Home5G & Beyond“No monocultures”: German regulator revises network security rules

    “No monocultures”: German regulator revises network security rules


    The German regulator, Bundesnetzagentur (BNetzA), has published new security requirements for telecoms networks and services.

    The update comes ahead of Germany’s 5G auction later this month and amidst the ongoing row about the use of Huawei equipment in telecoms networks.

    “We regularly adapt the applicable security requirements to the current security situation and the state of the art,” said Jochen Homann, President of BNetzA. “The security requirements apply to all network operators and service providers and they are technology-neutral, covering all networks, not just individual standards such as 5G. “

    The US has called on Western countries to exclude Huawei from their 5G networks, claiming the Chinese company poses a threat to national security. No individual companies are mentioned in BNetzA’s update but the proposed rules appear to represent a tightening of rules and requirements for all vendors –  including Huawei, as long as the criteria are met.

    Proving trustworthiness

    Specifically, the additional requirements say that systems may only be obtained from “trustworthy suppliers” who can provide assurance that they comply with national safety regulations and telecommunications secrecy and privacy rules.

    Safety-critical components will require certification recognised by the Federal Office for Information Security (BSI) and employees working in safety-related areas will require certified training.

    “It must be demonstrated that the hardware tested for selected, safety-related components and the source code at the end of the supply chain are actually used in the products used,” the guidance states.

    BNetzA and BSI  will provide a definition of what constitutes a critical core component.

    No “monocultures”

    The update also stipulates that “monocultures” should be avoided. Telecoms companies should use network and system components from different manufacturers, rather than a single provider, the update says.

    The rules also state that network traffic will need to be continuously monitored for abnormalities.

    BNetzA will release a draft of the proposed new rules for industry feedback soon.