In a series of publications, the European Commission lays the groundwork for future actions on securing the next generation of the digital infrastructure.
The European Commission (EC) focus on cybersecurity issues is leading to action on several fronts. The EC has set out a new EU Security Union Strategy for the period 2020 to 2025, published a report on the progress made in implementing the joint EU toolbox of measures to secure 5G mobile networks, and launched an independent study to analyse global 5G supply markets to address possible regulatory measures.
The Security Union strategy focuses on priority areas, where the EU can bring value to support Member States in fostering security. The issues addressed span from combatting terrorism and organised crime, to preventing and detecting hybrid threats and increasing the resilience of our critical infrastructure, to promoting cybersecurity and fostering research and innovation. The strategy lays out the tools and measures to be developed over the next 5 years to ensure security in our physical and digital environment. In the digital sphere, further actions include a review of the Network and Information Systems Directive (the main European cybersecurity legislation) by the end of the year, and an outline of strategic cybersecurity priorities to ensure the EU can anticipate and respond to evolving threats. The strategy proposes a Joint Cyber Unit as a platform for structured and coordinated action, in addition to expanding robust international partnerships to address cyber threats and promote EU standards. The EC will also look into the creation of a European Innovation Hub for internal security, and integrate the understanding of cyber security threats into the European Skills Agenda.
The toolbox report is more narrowly focused on securing 5G networks. EU Member States, with the support of the EC and ENISA, the EU Agency for Cybersecurity, looked at the progress made in implementing the joint EU toolbox of mitigating measures. The toolbox was agreed on by the Member States, and endorsed by a Commission Communication in January 2020. It sets out a joint approach based on an objective assessment of identified risks and proportionate mitigating measures to address 5G-related security risks. The implementation of the 5G cyber-security toolbox will ensure that 5G networks are sufficiently secure for such critical services as automated mobility and other industrial applications.
The newly launched independent study on supply markets concerns 5G more generally, and will identify possible policy measures for European authorities to address the risks and opportunities of developments in those markets. The outcomes may involve proposing measures such as stakeholder engagement, funding opportunities through European programmes, launching standardisation and certification initiatives, and regulatory measures. The upcoming European Partnership on Smart Networks and Services is expected to play a major role in shaping the technology agenda for 5G and later 6G systems, and the effective and timely implementation of the 5G cybersecurity toolbox will ensure that 5G networks will be sufficiently secure for such critical services.