– by Andreas Rinke
Berlin (Reuters) – As early as 2021 there was a bitter debate in Germany, but also in other Western democracies, as to whether the products of Chinese high-tech companies should be installed in modern 5G mobile networks or not.
Now the discussion flares up again – also because of the “turning point” after the Russian attack on Ukraine and the sharper focus on whether democracies in sensitive technology sectors could be dependent on authoritarian governments. According to information from government circles, the federal government now wants to counter this danger with a three-pronged approach.
Firstly, what has already been built into the 5G network and what needs to be removed from it should be examined more critically than before. Secondly, the IT Security Act should be made more precise so that it becomes easier to handle. And thirdly, the government wants to extend the testing of security-related components to all areas of the critical infrastructure, far beyond the telecommunications companies.
TESTING THE 5G NETWORK
Even after the legal basis passed in 2021, telecommunications companies had to notify the desired installation of certain critical components in the 5G network. The network agency had presented a list of which parts of the network were classified as critical. So far, around 100 components from companies are said to have been reported, most of which are considered unproblematic according to information from government circles. However, there are some parts, such as control or network management elements, which are considered critical. The view on this has shifted with the technical development. While in 2021 it was sometimes still argued that a “core network” could be distinguished from a peripheral network with 5G, this distinction is now considered obsolete. In autonomous driving, for example, antennas now also communicate with each other and no longer just via a central unit.
In addition, the modern 5G network is based on the 4G network. There are 4G components that have received an update so that they can be used in the modern network – and are suddenly classified as more sensitive. However, there are apparently telecommunications companies that are already using such modernized products. It is precisely these parts that the government has in its sights when testing until the summer. In the fall, it could then come to the notice that companies have to remove individual parts from their network again.
The government also wants to get an overview of where companies may have become too dependent on a single supplier, such as a Chinese supplier. The government emphasizes that there can be no talk of a general expansion of Chinese components from the 4G network.
SPECIFICATION OF THE IT SECURITY ACT
A simplification of the rules in the IT Security Act is also being considered. According to information from government circles, this could mean shortening the two-month review phase for the large number of completely unproblematic applications. However, the passage could also be clarified in which it is clarified that companies under indirect or direct control of foreign governments are generally considered undesirable when supplying components.
As in 2021, it is not to be expected that the federal government will expressly mention China or companies such as Huawei or ZTE. This is difficult for legal reasons alone, because any decision to reject components from a company must, if necessary, also be valid in court, it is said. However, according to them, it is also very difficult for security authorities to prove, beyond the mere assumption, that certain Chinese manufacturers are installing backdoors in their products in order to allow unauthorized data to leak out.
OTHER CRITICAL INFRASTRUCTURE SHOULD ALSO BE TESTED
The third element should be the extension of the test procedures to other parts of the critical infrastructure. Because it is becoming increasingly obvious that not only the mobile network could be a potentially sensitive weak point. Whether Deutsche Bahn, banks, energy companies or hospitals – they all have their own communication systems in which sensitive hardware is installed and software is used. And here, as with the railways, there is a debate as to whether the use of Chinese technology increases the risk of manipulation. This is not limited to Germany either: the Australian government, for example, wants to have cameras, intercoms or electronic access systems made in China replaced in government buildings because it is afraid of espionage.
In the future, the federal government wants to have Germany check which components are actually used by which companies in the area of critical infrastructure. The aim is to avoid new dependencies and to identify security weaknesses. One problem with this: It must be avoided that authorities are inundated with a large number of advertisements from companies and can no longer keep up with the examination. Again, a general rule of excluding sensitive components from companies controlled by a foreign government could help, they say.
(Report by Andreas Rinke; edited by Kerstin Dörr. If you have any questions, please contact our editorial team at [email protected] (for politics and the economy) or [email protected] (for companies and markets).)
Leverage must be between 2 and 20
No data