The highest priority is security, and the law and politics must be kept separate, say renowned lawyers.
The significantly faster, high-capacity, next-generation networks are becoming an increasingly important topic, particularly in light of the Covid-19 pandemic, which is connected with an increase in essential online activities. Inhabitants of parts of Prague and Kolín have had access to commercial 5G networks since the summer, and in October they were joined by customers in Karlovy Vary, Ústí nad Labem and Jeseník. Since November, Brno has also been covered. By the end of the year, 5G should be available to one-quarter of the population of both metropolises. However, the rapid and across-the-board deployment of new networks in the Czech Republic is still uncertain. After long delays, the auctioning of 5G frequencies is now finished, but the choice of 5G technology suppliers still remains a question for some.
“The need for fast, modern networks with a higher data throughput is growing, and if anything the pandemic could accelerate the construction of fifth-generation networks,” says Radoslaw Kedzia, Vice-President of Huawei for Central, Eastern and Northern Europe. However, in connection with the construction of 5G networks, he also emphasises the issue of security. To achieve it requires the involvement of all participants, so it’s a common matter for legislative and regulatory bodies, operators, suppliers, and the users themselves.
This topic was also addressed by a press conference organised by Huawei. It included an appearance by Mr. Petr Toman, JD, who presented a new study of the legal aspects of the construction and operation of 5G networks in the Czech Republic. Lawyers from AK Toman & Partners analysed relevant European and Czech legislation, in particular the method of assessing 5G network suppliers. They found that cybersecurity legislation in the Czech Republic has a good foundation. However, given the fact that a supplier risk assessment has not been established, or more precisely there is a lack of clarity on whether and how the criteria as per the EU toolbox will be implemented, it still has shortcomings which create uncertainty in the issue of 5G network development. The key to resolving the existing situation is transparent discussion between the state, operators, suppliers and the professional community, and above all a thorough separation of the political and legal assessments of supplier activity, as well as the technical and non-technical criteria. In the lawyers‘ opinion, the basis for any change in legislation should be evolution, not revolution. Supplier risk assessment should therefore remain primarily the operators‘ responsibility, in the sense of a risk analysis wherein the state stipulates minimum security standards for operators to comply with.
They mainly identified the issue of the legal assessment of a supplier’s risk profile, on the basis of non-technical criteria, as potentially problematic. Although they find the consideration of non-technical criteria to be legitimate, they point out that without specific circumstances being taken into account, their across-the-board application may result in the exclusion of a supplier who in the particular case doesn’t represent a risk for 5G network security.
They believe a suitable solution to this problem consists in the primary assessment of suppliers on the basis of technical criteria, along with the simultaneous preservation of the state’s option, in extraordinary circumstances, of excluding a supplier on the basis of a political decision. They see the proposed German model as an inspiration in this regard. “Every state’s priority is ensuring the security of the newly-constructed 5G networks. However, this does not mean that in doing so we should stop observing the basic principles of the rule of law when assessing suppliers who wish to participate in their construction,“ stated Mr. Petr Toman, JD, of AK Toman & Partners.
Like other representatives of the company, Radoslaw Kedzia points out that a breakthrough in the issue of 5G network security could be the NESAS (Network Equipment Security Assurance Scheme) certification scheme, which focuses on products and devices designed for 4th- and 5th-generation networks. This scheme is a standardised cybersecurity evaluation mechanism defined by the international organisation GSMA. The given scheme provides the entire sector with a framework of security guarantees, through which it helps increase the security level across the mobile industry, and is therefore common among all manufacturers who would like to integrate their solutions into the network. Given its focus on every product’s technical aspect rather than the supplier’s origin, NESAS could be the way to assess supplier security. At the same time, for the first time in history, it will provide manufacturers and operators with a single certification that does not result in increased costs. Auditors‘ reports will be available to operators without additional expenses. Therefore, this initiative can also be used by smaller operators who do not have sufficient resources. Information about who has undergone the certification process will be publicly available. Huawei technologies already fulfilled the conditions of the NESAS security certification scheme in August of this year. They thus confirm that the relevant devices comply with the requirements stipulated by the scheme relating to 5G network security and reliability.
As Radoslaw Kedzia points out, “An impartial approach to 5G network security, based on facts, will enable Europe to have a more secure and faster fifth-generation network, and it seems that neighbouring Germany will head in that direction. We want to collaborate with European and Czech institutions, as well as the private sector, on creating general standards and strengthening infrastructural security and reliability. Fair economic competition, non- discrimination and just conditions are the cornerstones of a prosperous society, in which, when it prospers as a whole, the individual citizen prospers as well. Excluding Huawei will not guarantee a more secure network; on the contrary, it will reduce competition in the market and increase the costs of building the 5G network. The security of any generation of network is always and only the responsibility of the operator, not the technology supplier.“