BRUSSELS — The European Union warned on Wednesday of increased cyber attacks by state-backed entities and groups from outside the EU, saying it was crucial to assess the risks posed by telecoms equipment suppliers with a significant market share in the bloc.
The comments came in a report prepared by EU member states on cybersecurity risks to next-generation 5G mobile networks whose timely launch is crucial to the bloc's competitiveness in an increasingly networked world.
While the report does not name any country or company, observers have frequently cited China and the world's biggest telecoms equipment vendor, Huawei Technologies, as potential threats.
"Among the various potential actors, non-EU states or state-backed are considered as the most serious ones and the most likely to target 5G networks," the European Commission and Finland, which currently holds the rotating EU presidency, said in a joint statement.
"In this context of increased exposure to attacks facilitated by suppliers, the risk profile of individual suppliers will become particularly important, including the likelihood of the supplier being subject to interference from a non-EU country," they said.
The U.S government wants Europe to ban Huawei's equipment because it says this can be used by Beijing for spying, something the company has repeatedly denied.
Britain, a close U.S. ally, has yet to take a final decision on Huawei's role in future 5G networks. Its National Security Council decided in principle in April to block the Chinese vendor from critical parts of networks.
EU heavyweight Germany is, meanwhile, creating a level playing field for 5G in which all foreign vendors should prove that they are trustworthy.
Fifth-generation networks will hook up billions of devices, sensors and cameras used in futuristic 'smart' cities, homes and offices. With that ubiquity, security becomes an even more pressing need than in existing networks.
The report also warned against over-dependence on one telecoms equipment supplier.
"A major dependency on a single supplier increases the exposure to a potential supply interruption, resulting for instance from a commercial failure, and its consequences," they said.
"It also aggravates the potential impact of weaknesses or vulnerabilities, and of their possible exploitation by threat actors, in particular where the dependency concerns a supplier presenting a high degree of risk."
Huawei's main competitors are Finland's Nokia Finland and Ericsson of Sweden.
Many European network operators already have multi-vendor strategies, which they say reduces the security risks that might arise from relying too heavily on a single provider.
Deutsche Telekom, which sources network gear from Huawei, Ericsson, Nokia and Cisco, said last year it was reviewing its procurement policies but has so far announced no change. The EU will now seek to come up with a so-called toolbox of measures by the end of the year to address cybersecurity risks at national and EU level.
The European Agency for Cybersecurity is also finalizing a map of specific threats related to 5G networks.
(Additional reporting by Douglas Busvine in Berlin; Editing by Alex Richardson and Keith Weir)