Experts called on 5G providers Friday to heed supply chain security in light of concerns about technology providers such as China’s Huawei, recently banned by the US government.
“The overall risk of influence on a supplier by a third country should be taken into account, notably in relation to its model of governance, the absence of cooperation agreements on security,” said a statement published by a 5G security conference in Prague.
“Security and risk assessments of vendors and network technologies should take into account rule of law, security environment, vendor malfeasance, and compliance with open, interoperable, secure standards and industry best practices,” it added.
Called “the Prague Proposals,” the non-binding statement also singled out the supplier country’s adherence to “multilateral, international or bilateral agreements on cybersecurity, the fight against cybercrime, or data protection” as a security criterion.
The United States has banned government agencies from buying equipment from Huawei over fears Beijing could spy on communications and gain access to critical infrastructure if the firm is allowed to develop foreign 5G networks offering instantaneous mobile data transfer.
Washington is adamantly opposed to Huawei’s involvement because of its obligation under Chinese law to help Beijing gather intelligence or provide other security services.
Europe in turn has been torn over its approach to the Chinese giant – while countries such as Britain and Germany have accepted its part in the construction of their networks, other countries including the Czech Republic have warned against Huawei.
In December, the Czech Republic’s National Cyber and Information Security Agency said Huawei’s software and hardware posed a threat to state security.
However, the EU member’s pro-Russian, pro-Chinese president Milos Zeman met a Huawei official in Beijing last week to express his solidarity with the telecoms giant, saying he lacked “material evidence” for the warning.
“We discussed a set of issues dealing with the problems arising from the vendors we have now rather than vendors we might like to have in the future,” said Ciaran Martin, head of Britain’s National Cyber Security Centre.
Chairing a working group dealing with security and resilience at the conference organised by the Czech government, Martin pointed out “the problem of vendor diversity”.
“There are a range of security challenges which we noted, sometimes they are issues of quality – poor engineering, poor security practices, there are issues and security requirements arising from the need of the vendors to access the operator’s network,” he said.