National Cyber and Information Security Agency

The European Commission Warns of Dependence on Risky 5G Technology Providers

July 24, 2020

Today, EU member states and the European Commission issued their preliminary report about fulfilling the so-called EU 5G toolbox. This is a set of tools representing a common approach by EU member states to securing future 5G networks specifically founded on the objective evaluation of risks associated with the coming of 5G networks and adequate measures with the goal of reducing these risks. According to the Commission, all member states took specific steps to raise the level of security, which demonstrates their willingness to move forward in a coordinated way on a pan-EU level while also stating it is necessary to immediately begin reducing the risks of dependence on a single vendor and to accelerate the setting of processes for screening direct foreign investments.

The EU 5G toolbox was published at the end of January and shows the agreement among the member states with the European Union Agency for Cybersecurity (ENISA) on the need for building secure 5G networks. Individual measures within this document are based on, for example, creating risk profiles of individual technology suppliers and the creation of specific measures that will prevent the participation of suppliers that are deemed to be highly risky. Another significant risk the toolbox identifies is being dependent on a single supplier. The specific form and speed of the measures are implemented is the responsibility of the individual member states.

The current report maps the advances the individual member states have made in adopting the necessary measures. The main advances came in increasing the powers of the national regulators so they can better assure the cybersecurity of 5G networks. The Commission sees similar advances in measures that will limit infrastructure suppliers’ access based on their risk profiles. Contrarily, more must be done to mitigate risks from a single supplier or in setting foreign direct investment screenings.

“From my point of view, it’s key that the European Commission is supporting an identical approach to what the Czech Republic has backed for some time. That means an approach based on risk evaluation while also advancing the implementation of the EU 5G toolbox as a clear signal of the efforts behind an EU-wide solution that the Czech Republic is also working towards,” NÚKIB Director Karel Řehka said of the European Commission’s report.

The Czech Republic is also not lagging behind in another area listed in the EU 5G toolbox: screening foreign direct investments, the oversight of which is the responsibility of the Ministry of Industry and Trade. “The ministry is intensively working on implementing a national mechanism for screening foreign direct investments. It has created a bill on its implementation that has already passed the first parliamentary reading. The legislative process will continue at the beginning of September. We are also working on joining a system of European cooperation in this field that will formally begin in October this year,” deputy head of the European Union and Foreign Trade Department at the Ministry of Industry and Trade Martina Tauberová said.

The toolbox is a fundamental EU document about 5G network security. The Czech Republic and France took the dominant role in preparing it. “Together with our colleagues within the French Agence nationale de la sécurité des systèmes d'information (ANSSI), we had the chief role in preparing the toolbox. I’m not exaggerating when I say it was thanks to the Czech Republic that the risk evaluation of technology suppliers for 5G networks including non-technical parameters, such as trust in the particular supplier, got into the final document,” said Czech Cyber Attaché at the National Cyber and Information Security Agency Lukáš Pimper, who was responsible for this process in Brussels.

In the conclusion to the report, the Commission also emphasizes that assuring the resilience of 5G networks is absolutely necessary for our society as this technology will have an influence on electronic communication and other important sectors, such as energy, transportation, finance, and healthcare. It will also allow for greater automation of industry than is possible today.

Czech Republic, US Want to Cooperate on 5G Network Security

May 7, 2020

On May 6, 2020, Czech Prime Minister Andrej Babiš and US Secretary of State Mike Pompeo signed the Mutual Declaration on 5G Network Security that included the goals of working together to increase the security of future fifth generation networks; creating mechanisms for finding reliable and trustworthy suppliers of software and hardware; protecting communication networks from possible violations and manipulation; and especially to provide citizens with protection of their privacy and individual rights.

As both leaders said, future 5G networks will allow for unprecedented development of new services and technologies, but they will also offer services necessary for the operation of states and often for the protection of the lives and health of inhabitants.

The goal of the declaration is to build 5G networks together so they are protected from unauthorized access and possible attack while also providing citizens with protection of their privacy and basic rights.

“5G networks are not just a huge opportunity to develop and modernize the economy and society, but also a series of security challenges. 5G networks will be a global phenomenon, which is why the state has to cooperate with partners within the EU, NATO, and other organizations in assuring security. The signature of the Czech-US declaration will greatly contribute to this goal just like last year’s announcement of the Prague Proposals or the European 5G Security Toolbox, which the Czech Republic played a pivotal role preparing. I’m proud that thanks to the NÚKIB’s contribution, the Czech Republic is seen abroad as a significant and respected partner in the area of cybersecurity,” NÚKIB Director Karel Řehka said.

The declaration is an extension of a number of documents that were adopted at the European Union level. These include the 5G Security Toolbox, which was adopted by the EU at the beginning of this year and which the Czech Republic significantly contributed to. Another document is the Prague Proposals announced at the Prague 5G Security Conference that took place on May 2-3, 2019, in Prague under the auspices of Czech Prime Minister Andrej Babiš. These documents, just like the newly-signed declaration, emphasize the need to build and implement 5G networks based on free and fair competition, transparency, and the rule of law.

According to the declaration, the following is especially important to evaluate:

    Whether the supplier is not under excessive foreign influence without the opportunity for independent legal review;

    Whether the supplier has a transparent ownership structure, traceable commercial relationships, and a standard management structure;

    Whether the supplier commits to regularly innovating its products and whether it respects intellectual property rights;

    Whether the hardware and software supplier acts in accordance with ethical standards for corporate behaviour and whether they are part of a legal environment that demands corporations behave transparently.

Representatives of both countries also declared the process of selecting trustworthy suppliers will not only contribute to increased national security, but it is also an opportunity for the further development and innovation in the private sector. Both countries also expressed support for further discussions about the security of 5G networks within NATO.

The National Plan for Cybersecurity Research and Development Up to 2020 Approved by the Cybersecurity Council

May 19, 2020

The Cybersecurity Council approved the National Cyber and Information Security Research and Development Plan to 2020. The national plan sets information and cybersecurity research priorities whose stable support is a key prerequisite for fulfilling the NÚKIB’s tasks in light of the state’s current and future needs. These are research topics that include protecting critical information infrastructure elements, maintaining the security and integrity of information in communication systems, and cryptological defence.

The national plan also sets five development goals including specific tools that will contribute to more intensive cooperation between the public, private, and academic communities for the overall development of the cyber and information security research and innovation environment. In terms of international cooperation, NÚKIB will develop contacts with leading foreign entities and become an active participant in mutually organized cybersecurity research and development at the EU level.

The national plan was created in close cooperation with the public, private, and academic communities with the goal of assuring the widest-possible agreement on the contents of this document.

Documents for download: https://www.nukib.cz/cs/informacni-servis/publikace/

Contact:

Mgr. Luboš Fendrych

Research and European Cooperation Unit

Education, Research, and Project Department

National Cyber and Information Security Agency

e-mail: l.fendrych@nukib.cz

tel.: +420 245 004 320

€36 Million to Digitally Connect Europe

    July 23, 2020

The Connecting Europe Facility (CEF) is nearing completion. The final challenge of the CEF Telecom working challenge was opened for submissions of proposals for cybersecurity, digital capabilities, and eHealth programmes on June 30.

The CEF Telecom programme aims to ease cross-border interaction between public administration bodies, companies, and citizens using digital infrastructure services.

The goal of the cybersecurity challenge is to strengthen cooperation in resolving cybersecurity incidents, cybersecurity certification, building common resources, and supporting the implementation of security measures among basic service operators. It will be possible to submit proposals through a web-based form from June 30 to November 5, 2020.

The procedure for submitting projects, the selection process, and the subsequent co-financing is described on the website.

Subsidies reaching up to 75% of recognized costs are planned for selected projects. The challenge has a total financial allocation of €10 million. Public administration bodies that can compete for financial support are defined for every goal in the cybersecurity challenge. You can find more information about the challenge  here.