The European Commission (EC) has recommended a set of operational steps and measures to ensure a high level of cybersecurity of 5G networks across the EU. The recommendations are a combination of legislative and policy instruments meant to protect our economies, societies and democratic systems. With worldwide 5G revenues estimated at €225 billion in 2025, 5G is a key asset for Europe to compete in the global market and its cybersecurity is crucial for ensuring the strategic autonomy of the Union.
At national level, each Member State should complete a national risk assessment of 5G network infrastructures by the end of June 2019. Member States have also been urged to update existing security requirements for network providers and include conditions for ensuring the security of public networks, especially when granting 5G spectrum licenses.
At EU level, Member States should exchange information with each other and with the support of the Commission and the European Agency for Cybersecurity (ENISA), will complete a coordinated risk assessment by 1 October 2019.
The ETSI Technical Committee on Cybersecurity (TC CYBER) has released the first globally applicable cyber security standard for consumer Internet of Things (IoT) devices. The standards, ETSI TS 103 645, establishes a security baseline for internet-connected consumer products and provide a basis for future IoT certification schemes.
As more devices in the home connect to the internet, the cyber security of IoT is becoming a growing concern. ETSI’s new specification, TS 103 645, addresses this issue and specifies high-level provisions for the security of internet-connected consumer devices and their associated services.
The standard requires implementers to forgo the use of universal default passwords, which have been the source of many security issues. It also requires implementation of a vulnerability disclosure policy to allow security researchers and others to report security issues. As many IoT devices and services process and store personal data, this specification can help ensure that these are compliant with the General Data Protection Regulation (GDPR).
ETSI's Technical Committee on Cybersecurity (TC CYBER) has released a new specification to help secure sensitive data in virtualized environments. ETSI TS 103 457 tackles the challenge of secure storage - where organizations need to protect customer data when using a cloud that is not under their direct control.
The new specification TS 103 457 standardizes an interface between a "secure vault" that is trusted and a cloud that could be anywhere, where such sensitive data is stored in the vault. This allows a sensitive function to exist in a lower security environment, with data held securely. The interface can also be used to search databases that hold private data. Another feature defined in the specification is a logging function that allows queries of customer data to be audited, making it easier to detect data breaches, which in turn deters malicious activity.