We call on our European allies and partners to implement the EU recommendations by adopting strong, risk-based security measures that exclude high-risk suppliers from all parts of their 5G networks.
United States Welcomes the EU’s Acknowledgement of the Unacceptable Risks Posed by Untrusted 5G Suppliers
Michael R. Pompeo, Secretary of State
January 30, 2020
On January 29, the European Union (EU) Network Information Security Cooperation Group released a toolbox of recommended measures to mitigate security risks in 5G networks. The United States welcomes this initiative from Member States, the Commission, and the EU Cybersecurity Agency.
The Toolbox acknowledges that suppliers with high risk profiles (e.g., companies based in third countries that lack democratic checks and balances) should face additional restrictions. It calls on EU member states to exclude high risk suppliers from critical and sensitive parts of their 5G networks, which includes the Radio Access Network.
5G networks will touch every aspect of our lives, including electrical grids, autonomous vehicles, smart manufacturing, medical treatments, and personal data. Given that 5G will support these and other vital applications, the United States does not assess it is possible to adequately mitigate risk by limiting the role of an untrusted vendors to only certain parts of the network. All parts of future 5G networks should be considered critical infrastructure and each country should have measures in place to protect the safety, security, and privacy of citizens who rely on these networks.
The United States has taken steps to secure its own 5G networks by prohibiting untrusted suppliers, such as Huawei and ZTE, which are subject to the direction of the Chinese Communist Party. Our actions are in line with the EU’s assessment that 5G suppliers headquartered in countries without democratic checks and balances may pose an unacceptable security risk.
Each Member State will be responsible for protecting its network. It is misguided to think that the risks associated with installing equipment from suppliers subject to control by authoritarian regimes with a track record of malign cyber behavior can be mitigated. We call on our European allies and partners to implement the EU recommendations by adopting strong, risk-based security measures that exclude high-risk suppliers from all parts of their 5G networks.
We look forward to continuing to work with our allies and partners to build a more secure, prosperous, and vibrant 5G future.