The commission’s work on 5G “was developed based on constant information, that is, from risk assessments carried out at the national and European level,” says an official source.
The work of the 5G Security Assessment Commission was based on national and European risk assessments and “in consideration” “relevant” rules such as those of Sweden and France, a source from the National Cybersecurity Center (CNCS) told Lusa.
Last week, the Security Assessment Committee, within the scope of the Higher Council for Cyberspace Security, announced the decision [https://www.gns.gov.pt/docs/cas-deliberacao-1-2023.pdf] on the “high risk” for the security of 5G networks and services in the use of equipment from providers that, among other criteria, are from outside the EU, NATO or the OECD and that “the legal system of the country in which that is domiciled or on “allows the Government to exercise control, interference or pressure over its activities that operate in third countries”.
Contacted by Lusa on the subject, an official source from the CNCS said that “all the work of the Commission, which is within the scope of ‘public electronic communications networks or electronic communications services accessible to the public'” of the Electronic Communications Law ( LCE), “they were developed on the basis of constant information, that is, of risk assessments carried out at national and European level”.
In other words, following Commission Recommendation (EU) No. 534/2019 of March 26, 2019, and the information issued by the Cooperation Group established under Directive (EU) 2016/1148 of the Parliament Council and Council of July 6, 2016 on measures to guarantee a high common level of network and information security throughout the European Union, adds the CNC.
“The evaluation took particular account of the methodology contained in the document ‘Cybersecurity of 5G networks: EU toolbox of risk mitigation measures’, adopted by the European Commission in its Communication of January 29, 2020 and by the Government in the Resolution of the Council of Ministers no. national telecommunications operators and the main equipment suppliers network in Portugal”, as stated in Law No. 16/2022.
Finally, it is also important to mention that the Applicable relevant regulatory frameworks and other public policy instruments of various countriesincluding Member States of the European Union with experience in the field of security of public 5G electronic communications networks and which have already implemented similar measures (Sweden, France, the Netherlands, Denmark, Latvia and Lithuania, in addition to the United Kingdom) added the National Cybersecurity Center.
The decision of the Security Evaluation Commission does not mention names of companies or countries, but the truth is that the case of Huawei comes to mind, specifically because the Chinese technology was prohibited in the 5G networks of other countries, including the United Kingdom and Sweden. .
The CNCS recalls that following “number 4 of article 62 of Law number 16/2022, of August 16, which approves the Electronic Communications Law, the Security Assessment Committee (Commission) was established, in the sphere of the Higher Council for Cyberspace Security”.
According to numeral 3 of said article, this Commission “is responsible for carrying out security evaluations in relation to the use of equipment in any electronic communications network, justified and based on objective security criteria based on relevant information issued by the authorities. competent nationals and the European Union. or contained in national or European risk assessments for network security”.
Numeral 5 of said article, refers to the CNCS, says that “as a result of the aforementioned security evaluation, the The Commission may determine the exclusion, the application of restrictions to the use or the cessation of the use of equipment or services, and must establish, where appropriate, a reasonable term for compliance, which means that the resolution is binding.
Since the publication of the diploma, “the Commission has been meeting to develop the aforementioned security assessment in relation to the use of equipment in public electronic communications networks of 5th Generation of telecommunications (5G) in Portugal”, having evaluated “the risks and the respective mitigation measures, which are reflected in the determination communicated to the public telecommunications operators, to Anacom [Autoridade Nacional de Comunicações] and published in place of the National Security Office”, he adds.
However, “from the application of the criteria contained in the first deliberation, it was considered that its result, since it includes information whose knowledge or disclosure by unauthorized persons may be unfavorable to the interests of the country and economic agents, constitutes information classified as RESERVED, in the national brand, under the terms of the Instructions for National Security, Safeguarding and Defense of Classified Matters, abbreviated as SEGNAC 1, approved by Resolution of the Council of Ministers No. 50/88, of 3 of December, modified by the Resolutions of the Council of Ministers No. 13/93, of March 6, and 70/2019, of April 17”, he concludes.
So far it is unknown if the companies subject to the deliberation are excluded, suffer restrictions or the cessation of their equipment or services and what is the application period.
Source: Observadora
