EU struggles to balance Transatlantic ties with exposure to Huawei

Days after Italian Prime Minister Giuseppe Conte signed a memorandum of understanding with the Chinese president Xi Jinping in Rome, endorsing the global infrastructure-building scheme, the EU’s digital future could be shaped by the way its member states will accommodate Beijing in their plans.

5G networks, the next generation of mobile internet connectivity, offers faster speeds and more reliable connections. The EU institutions, and the bloc’s member states, believe there is “an urgent need to act to ensure that they are fully secure from the start”.

Currently, Huawei’s dominance on the sector is a problem for most countries as the company has been at the epicenter of a transatlantic dispute. As a number of EU members have opened their doors to the Chinese tech-giant and are already cooperating with Huawei, Washington’s is concerned that China’s participation would impede intelligence sharing between allies. The EU’s 28 members, whose future relationship may make the difference for the company’s presence to the continent, include Germany, the UK, and Poland.

The US Ambassador to Germany Richard Grenell has warned the German Economy Minister Peter Altmaier that security concerns could throttle intelligence sharing with Berlin if Huawei got a role in Germany’s 5G next-generation mobile infrastructure.

In a report published on 28 March by the UK’s National Cybersecurity Centre (NCSC) identified new “significant technical issues” which it says lead to new risks for UK telecommunications networks using Huawei kit. Britain has said that it could only provide “limited assurance that the long-term security risks can be managed in the Huawei equipment currently deployed in the UK”.

“HCSEC has continued to find serious vulnerabilities in the Huawei products examined. Several hundred vulnerabilities and issues were reported to UK operators to inform their risk management and remediation in 2018. Some vulnerabilities identified in previous versions of products continue to exist.”

The board also writes that it will require “sustained evidence” of better software engineering and cyber security “quality”, verified by HCSEC and the UK’s National Cyber Security Centre (NCSC), if there’s to be any possibility of it reaching a different assessment of the company’s ability to reboot its security credentials.

Meanwhile, Lithuania is keener to align with Washington after its State Security Department (VSD), published its annual National Threat Assessment. On its “Chinese Intelligence Services Expand Their Area of Interest in Lithuania,” chapter, concerns are raided about the activity of Beijing’s State Security Ministry as well as its military intelligence.

Presenting the report to the media recently, VSD Director Darius Jauniskis made an explicit reference to Huawei, even though two of three of Lithuania’s three telecoms companies use Huawei technology as the basis for their mobile networks, as does the country’s public broadcaster, LTR.

Measures and regulations rather than bans

The European Commission, as promised to the heads of state and government at the European Council of March, would air its measures after many countries expressed concerns about China. French President Emmanuel Macron said at the end of the Summit that there had been a “European awakening” about potential Chinese dominance on the continent, which can be seen as being led by Huawei’s dominant position in the 5G market.

The report by the Commission made refereences to oversight measures and regulations rather than banning Chinese companies from the development of 5G infrastructure, echoing the views of German Chancellor Angela Merkel who made clear that Germany will abide by its own security standards for a new 5G mobile network after Washington threatened to scale back data-sharing with Berlin if China’s Huawei was allowed to participate in the development of its network.

The Commission, as well as the leaders has identified the urgency of the matter, recommended that the bloc, after having assessed the risks, immediately take the measures to protect their 5G networks. In particular, these measures should include reinforced obligations on suppliers and operators to ensure the security of sensitive parts of the networks, according to the EU executive’s recommendations.

“We have an open market. Everybody who complies with the rules can access it. We have rules in place which address these issues. We have EU procurement rules in place and we have the investment screening legislation to protect European interests,” Nathalie Vandystadt a spokesperson at the European Commission for Digital Single Market told New Europe.

The Commission’s spokesperson didn’t fail to underline that the EU executive takes cybersecurity very seriously. “The Commission’s recommendation, presented on 26 March, will help the Member States implement these new instruments in a coherent manner when it comes to 5G security,” providing it helps them decide whether to exclude companies from their markets for national security reasons if they do not comply with the country’s standards and legal framework.

If the risk assessment identifies potential risks with certain suppliers, the countries may require that operators build their networks “in a way that limits their involvement in certain sensitive parts of the networks or that they have recourse to multiple suppliers instead of relying on a single one,” added the EU executive, but who failed to name Huawei throughout the report.

The EU may also to exclude certain suppliers from their market as this is a national prerogative.

The bloc has in parallel launched a coordinated process that should facilitate a common approach to risk assessment and measures as part of an objective to complete an EU-wide risk assessment by October 2019 and to identify a set of possible mitigating measures by December 2019.

This “is not about banning individual companies or targeting specific countries, but about making sure that the 5G networks are secure,” added the Commission, whose aim is also to “promote a coherent implementation of EU instruments such as the NIS Directive, telecoms rules, Cybersecurity act”, through specific guidelines that will mitigate risk on a national level, but always under and through EU-level coordination.