 5G technology plays a key role for our economy. The innovation potential is enormous. High-performance mobile communication infrastructures are indispensable for the visions of autonomous driving, increased efficiency in logistics, and the fully networked smart factory. 

5G will also be decisive in enabling human-machine interaction over long distances: There is a lack of doctors everywhere in Germany. Telemedicine can be a solution here. However, in order to perform an operation remotely using surgical robots, low latencies, stable transmission and very high data rates are required. This is the only way to ensure real-time transmission of high-resolution images.

This is where 5G comes into play. The key to 5G lies in the enormously high data rates of one to 20 GBit/s that can be transmitted. Moreover, with 5G latency - meaning the time it takes for an information or data packet to travel from its source to its destination - will drop below five milliseconds or even one millisecond. By comparison, the blink of an eye takes 100 milliseconds.

Security and speed: Germany swiftly needs a reliable 5G infrastructure

For German industry, an efficient and secure 5G network is of integral importance in order to strengthen the competitiveness of its industry in the long run. At the same time, the 5G network infrastructure needs to be developed rapidly - this is the only way to exploit the potential of Industry 4.0. Legal certainty is crucial here, especially with regard to the network components that can be used. This means that after more than a year of debate about individual Chinese providers and the security of 5G, the German government must now decide from which manufacturers the network operators may purchase components.

5G: Who will be allowed to provide network components? – EU standards required

When it comes to the digital transformation, Germany is reliant on technical solutions from both national and international companies. Neither from a technological nor from an economic or temporal perspective would a systematic ban of international suppliers from the installation of digital infrastructure or the provision of digital devices be expedient.

In the view of the BDI, safety must be the top priority. Therefore, all suppliers of network components should have to meet the same high security requirements - no matter where the company headquarters are located. There must not be a lex specialis for individual suppliers. Therefore, German industry welcomes the manufacturer-independent approach adopted by both the German Federal Network Agency in its security catalogue and the European Commission's risk assessment and recommendations. All manufacturers and operators have to ensure as far as possible the resilience of their products, networks and services. After all, the quality, resilience and reliability of the weakest part will determine the security of the entire 5G network.

In order to ensure the security of data but also of the network as a whole against unauthorised access from third countries, implementing the following requirements is indispensable:

  • There is a need for uniform security requirements for manufacturers of 5G components throughout Europe. To this end, a catalogue of very specific technical and non-technical security requirements must be developed by the EU together with industry representatives.
  • A declaration of trustworthiness signed by manufacturers of 5G components - i.e. an assurance that certain requirements will be adhered to - will only increase the security of 5G networks if compliance is checked jointly by network operators and government agencies. Operators of telecommunication networks can analyse the components. On the other hand, the state must decide whether the (geo-)political conditions in third countries affect the trustworthiness of manufacturers.
  • The certification of products, processes and services by an independent body should be based on uniform security requirements throughout Europe. The EU and the Federal Government must ensure that the testing and certification of critical components is carried out swiftly, because necessary security updates must not be prevented by certification processes.

If, based on technical, political, legal or intelligence criteria, there are justified doubts as to the trustworthiness of a manufacturer, it is clear that the relevant provider must be excluded from participating in the construction of the German network.

Ensuring cyber-security requires everyone’s contribution

It is to be welcomed that more than two thirds of companies worldwide plan to spend five percent or more of their total IT budget on cyber security in 2020. Only through extensive digital and analogue measures can the resilience against cybercrime, digital industrial espionage and sabotage be effectively strengthened. 

In the future, companies and internet users should increasingly focus on encrypting their data at the application level. End-to-end encryption, which is already applied by some e-mail providers, for example, must become the standard. At the same time, everyone has to be aware that 100 percent security is not possible.