EU infosec agency unveils 5G vendor security licensing scheme despite years of Huawei ambiguity

Plus: Parliament says UK was too hasty booting Chinese giant off networks


EU infosec agency ENISA has announced that it will begin licensing 5G network equipment providers as Britain's Parliament issued a report criticising the way Huawei was kicked out of the UK's 5G networks.

ENISA's so-called "candidate cybersecurity scheme" will operate in practice as a means of licensing 5G vendors to operate inside the political bloc.

ENISA exec director Juhan Lepassaar said in a statement today: "The certification of 5G networks emerges as the logical next step in the EU Cybersecurity Strategy for the Digital Decade. The new initiative builds on the actions already engaged in to mitigate the cybersecurity risks of the 5G technology."

This builds on previous murmurings from the EU Council, which found itself stressed about Huawei and other Chinese mobile network equipment vendors a couple of years ago.

Today's licensing scheme was announced as a result of an EU Commission request, which, for EU-watchers, is significant: the commission drives the EU's legislative agenda, meaning when the commission calls for new laws, everyone else sits up and pays attention.

While the bloc refused to bring in an outright ban on Huawei et al when tensions over Chinese espionage potential reached boiling point in 2020, today's announcement may or may not result in a ban by other means.

Politically, the EU has tried to keep clear blue water between itself and Huawei/China's chief critic, the US. While ministers from Donald Trump's previous government applied heavy pressure to the EU, the bloc refused to give in. Whatever its other sins, Huawei had a reputation (at least among British mobile network operators who spoke candidly to El Reg) of being a good vendor to work with – even if the firmware was riddled with easily mitigated holes.

Meanwhile, on this side of the English Channel

Parliament's Science and Technology Committee today issued a report subtly criticising the government for booting Huawei out of British 5G networks.

Greg Clark MP, chairman of the Science and Technology Committee, said in a statement: "A lack of strategic foresight in 5G has seen the UK become dependent on only two vendors for a crucial technology. We must learn from this experience to avoid making our economy and security vulnerable from a lack of acceptable alternatives in emerging technologies."

The report concluded that Britain's years-in-the-making Huawei ban has left the country dependent on the whims (and security practices, and coding standards) of Nokia, Ericsson, and OpenRAN vendors.

It also criticised the government for its focus on ensuring security within 5G deployments, stating: "There is strong support for the establishment of common testing facilities for new 5G infrastructure equipment, to provide a variety of services that could help to drive diversification. The National Telecoms Lab – which appears to be the main facility proposed by the diversification strategy – seems, however, to be focused heavily on security testing and validation alone."

The tech committee also warned of the risk that major China-aligned 5G players would fork themselves off the Western-facing branch of 5G development as part of "a growing technological and regulatory divergence".

Further, it said that research institutions' security should be beefed up to address the threat of foreign states stealing British intellectual property in current and future 5G research. ®


Biting the hand that feeds IT © 1998–2021