A new report by the European Court of Auditors (ECA) raises concerns about delays to 5G network rollout in EU countries and questions whether the region is doing enough to ensure 5G network security.
European court of auditors flags up 5G delays amid security concerns
A new report by the European Court of Auditors (ECA) raises concerns about delays to 5G network rollout in EU countries and questions whether the region is doing enough to ensure 5G network security. The ECA points out that the European Commission wants to see uninterrupted 5G coverage in urban areas and along main transport paths by 2025, followed by 5G coverage of all populated areas by 2030. By the end of 2020, 23 member states had launched commercial 5G services and had 5G access in at least one major city. However, only 11 EU member states are likely to achieve uninterrupted 5G coverage in all their urban areas and along major terrestrial transport paths by 2025, according to the ECA report. "At the current pace of deployment, there is a high risk that…the 2030 [deadline] for the coverage of all populated areas will be missed by a majority of member states,” notes the ECA.
One issue is spectrum. Member states were supposed to make 5G spectrum in all bands available by 31 December 2020. However, by the end of October 2021, the assignment rate stood at only 53%, according to the report.
The ECA gives a number of explanations for the low assignment rate. One is a lack of telco demand for new 5G spectrum. There are also cross-border coordination issues with non-EU countries and the impact of Covid-19 on auction schedules. And then there is uncertainty over how to deal with security issues, according to the ECA.
5G provides a larger attack surface than 3G or 4G telecoms systems and depends on software, making it potentially easier for hackers to compromise core functions and disrupt services or seize control of critical infrastructure, including cross-border infrastructure such as energy grids, says the ECA.
In particular, the report highlights the risks involved in having only a limited number of vendors involved in building and operating 5G networks. “This increases the exposure to potential disruption of supply when there is dependency on a single vendor – particularly if this vendor presents a high degree of risk – such as by being subject to interference from a non-EU country,” says the ECA, which calls for a concerted approach to 5G security among EU member states.
In January 2020 the EU adopted a toolbox on 5G cybersecurity, which includes restrictions on high-risk vendors. But it came after a number of operators had begun 5G network deployments. And although “progress has been made to reinforce the security of 5G networks with a majority of member states applying or in the process of applying restrictions on high-risk vendors”, the auditors point out that none of the measures put forward by the EU are legally binding.
“It’s entirely plausible that security concerns are inhibiting 5G uptake in the EU. It is certainly a topic we hear a lot about from the telecoms IT vendor community, reflecting their communications service provider (CSP) customers’ demands,” says Dean Ramsay, Principal Consultant at TM Forum. “Moving critical services over to 5G, such as emergency services, means that any malicious attack on those networks could have some really disastrous real-world impacts.”
However, CSPs also have to weigh up the extent to which 5G investment is currently warranted, says Ramsay, who believes the market is likely to shift towards greater 5G deployment as 5G SA takes off.
“Gunning for full 5G coverage in their home markets just doesn’t make financial sense for many operators at the moment,” believes Ramsay. “Sweating existing LTE investments for a little longer is more financially prudent, especially on the consumer side of the business. Once 5G SA gets going, the return-on-investment models for 5G will look a little more attractive and we’ll probably see a fresh wave of impetus then.”