The European Commission recommends the gradual replacement of suppliers of submarine telecommunications cables which present risks, but does not propose a new form of financial assistance for this, we can read in an executive recommendation consulted by Euractiv.
Following the sabotage of submarine telecommunications cables in the Baltic Sea by a Chinese ship in October, the EU Council asked the Commission to present a recommendation to strengthen the security and resilience of submarine cable infrastructure .
Euractiv was able to consult a preliminary version of the non-binding document before the official publication of the recommendation on February 21.
“Member States are encouraged […] to reduce risks, vulnerabilities and dependencies, in particular on high-risk suppliers,” reads the draft recommendation.
The EU executive is proposing to set up an “expert group on submarine cable infrastructure” which would be responsible for “proposing a toolbox for cable security”.
The toolbox appears to be designed as an instrument similar to the EU 5G Cybersecurity Toolbox — a non-binding instrument “establishing mitigation measures” for member states that aim to reduce risks and vulnerabilities “particularly for high-risk suppliers”.
In the 5G toolbox, EU countries are encouraged to phase out Chinese telecoms infrastructure providers — ZTE and Huawei — which could mean Huawei subsidiary HMN Tech could also be restricted or banned to deploy submarine cables.
Funding
The Commission is not proposing additional resources to help gradually replace high-risk suppliers, but it explains that solutions exist, including national and EU funding schemes.
However, it plans additional investments in the future.
The Commission wishes to instruct the group of experts, working jointly with it, to establish a priority list of “cable projects of European interest” on the basis of the following criteria: strengthening the resilience of the infrastructure, security of supply chain, geostrategic importance and public necessity.
As the EU does not have responsibility for security, the arsenal of instruments and recommendations are not binding, which perhaps explains why no additional funding mechanisms have been proposed.
National measures
Commission encourages Member States to map their national infrastructure, assess supply chain risks and vulnerabilities, carry out regular stress tests and appoint an authority to facilitate permitting processes .
The expert group should then review Member States’ risk assessments and identify missing information.
The Commission then focuses on cybersecurity issues.
Submarine cables include cables, but also “all infrastructure linked to their construction, operation, maintenance and repair, such as landing stations and the land sections of the submarine cable which connect to them”.
Submarine cable landing stations are the infrastructures most vulnerable to cyberattacks, because they monitor the exchange of information passing through the cables.
The Commission therefore recommends that Member States map potential risks and means of mitigation.
She notes that this would be a relevant complement to the implementation of the revised directive on the security of networks and information systems (NIS2), which already provides that incidents linked to submarine cables are reported to the competent authorities.
Geography
Unlike Hungary and other landlocked countries, mainly in Central Europe, “three island member states, Cyprus, Ireland and Malta, are almost entirely dependent” on submarine cables for communications within the Union, writes the Commission.
It also mentions “Member States having one or more […] islands or outermost regions”, but no specific provision is made for these territories.
The next steps
The Commission said that “this recommendation aims to serve as a precursor to a possible system of common governance of the Union”, implying that it could be followed by another step.