Countries agree on 5G security in Prague

'5G' as a logo superimposed on blurry image of people (© Manu Fernandez/AP Images)
(© Manu Fernandez/AP Images)

Countries must consider security when evaluating 5G telecom vendors, concluded an international gathering on May 3.

Government officials from 32 countries, the European Union and NATO participated in the Prague 5G Security Conference, hosted by the Czech Republic. The resulting cybersecurity framework, known as the Prague Proposals, is a set of recommendations for nations to consider as they design, construct and administer their 5G (fifth-generation) telecom infrastructure.

“We need to raise the awareness of the complexity of cybersecurity and 5G among political leaders, experts and also [the] wider public,” Andrej Babiš, the prime minister of the Czech Republic, said in opening remarks. “We need to get 5G right and show responsibility to our citizens and companies alike. 5G is not a one-time business competition. It is a process, where cybersecurity must be a priority from the outset.”

Many countries are currently studying how to build out their future 5G infrastructure, including hardware such as new towers, antennas and servers. Increasingly, they are recognizing the importance of ensuring these systems are secure.

“5G will have a transformational impact. It will affect our militaries, our industries, our critical infrastructure (from ports to electric grids), our entrepreneurs and much more,” said Ajit Pai, the chairman of the U.S. Federal Communications Commission. “5G security issues need to be addressed upfront. Making the right choices when deployment is beginning is much easier than trying to correct mistakes once network construction and operation is well underway.”

The United States is particularly worried about companies under unchecked or extrajudicial
control by a foreign power that could direct that vendor to break host-country laws or
undermine its security.

Though no company or country was mentioned as being a particular security risk at the conference, the United States has separately warned allies about the danger of using equipment from Chinese companies like Huawei Technologies Company or ZTE Corporation to build their countries’ telecom infrastructure. This is because China’s laws, including its National Security Law and National Intelligence Law, compel companies to cooperate with Chinese intelligence agencies.

On April 4, U.S. Secretary of State Mike Pompeo related the danger of technology provided by companies that are “deeply connected to their own government who would be willing to act at the behest of their government.”

The Prague Proposals state that cybersecurity is not just a technical issue but also includes the “specific political, economic or other behaviour of malicious actors” and that “the overall risk of influence on a supplier by a third country should be taken into account.”

In a statement, the White House said that the Prague conference “was an extremely productive meeting on the need for secure telecommunications networks.”

“The United States welcomes [the Czech Republic’s] leadership and supports this initiative to create nonbinding principles on 5G network security that will drive global conversations on this issue,” said the U.S. Department of State’s cyber diplomat, Robert Strayer. “Since 5G networks will begin to touch every aspect of our lives, the stakes could not be higher.”