27 Apr The new 5G Cybersecurity Law in Spain: what is it and what does it mean
5G technology is set to be a disruptive transformation around which many Spanish industries will develop in the short term. The digital transition that many companies and sectors will soon face, however, will uncover issues that require specific attention.
Not all the implementation of this will depend exclusively on 5G coverage in Spain or infrastructure made available by key stakeholders in the communications sector. The cybersecurity of the 5G network must also cement its development, that’s why the Spanish government is working on a new 5G Cybersecurity Law, currently in the draft phase, a law around which companies need to focus their development and future plans.
How will the legislation affect 5G operators in Spain?
Above all, companies supplying 5G will have to pay particular attention to potential risks in data handling and digital security. As well as to their own practices and the way security is managed by their administrators. As such, they will be obliged to carry out a risk analysis every two years. That’s why they will need to develop protocols that consider technical and organisational measures aimed at managing existing cybersecurity risks.
The legislation will also require operators to draw up a mitigation strategy for these potential risks, which, in turn, must include a supplier diversification plan. This is all designed to reduce the dependence of 5G networks on single suppliers or on a number of suppliers that have a high-risk component. This analysis of the cybersecurity landscape – including the results of risk analyses, reports on the security practices of suppliers and diversification strategies – should be submitted to Spain’s Ministry of Economic Affairs and Digital Transformation.
Operators and suppliers will have user credentials for the 5G network, certifications they will have to ensure are kept up to date. Similarly, there will be a number of restrictions and prohibitions on the use of services, programs and equipment with certain levels of risk, that’s why there will be ‘usage fees’ and a requirement to only use products, systems and services that have been certified.
What will the government do to improve 5G network security?
The foundation of secure and robust 5G infrastructure will not just depend on companies, operators and technology providers alone. Public administrations – the government – will also play a key role. The Ministry of Economic Affairs and Digital Transformation will develop a 5G security framework that will analyse the risks of 5G technology on a national scale. This framework or analysis will include reports provided by the operators and companies themselves, as mentioned above.
It’s also important to consider the security measures required to mitigate these threats. This means companies, operators, network providers, manufacturers, and so on. They will need to actively collaborate with the government in order to develop such a 5G security framework.
Government efforts around cybersecurity will also be subject to compliance with European certification schemes, as well as passing audits and obtaining a European quality mark on cybersecurity in order to use certain pieces of equipment or develop certain 5G connectivity programs, as established by the European Regulations on Cybersecurity.
All stakeholders involved will need to undertake a significant effort in terms of standardisation, ‘shielding’ 5G network security, transparency and distributing solid and stable connectivity infrastructure. This area is still fraught with exciting uncertainty, but will lead to a range of positive outcomes for society as a whole.