Search This Blog

Monday, May 18, 2020

5G and security: security of networks and equipment and security of mind

The Fifth Generation (5G) technology is expected to potentially affect almost every aspect of citizens' lives. Compounding this, the less centralised architecture of 5G networks , due to its features, requires smart computing power and the need for more antennas and increased dependency on software to protect 5G networks from vulnerability to cyber-attacks. Therefore, ensuring the security of the European Union’s 5G networks is of utmost importance for all countries and the union. In this process, operators are largely responsible for the secure rollout of 5G, with Member States responsible for national security, while network security is of strategic importance for the entire EU. The purpose of the EU toolbox on 5G Cybersecurity is to identify a coordinated European approach based on a common set of measures, aimed at mitigating the main cybersecurity risks of 5G networks. The short and long term objective will be to help Europe remain one of the leading regions in the 5G deployment. 
In order to insure this, the toolbox would rely on the coordinated risks assessment report based on the results of the national cybersecurity risk assessments carried out by all EU Member States. The report outlines the main threats and threats actors, the most sensitive assets, the main vulnerabilities (including technical ones and other types of vulnerabilities) and a number of strategic risks. The document also enlists a number of important security challenges that are likely to appear or become more prominent after 5G transformations. These hazards are predominantly linked to: key innovations in the 5G technology, in particular the important part of software and the wide range of services and applications enabled by 5G; the role of suppliers in building and operating 5G networks; and the degree of dependency on individual suppliers. For each of the nine risk areas identified in the EU coordinated risk assessment report, the toolbox should provide risk mitigation plans. The latter consist of possible combinations of strategic and technical measures.
Being an instrument for action, the toolbox recommends a set of key activities for the Member States and/or the Commission. In particular, Member States agreed to ensure that they put in place measures to respond appropriately and proportionately to the risks already identified as well as possible future risks, to strengthen security requirements for mobile network operators; assess the risk profile of suppliers; ensure that each operator has an appropriate multi-vendor strategy to avoid or limit any major dependency on a single supplier (or suppliers with a similar risk profile); and ensure an adequate balance of suppliers at national level and avoid dependency on suppliers considered to be of high risk.
The development of the coordinated EU approach on 5G cybersecurity counts on the strong commitment by both Member States and the Commission to use and fully implement recommended measures. At the same time, the roll-out and operation of 5G networks is a matter of national security. In respect to this, Member States can go further than what is proposed in the toolbox should they find out a need to do so.
The EU toolbox directs that vendors assessed as high-risk based on factors including country-specific threat assessments be subject to “necessary exclusions [from] key assets defined as critical or sensitive.” In practice, this approach does not exclude any company outright but offers solutions to manage risk imposed by the politics of a vendor’s home jurisdiction. The UK, for instance, applies political, not just technical, criteria to determine the extent to which a company should be allowed involvement in 5G networks. The U.K. framework, in particular, defines Huawei as a “high-risk vendor,” taking into account China’s legal system and past cyberattacks by the Chinese state. High-risk vendors are restricted the network’s “edge,” and even that presence is capped at 35 percent. 
According to the Polish Digital Minister Marek Zagórski, Poland, a close ally of the United States, will also introduce tougher controls that would "limit the use of [telecom equipment] vendors who are suspicious or who are not necessarily trustworthy, or who do not stick to the security standards". To this end Poland has signed an agreement with the U.S. government pledging to only allow "trusted" suppliers into 5G networks. The objective is to keep Chinese suppliers away from the national market. To strengthen its executive power the agreement is being "translated into legal provisions."
Estonia and Romania signed similar deals with the U.S. government when Washington sought to have Huawei banned from the European 5G market in the past year.In their joint declaration US and Estonia stressed that a careful and complete evaluation of component and software providers was essential to guarantee “a robust and comprehensive approach to network security”.
Getting back to the Polish approach to 5G infrastructure, it is evident that the state takes all challenges related to these networks very seriously. Fifth-generation cellular network technology has only recently arrived in Poland, but given to the fast spread superstitions that precede its introduction, the Polish Digital Affairs Ministry has decided to publish a white paper on “Electromagnetic Fields and the Human Being” to disqualify false claims and harmful misconceptions. The document, edited by the National Institute of Telecommunication and Medical School students of Jagiellonian University “will help everyone understand what an electromagnetic field is and how can it be utilised for the good of Poland.” The White paper consists of four sections, three of which answer the most frequent questions regarding electromagnetic waves. The last part explains the relationship between electromagnetic fields and telecommunication, formulating, in particular, what the 5G is. Communication aspects are treated in a multidisciplinary manner, combining physics, biology, and medicine, and Polish and international legal perspectives. The publication debunks the myth that the radiation of cellular telecommunication is as harmful as radioactivity. In addition, the White paper emphasizes the revolutionary impact 5G may leave on the economy and society as a whole.
Compiled by Media 21 from


Friday, May 8, 2020

Contact-tracing apps in the situation of COVID-19 pandemic: pros and cons


The most important thing in a pandemic is to keep reasonable social distancing and to apply preventive measures. Contact-tracing apps are designed to automatically alert people to whether they are at high risk of having the COVID virus. In order to detect a possible risk of infection,   contact tracing application being a mobile phone application using Bluetooth can establish the location of individuals. Location indications are based on the proximity of individuals who have been diagnosed positive of the Covid-19 virus. The application does not bring individual benefits but in return for using it, persons can contribute to a public health outcome. The value of the public outcome needs to be made clear to the public to facilitate important and informed debate. 
Apple and Google propose a "decentralised" approach to contact tracing apps. The approach allows the contacts to be indicated on users' handsets. The tech giants believe their effort provides greater privacy, in contrast to the centralized mode, which limits the ability of either the authorities, or a hacker to use the computer server logs to track specific individuals and identify their social contacts.
NHSX, the unit with responsibility for setting national policy and developing best practice for the National Health Service (NHS) technology, digital and data, including data sharing and transparency in Great Britain, has, however, decided to create its own app, and not rely on APIs from Google or Apple (a strategy employed by other European countries: Switzerland, Estonia and Austria's Red Cross, as well as a pan-European group called DP3T). NHSX believes a centralised system will give it more insight into Covid-19's spread, and hence how to improve the app accordingly.  According to Prof. Christophe Fraser, one of the epidemiologists advising NHSX spoken to the BBC, "one of the advantages is that it's easier to audit the system and adapt it more quickly as scientific evidence accumulates." For its part, the European Commission has indicated that either model is acceptable. Dr. Michael Veale of the DP3T has commented that "All countries deploying an app must put adoption at the front of their mind, and if it doesn't work well or significantly depletes battery life, then that may act as a deterrent, particularly for those with older phones." 
Against the background of this technological debate, British privacy experts and academics have expressed grave concerns about the proposed NHSX COVID-19 contact tracing app.  A public letter to the government, signed by 117 experts and organised in part by Eerke Boiten, professor of cyber security at De Montfort University, raised an admonition against the governmental plan. Scientists and researchers, working in the fields of information security and privacy, urged specialists from all relevant academic fields to analyse comprehensively the health benefits of such digital solution and to find sufficient evidence that it is of value to justify the dangers entailed.
One of the major concerns is that the new technology would enable (via mission creep) a form of surveillance. Scientists insist that experts have to be sure they have not created and installed a tool that enables data collection and surveillance on the population, or on targeted sections of society. Scientific experts have stated that solutions which allow reconstructing invasive information about individuals must be fully justified. Such invasive information could include the "social graph" of individuals who have physically met over a period of time. With access to the social graph, a bad actor (state, private sector, or hacker) could spy on citizens' real-world activities. In addition, signatories of the letter hold that the usual data protection principles should apply: to collect the minimum data necessary to achieve the objective of the application. They furthermore claim the data protection impact assessment (DPIA) for the contact tracing application should be published immediately, prior to safeguards being put in place, rather than just before deployment, in order to enable a public debate about its implications and allow public scrutiny of the security and privacy safeguards. 
The system must show it will do what it is supposed to do in order for people to trust it. By this, experts mean the reliability of the whole system, including the people within it and not just the technological element. Trustworthiness requires specialists to predict the risks that could happen in order to stop unintended uses and harms that could undermine the good idea behind any model. Thus, a combination of law, regulation, oversight, enforcement and technical design should be put in force.
Compiled by Media 21 Foundation from








Wednesday, May 6, 2020

COMPACT 1st ONLINE SYMPOSIUM 5W on 5G – Multidisciplinary online symposium responding to the public demand on 5G information




We would like to invite everybody to join the first comprehensive, international COMPACT symposium on 5G that will take place on the 14th of May 2020. The registration for this important event is free of charge and enables you to directly interact with the panelists and speakers. Your questions and comments will be addressed by the speakers in real-time. Your feedback is of great value to us and any comments and inputs will be considered as an important asset from the symposium.

The fast-paced technology evolution pushed humankind out of its comfort zone. Insecurity and anxiety caused by the unknown had affected all of us, including researchers, academics, policy makers, industry and many individuals that are still coping with embracing existing gadgets in day to day life. Reaching 5G milestone added a new set of challenges, questions and thirst for information that is missing. As a research project with focus on effects of media convergence on social, political and economic life, the COMPACT team felt obliged to address some of the controversial issues related to 5G in a manner not often seen in the academic community.

The “5W on 5G” symposium we will answer the 5W Questions: Who? What? Where? When? Why? about 5G- 5th generation wireless technologies.  In the symposium we will introduce a broad audience to basic concepts from the radio-communication domain; we will describe the technological progress in the last decade and discuss the opportunities and challenges that accompany the full 5G implementation, and finally, respond to the question whether and why we need 5G at all! Our comprehensive elaboration will be followed by a discussion over “the clash of the titans” in industry standardization processes and health & safety regulations with emphasis on the specific unique properties of the emerging 5G networks. Finally, “5W on 5G” will directly confront speakers with some of the most controversial questions in the light of the recent accusations, and disinformation online that led to many cases of public scrutiny of 5G network expansion. Respective participants will also look “beyond the curtain” and try to imagine the 5G and the world of the future powering it and elaborate upon both utopian and dystopian scenarios.  Our goal is that no position or idea, even the most unexpected and revolutionary, shall be missed in the experts’ debate.  

The symposium will be hosted on the 14th of May from 12:30PM GMT – 16:00PM GMT and it will be realized as an online webinar and delivered via the popular ZOOM platform with about 15 presenters and up to 270 registered participants.  The working language of the webinar is English, and translation will not be provided at this stage. The symposium will also be live streamed via Facebook (https://www.facebook.com/compact.media.eu) for broader audience and additional feedback. Moreover, a dedicated Virtual Reality space has been created using free, Open Source, Mozilla Hubs solution (https://hub.link/M4teCU2) – you can join directly via browser on your PC, Mac or mobile as well as with popular VR headsets. That space will host an optional COMPACT reception event after the symposium is concluded so that the discussions can continue. We will also connect ZOOM platform to the VR space during the event so that VR participants can also engage with the speakers.

If you would like to speak at our symposium or should you have any questions or requests, please do not hesitate to contact our staff Oles Kulchytsky (o.kulchytskyy@gmail.com).
Otherwise, if you wish to join as a “5W on 5G” participant please register as soon as possible – the number of tickets is limited: https://www.eventbrite.com/e/104487793804

Sincerely,
COMPACT Team