EU fears cyber threats from China after 5G rollout
MEPs call for common action on the security risks linked to the country's growing technological presenceMaria Koleva , Strasbourg
EU cybersecurity certification scheme for products, processes and services was adopted by the members of the EP, who voted on the Cybersecurity Act at their session in Strasbourg on 12 March. The act is already informally agreed with the Council, highlights the importance of certifying critical infrastructure, including energy grids, water, energy supplies and banking systems in addition to products, processes and services. In few years the EU executive have to assess whether any of the new voluntary schemes should be made mandatory.
The new legislation also provides for a permanent mandate and more resources for ENISA, the EU Cybersecurity Agency which is based in Athens and Crete. MEPs insisted the Commission to mandate ENISA to work on a certification scheme and thus to guarantee that the rollout of 5G in the Union meets the highest security standards.
They also urge the Commission and national governments to provide guidance on how to tackle cyber threats and vulnerabilities when procuring 5G equipment. It could be by diversifying equipment from different vendors, introducing multi-phase procurement processes and establishing a strategy to reduce Europe's dependence on foreign cybersecurity technology.
Talking on the significance of the act, its rapporteur Angelika Niebler (EPP, DE) explained during the debate that from the refrigerator to the coffee machine to the pacemaker, from the energy grids to the telecommunications networks and the transport infrastructure - everything will be interconnected. For us, this means that cybersecurity must be one of Europe's top political priorities, she asserted, recalling the WannaCry major cyber-attack that happened two years ago when over 200,000 IT systems across Europe were affected.
This significant success will enable the EU to keep up with security risks in the digital world for years to come, Niebler commented the result of the vote, noting that the legislation is a cornerstone for Europe to become a global player in cyber security. Consumers, as well as the industry, need to be able to trust in IT-solutions, she added.
Cyber-attacks and cybersecurity are very high on the list of concerns of our public and rightly so, as we are still vulnerable to attacks which can lead to the disclosure of data and other serious issues, MEP Pavel Telicka (ALDE, CZ) commented adding that tomorrow, it could be “a serious threat that could endanger our health, our security, our safety in broader terms.” I believe what we have managed to achieve with the Cybersecurity Act, as well as with ENISA, is the right response and one of ENISA's first tasks must be the drafting of a cybersecurity scheme for 5G, he opined.
In a separate resolution, lawmakers voiced concerns about China's growing technological presence in the Union in connection with the recent allegations that 5G equipment “may have embedded backdoors that would allow Chinese manufacturers and authorities to have unauthorised access to private and personal data and telecommunications in the EU”.
As Czech MEP Ludek Niedermayer, the EPP rapporteur on the resolution, explained, it refers to the recent revelations that Chinese tech giant Huawei - the world's biggest seller of network telecommunications equipment and one of the pioneers of 5G technology - has been accused of being a gateway for China to spy on Western nations. He specified that this resolution, initiated by the EPP Group, calls on the EU “to take measures to protect our citizens from cyber-attacks and espionage”.
Lawmakers consider it worrying that third-country equipment vendors might present a security risk for the EU, due to the laws of their country of origin obliging all enterprises to cooperate with the state in safeguarding a very broad definition of national security also outside their own country.