Today the European Commission has recommended a set of operational steps and measures to ensure a high level of cybersecurity of 5G networks across the EU.
Fifth generation (5G) networks will form the future backbone of our societies and economies, connecting billions of objects and systems, including in critical sectors such as energy, transport, banking, and health, as well as industrial control systems carrying sensitive information and supporting safety systems. Democratic processes, such as elections, increasingly rely on digital infrastructures and 5G networks, highlighting the need to address any vulnerabilities and making the Commission’s recommendations all the more pertinent ahead of the European Parliament elections in May.
Following the support from Heads of State or Government expressed at the European Council on 22 March for a concerted approach to the security of 5G networks, the European Commission is today recommending a set of concrete actions to assess cybersecurity risks of 5G networks and to strengthen preventive measures. The recommendations are a combination of legislative and policy instruments meant to protect our economies, societies and democratic systems. With worldwide 5G revenues estimated at €225 billion in 2025, 5G is a key asset for Europe to compete in the global market and its cybersecurity is crucial for ensuring the strategic autonomy of the Union.
Vice-President Andrus Ansip, in charge of the Digital Single Market, said:”5G technology will transform our economy and society and open massive opportunities for people and businesses. But we cannot accept this happening without full security built in. It is therefore essential that 5G infrastructures in the EU are resilient and fully secure from technical or legal backdoors.”
Commissioner Julian King, in charge of the Security Union, stated: “The resilience of our digital infrastructure is critical to government, business, the security of our personal data and the functioning of our democratic institutions. We need to develop a European approach to protecting the integrity of 5G, which is going to be the digital plumbing of our interconnected lives.”
Commissioner Mariya Gabriel, in charge of the Digital Economy and Society, added:“Protecting 5G networks aims at protecting the infrastructure that will support vital societal and economic functions – such as energy, transport, banking, and health, as well as the much more automated factories of the future. It also means protecting our democratic processes, such as elections, against interference and the spread of disinformation.”
Any vulnerability in 5G networks or a cyber-attack targeting the future networks in one Member State would affect the Union as a whole. This is why concerted measures taken both at national and European levels must ensure a high level of cybersecurity.
Today’s Recommendation sets out a series of operational measures:
At national level
Each Member State should complete a national risk assessment of 5G network infrastructures by the end of June 2019. On this basis, Member States should update existing security requirements for network providers and include conditions for ensuring the security of public networks, especially when granting rights of use for radio frequencies in 5G bands. These measures should include reinforced obligations on suppliers and operators to ensure the security of the networks. The national risk assessments and measures should consider various risk factors, such as technical risks and risks linked to the behaviour of suppliers or operators, including those from third countries. National risk assessments will be a central element towards building a coordinated EU risk assessment.
EU Member States have the right to exclude companies from their markets for national security reasons, if they do not comply with the country’s standards and legal framework.
At EU level
Member States should exchange information with each other and with the support of the Commission and the European Agency for Cybersecurity (ENISA), will complete a coordinated risk assessment by 1 October 2019. On that basis, Member States will agree on a set of mitigating measures that can be used at national level. These can include certification requirements, tests, controls, as well as the identification of products or suppliers that are considered potentially non-secure. This work will be done by the Cooperation Group of competent authorities, as set out under the Directive on Security of Network and Information Systems, with the help of the Commission and ENISA. This coordinated work should support Member States’ actions at national level and provide guidance to the Commission for possible further steps at EU level. In addition, Member States should develop specific security requirements that could apply in the context of public procurement related to 5G networks, including mandatory requirements to implement cybersecurity certification schemes.
Today’s Recommendation will make use of the wide-range of instruments already in place or agreed to reinforce cooperation against cyber-attacks and enable the EU to act collectively in protecting its economy and society, including the first EU-wide legislation on cybersecurity (Directive on Security of Network and Information Systems), the Cybersecurity Act recently approved by the European Parliament, and the new telecoms rules. The Recommendation will help Member States to implement these new instruments in a coherent manner when it comes to 5G security.
In the field of cybersecurity, the future European cybersecurity certification framework for digital products, processes and services foreseen in the Cybersecurity Act should provide an essential supporting tool to promote consistent levels of security. When implementing it, Member States should also immediately and actively engage with all other involved stakeholders in the development of dedicated EU-wide certification schemes related to 5G. Once they become available, Member States should make certification in this area mandatory through national technical regulations.
In the field of telecoms, Member States have to ensure that the integrity and security of public communications networks are maintained, with obligations to ensure that operators take technical and organisational measures to appropriately manage the risks posed to security of networks and services.
Member States should complete their national risk assessments by 30 June 2019 and update necessary security measures. The national risk assessment should be transmitted to the Commission and European Agency for Cybersecurity by 15 July 2019.
In parallel, Member States and the Commission will start coordination work within the NIS Cooperation Group. ENISA will complete a 5G threat landscape that will support Member States in the delivery by 1 October 2019 of the EU-wide risk assessment.
By 31 December 2019, the NIS Cooperation Group should agree on mitigating measures to address the cybersecurity risks identified at national and EU levels.
Once the Cybersecurity Act, recently approved by the European Parliament, enters into force in the coming weeks, the Commission and ENISA will set up the EU-wide certification framework. Member States are encouraged to cooperate with the Commission and ENISA to prioritise a certification scheme covering 5G networks and equipment.
By 1 October 2020, Member States – in cooperation with the Commission – should assess the effects of the Recommendation in order to determine whether there is a need for further action. This assessment should take into account the outcome of the coordinated European risk assessment and of the effectiveness of the toolbox.
In its conclusions of 22 March, the European Council expressed its support for the European Commission recommending a concerted approach to the security of 5G networks. The European Parliament’s Resolution on security threats connected with the rising Chinese technological presence in the Union, voted on 12 March, also calls on the Commission and Member States to take action at Union level.
In addition, the cybersecurity of 5G networks is key for ensuring the strategic autonomy of the Union, as underlined in the Joint Communication “EU-China, a Strategic Outlook”. That is why it is essential and urgent to review and strengthen existing security rules in this area to ensure that they reflect the strategic importance of 5G networks, as well as the evolution of the threats, including the growing number and sophistication of cyber-attacks. 5G is a key asset for Europe to compete in the global market. Worldwide 5G revenues should reach the equivalent of €225 billion in 2025. Another source indicates that the benefits of the introduction of 5G across four key industrial sectors, namely automotive, health, transport and energy, may reach €114 billion per year.
Deloitte Debuts ‘Blockchain In a Box’ (BIAB)
Deloitte today introduced
“Blockchain in a Box” (BIAB) designed to provide intuitive, tangible blockchain
demonstrations and experimentations. It is a mobile, self-contained technology
platform capable of hosting blockchain-based solutions across four
small-form-factor compute nodes and three video displays, as well as networking
components that enable integration with external services, such as traditional
cloud technologies. Each compute node accepts Secure Digital (SD) card media, facilitating
rapid selection and exchange of demo solutions tailored to specific client
“Deloitte custom built this solution based on client interest in understanding blockchain capabilities in live interactions,” said Linda Pawczuk, principal, Deloitte Consulting LLP and U.S. blockchain leader and co-leader of global blockchain group. “What’s often misunderstood about blockchain is that it is an entirety of a technology solution — when in reality, it’s a technology component that enables larger business applications and approaches. Our mobile demonstration is practical, tactical and most importantly, tangible to clients.”
Deloitte has demonstrated the BIAB to several clients and to the broader blockchain and emerging technology community at multiple conferences, including Consensus 2019.
“Each time we have used the BIAB to facilitate exploration, the reaction is that of curiosity and excitement where the audience leaves with a deeper understanding of blockchain and how the use cases are implemented,” said Chih-Wei Yi, principal, Deloitte & Touche LLP. “It helps to demystify blockchain and is a refreshing and well-grounded approach versus traditional slideware-based demonstrations.”
Earlier this year, Deloitte released its annual Global Blockchain Survey, which revealed that blockchain investment continues to surge as new, practical business applications gain traction and business leaders begin to see beyond the “hype cycle.” Eighty-three percent of the 2019 survey respondents said their organizations see compelling use cases for blockchain, and more than half (53%) reported that blockchain technology has become a critical priority for their organization this year — a 10 percentage point increase over last year.
Creating a common approach to the digital economy and Industry 4.0
The United Nations Industrial Development Organization (UNIDO) participated in a forum of the Commonwealth Telecommunications Organisation (CTO) to discuss how international organizations can promote the development of the ICT infrastructure and new technologies in order to realize digital economies.
Mr. Bernardo Calzadilla-Sarmiento, UNIDO’s Director of the Department of Trade, Investment and Innovation, highlighted UNIDO’s role and functions in leveraging the potential of Industry 4.0 to meet the sustainable development goals (SDGs). Technical cooperation, developing new norms and standards, and the convening of stakeholders and partnerships to share best practices are ways of enabling this.
“Industry 4.0 is going to bring about far reaching changes and governments must implement best practices to address these important challenges.”
More than a dozen international bodies took part in the forum, including the African Union, ASEAN, the OECD and the World Economic Forum, who all agreed that public-private partnerships are key to combat the existing digital divide, both in terms of infrastructure and technical solutions, which include building capacities and using innovation in ICT.
The International Telecommunication Union further highlighted the need to support the development of and harmonization of international standards, which survey the readiness of enterprises for Industry 4.0.
APEC Strengthens Trust with Data Protection System
Data protection in the Asia-Pacific region has just received a significant boost with the appointment of the Infocomm Media Development Authority (IMDA) by Singapore as its accountability agent. Singapore joined the APEC Cross-Border Privacy Rules (CBPR) system in March last year and has become the third economy after the United States and Japan to operationalize the system.
Adopted in 2011 and endorsed by the 21 APEC Leaders, the CBPR system allows participating businesses and other organizations to develop their own internal rules and policies consistent with the specific CBPR program requirements upon which the certification is based in order to secure cross-border data privacy.
As accountability agents, IMDA will ensure the privacy policies and practices of participating organizations comply with the APEC CBPR and Privacy Recognition for Processors (PRP) through independent third party assessments before certifying them.
“The appointment of the IMDA by Singapore as the new accountability agent of the CBPR system shows the deep commitment from members to pursue a better data protection mechanism that does not hinder innovation and development,” said Shannon Coe, Chair of the APEC Electronic Commerce Steering Group.
Data protection is an urgent issue for businesses in the region, which is home to 45 per cent of the world’s internet users—about 1.99 billion people. People and businesses are connected globally, with more and more data flowing across borders.
“Trust is key to the growth and development of the digital economy,” added Coe. ”A strong data protection system is beneficial for both businesses and consumers and furthers participation in the digital economy.”
The approval of the IMDA as an accountability agent in Singapore was reached by the Joint Oversight Panel of the APEC Electronic Commerce Steering Group, which administers the APEC CBPR system. IMDA will join other accountability agents such as Schellman & Company, TrustArc in the United States and the Japan Institute for Promotion of Digital Economy and Community (JIPDEC) in Japan.
“In APEC, we are working to include more people to participate in the economy through digital trade and related processes. We can achieve this by ensuring that we have the right system in place to protect consumers’ data. This builds not only trust, but confidence for both consumers and the businesses,” said APEC Secretariat Executive Director, Dr Rebecca Sta Maria.
There are currently eight participating APEC economies in the CBPR system, including Australia, Canada, the Republic of Korea, Japan, Mexico, Singapore, Chinese Taipei and the United States.
Microplastic pollution is everywhere, but not necessarily a risk to human health
Tiny plastic particles known as microplastics are “everywhere – including in our drinking-water”, but they are not necessarily a risk...
The Russiagate hoax is now fully exposed
The last leg of the Russiagate hoax to become exposed was on August 16th, when Gareth Porter bannered at The...
Brazilian stakeholders of UNIDO-GEF project trained on biogas
The United Nations Industrial Development Organization (UNIDO), the Ministry of Science, Technology, Innovations and Communications (MCTIC), and the International Center...
Transnational Crimes in the Maritime Realm
Maritime trafficking routes closely follow the commercial shipping lanes. The modalities, technologies and strategies put into place by criminals are...
The workplace equality challenge
This year’s G7 French presidency has chosen the theme for the Biarritz Summit well. ‘Combating inequality’ is indeed one of...
Modi-fying Kashmir and Historical Facts
The Modi government on 5th august 2019 revoked two key constitutional provisions — Article 370 and Article 35A — which...
Fighting Corporate Espionage by a Counterintelligence Agent
Corporate executives must bear the responsibility of today’s evolving corporate world entering into a global community where not only are...
Defense2 days ago
India’s veiled nuclear threat
Travel & Leisure3 days ago
Think outside: 5 ways to disconnect and enjoy the outdoors
International Law2 days ago
Why legal principles on war and environment matter
Intelligence2 days ago
Where does allegiance lie?
South Asia3 days ago
China- Pakistan: Centaur of Friendship
Energy2 days ago
Rummaging through trash to find clean energy
Americas2 days ago
Remembering JFK – The Short Lived President: His Life and Achievements
New Social Compact3 days ago
Alone in the dark: The Sylvia Plath Effect and the South poet