New cybersecurity measures for Irish 5G networks may ban ‘high-risk’ firms

24 Nov 2021

Image: © Song_about_summer/Stock.adobe.com

Proposed legislation could see ‘high-risk’ vendors excluded from ‘critical’ communications networks in Ireland.

The Government has agreed on new measures to enhance the security of Ireland’s electronic communications, including 5G networks.

It has used the EU 5G security toolbox, published in January 2020, as the framework for these measures, which aim to mitigate the cybersecurity risks linked to 5G networks and develop a coordinated approach to improving network security.

The Government also plans to introduce legislation that will allow the Minister of the Environment, Climate and Communications to assess providers of electronic communications network equipment. This assessment will create a risk profile and designate certain companies as “high risk”, if necessary.

The legislation could lead to certain electronic communications networks being designated as “critical” for Ireland, and ensure that high-risk vendors are not used in those networks in order to maintain security in important areas.

It comes after the UK banned Huawei from its 5G networks last year following a security assessment.

No companies have been singled out by the Irish Government and it said its assessment of network providers and vendors will follow clear objective criteria, such as those recommended in the EU 5G Security Toolbox.

A consultation on the planned Electronic Communications Security Measures (ECSMs) has been launched for stakeholders. These measures will have to be implemented by public electronic communications networks and publicly available electronic communications services, to ensure the security of Ireland’s network infrastructure.

The consultation will be open until 14 January 2020. It is designed for relevant third parties who will be directly affected such as providers, equipment manufacturers, suppliers and cybersecurity professionals.

The legislation will be drafted after consultations are considered and a regulatory impact assessment is planned for early 2022.

The Department of the Environment, Climate and Communications has been working with Ireland’s National Cyber Security Centre over the past year to address cybersecurity concerns highlighted through the European risk assessment process.

The 10 ECSMs drafted so far focus on areas such as risk management, physical security, supply chain security and training.

A recent report claimed that cybercrime cost the Irish economy €9.6bn last year, with ransomware accounting for €2bn of the total figure.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com