German Security Rulebook open Door to Huawei 5G
A new German security rulebook will not exclude Chinese telecoms equipment maker Huawei Technologies from supplying gear for the country’s 5G mobile networks, a senior government source said on Monday.
The ‘security catalogue’, due to be published this week, will confirm Germany’s decision to keep a level playing field for suppliers to next-generation telecoms networks, despite calls by the United States to ban Huawei.
Operators had warned that banning Huawei could add years of delays and billions of dollars in costs to rolling out 5G networks in Germany that could power super-fast home broadband, connected factories or, one day, self-driving cars.
“Germany’s approach did not and does not foresee any clause that would exclude any one company,” a senior government official told Reuters, speaking on condition of anonymity.
The federal network regulator and cybersecurity watchdog have been working to finalize the rulebook after setting basic criteria in March on technical standards and governance at suppliers.
Network operators, all of them Huawei clients, have opposed Washington’s calls to ban Huawei on concerns that its kit may contain ‘back doors’ open to cyber spies and that under Chinese law it must collaborate in state espionage efforts.
The company denies the allegations. The United States imposed export sanctions on Huawei in May, hobbling its smartphone business and raising questions over whether it can maintain its lead on the global telecoms equipment market, where it has a 28% share.
The European Union last week warned of the risk of increased cyber attacks to next generation 5G mobile networks by state-backed entities, but a report compiled by member states stopped short of naming China as a threat.
Network operators Deutsche Telekom, Vodafone, Telefonica and Deutschland would be required to identify and apply enhanced security standards to critical network elements, the Handelsblatt daily reported on Monday, citing the draft rulebook.
More broadly, vendors should be certified as trustworthy, giving customers legal recourse to exclude them and seek damages if proof is found that equipment had been used for spying or sabotage.
Certification of critical equipment would meanwhile have to be obtained from Germany’s cybersecurity authority, the Federal Office for Information Security.