Member States published a joint report on 5G toolbox implementation

ENISA and the European Commission published a joint report describing the progress in the implementation of 5G toolbox in Member States.

The 5G toolbox was published on 29 January 2020. It contains a common approach to an objective assessment of identified risks and proportionate mitigating measures. Following the release of the toolbox, the Member States started to implement individual measures based on national risk assessments, thereby supporting and demonstrating their commitment to the coordinated approach to address the security of 5G technologies.

For each of the toolbox measures, a joint report identifies the process and development. It shows the measures that have been already implemented, and also those which are in the process to be addressed. The report is an anonymised set of data, however, it also contains examples of the implementation of individual measures at the level of individual Member States.

The toolbox contains strategic measures (e. g. strengthening the national authorities), and also non-technical measures that serve to reduce risks in the operation and implementation of 5G technologies:

• SM01 – strengthening the regulatory authorities: a measure aimed at establishing a legislative and procedural framework that will ensure stronger powers for regulatory authorities, in particular in the security of critical and sensitive parts of 5G technologies, in implementation and interconnection security, the security of supply chain, also including the perspective of risks for national security,
• SM02 – audits: the toolbox also introduces a measure concerning the obligation to undergo an audit of individual operators, while this measure is implemented in most countries (including Slovakia) due to the transposition of the NIS Directive,
• SM03 – restrictions for high-risk suppliers: this measure refers to the creation of a framework for assessing suppliers on the basis of their risk profile (in compliance with the risk factors identified in the EU coordinated risk assessment, complemented by national requirements), which means that the process for assessing suppliers on the basis of risk criteria must be set up,
• SM04 – measures for managed service providers: this measure aims to create a regulatory framework to identify restrictions of selected activities and conditions under which the operator can outsource selected functions to managed service providers, especially in  outsourcing of security functions,
• SM05 – diversity of suppliers: the aim of this measure is to ensure the diversity of suppliers for each operator through an appropriate multi-vendor strategy and to avoid dependency on high-risk suppliers,
• SM06 – strengthening resilience at national level: a measure aimed at strengthening the resilience of 5G services at national level by reducing the likelihood of the same problems for all operators at the same time,
• SM07 – identifying key assets and enforcing a diverse and sustainable 5G ecosystem in Europe: this measure is based on screening of foreign direct investments in the 5G value chain,
• technical measures: these measures are aimed at strengthening the security of the implementation of 5G technologies and services at technical level, which means for example, better physical security, appropriate access policies or cryptographic measures.

The report also recommends that Member States exchange more information on solutions and examples of best practices on the implementation of the toolbox, as well as continue to assess its implementation and to co-operate further with the Commission.

Both ENISA and the European Commission will continue to co-operate with Member States, monitoring the implementation of individual measures from the toolbox and their effective and consistent application.

« Späť na zoznam