"Europe faces increasingly sophisticated hybrid attacks on every area of its infrastructure, the EC claims. The revised Cybersecurity Act looks to address this with union-level risk assessments, combined with targeted mitigation measures that will include bans on IT components from "high-risk suppliers." The suggested timeframe for this could leave member states with as little as three years to remove non-compliant kit."
"In mid-2023, former European Commissioner Thierry Breton said telecoms equipment from firms including Huawei and ZTE should be banned throughout the EU amid fears the tech could contain backdors, allowing Beijing to remotely access it for espionage purposes or to disrupt networks. Plan were announced to remove the gear from the Commission's internal networks. In the same year it emerged that Huawei had supplied nearly 60 percent of the telco equipment used in Germany's 5G networks."
"This is seen as the Commission finally cracking down on member states that have for years declined to take any kind of action against suppliers deemed to be a potential security risk, and imposing Europe-wide rules regarding which companies and products should not be trusted. Huawei has always strongly denied its products represent a security threat, although critics counter that Chinese law requires its citizens and organizations to serve as covert operatives on behalf of the state if ordered to do so."
The European Commission proposes revising the Cybersecurity Act to counter growing hybrid attacks by introducing union-level risk assessments and targeted mitigation measures, including bans on IT components from identified high-risk suppliers. Member states could face removal deadlines as short as three years for non-compliant kit. The measures aim to enforce Europe-wide rules on untrusted companies and products and address supply-chain security in critical infrastructure. High-profile concerns focus on firms such as Huawei and ZTE, with calls to ban their equipment, debates over their prevalence in national 5G networks, and conflicting claims about security risks and legal obligations to state authorities. The EC also seeks simplified Europe-wide cybersecurity certification.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]