On March 30th, the European Union's telecoms regulatory agency (ORECE) said that no major Internet congestion problems had occurred since the start of the Covid-19 health crisis: "Network operators have been able to cope with this additional traffic load". While overall traffic on fixed and mobile networks has increased significantly, there has been no major downtime across Europe due to possible over-consumption of bandwidth, she explained.

The statement comes after worrying predictions by several experts that the Internet infrastructure may not be able to cope with the increase in traffic.

Although some Internet access problems were "observed and mitigated," they were deemed "local and temporary." No unusual incidents were observed by the agency, which also commended the telecom operators in some member countries for implementing specific measures.

In some EU Member States, the ORECE noted "a stabilisation of traffic", but also "a decrease in peak traffic". This decrease is attributed to "traffic reduction measures" put in place by "some of the largest CAPs", a term used to refer to Internet content and service providers.

Indeed, two weeks ago, the agency formally requested video streaming services to reduce the quality of service for European users in order to avoid overloading the EU's Internet architecture. The first to agree were Netflix and YouTube and have started to provide SD streams. Amazon Prime Video, Disney+ and Facebook responded later and also capped the quality of video streaming for the EU.

Although not approached by the ORECE officials, Akamai, Microsoft and Sony also slowed down game downloads during peak hours to avoid congesting the Internet infrastructure when a new game or update is released and deployed to millions of users.

Some experts, however, have publicly criticised the agency's call, castigating unnecessary panic. Several ISPs said that the Internet backbone had been specially designed for times like these and is therefore designed to handle sudden and very large volumes of traffic.

 Read the article

Source : ZDNet

On January 31st, the CNLL, the OSBalliance and the Cossfi laid the foundations of a new structure: APELL (Association Professionnelle Européenne du Logiciel Libre). "The idea is to create a umbrella association to carry the voice of Free Software companies in Europe in the broadest sense" explains Stéphane Fermigier, co-president of the CNLL.

A relatively light structure that includes members, supporting members (such as the Open Forum Europe or OW2) and associate members. The association will be based in Brussels and registered in the register of lobbies with the European institutions.

Two triggers were at the origin of this creation. "The first was the copyright directive and its impact on the development of free software, the battle over the forges. We clearly saw that it was necessary to have the voice of free software companies," observes Stéphane Fermigier. "The second trigger is the structuring of associations to respond to European issues, to collaborate on commercial projects, to have collaborative R&D," he continues.

This initiative also comes at a time when the European Commission is communicating a lot about open source and 2020 should be an important year in this area. "A major study is being launched on open source in Brussels and a major restitution event is due to take place in 2021," emphasises Stéphane Fermigier. He also mentioned other elements such as recommendations on good practices in terms of free software, policies to support innovation and work on ethics and digital sovereignty.

 Read the article

Source : Le Monde Informatique

The European Union has just published a raft of measures - a toolbox in EU jargon - to enable its members to mitigate cyber risks. "According to the EU coordinated risk assessment report, the measures concern the security of stakeholders in the 5G ecosystem, which are mainly mobile network operators and their suppliers, in particular telecoms equipment manufacturers," the report reads.

The measures set out by the EU fall into two categories: strategic and technical, complemented by targeted support actions. Each of these measures is associated with a level of risk backed by positive or negative implementation factors and the time required for implementation.

It has thus identified 8 strategic 5G cyber risk mitigation measures and 11 mitigation measures at the strategic level.

In addition, a roadmap has been specified: Member States are invited to take "concrete and quantifiable steps to implement the set of key measures according to the recommendations contained in the conclusions associated with the EU toolkit" by 30th April 2020. Then to draw up by 30th June 2020 "a report by the SRI Cooperation Group on the state of play of the implementation of these key measures in each Member State, based on the reports and regular monitoring carried out in particular within the SRI Cooperation Group, with the assistance of the Commission and ENISA".

This announcement comes at a time when the 28 members of the Union have agreed to give priority to local players, Nokia and Ericsson, for 5G core network technologies, de facto excluding players such as Huawei. This does not mean, however, that the Chinese manufacturer's equipment will disappear altogether, as it will, for example, be able to offer it for non-sensitive parts of the network in the UK, while being capped at 35% of the 5G market. This prospect seems far from being a topical one in Germany, where the government is said to have evidence of Huawei's connivance with the Chinese intelligence services...

 Read the article

Source : Le Monde Informatique

In a report published with the European Agency for Cybersecurity on securing 5G networks, the European Commission warned EU Member States of the dangerousness of new wireless telecommunications technology. For the Commission, the deployment of 5G risks "creating a new security paradigm that requires a reassessment of the current policy and security framework applicable to the sector and its ecosystem and is essential for Member States to take the necessary mitigation measures".

In more detail, this report calls for a review of the current design of 3G and 4G networks and warns against the use of a single supplier, particularly those not based in the European Union, without however mentioning the name Huawei. "The increased role of software and services provided by third party providers in 5G networks leads to greater exposure to a number of vulnerabilities that may result from the risk profile of individual providers".

The European Commission also explains: "While 5G network technology and standards will also bring some security improvements over previous generations, several important challenges arise from new features of the network architecture and the wide range of services and applications that may in the future depend heavily on 5G networks. [...] Major security breaches, such as those resulting from poor software development processes among equipment suppliers, could facilitate the malicious insertion of intentional backdoors into products by actors and make them more difficult to detect. This can increase the likelihood that their exploitation will have a particularly serious and widespread negative impact".

The report adds that EU Member States should not judge 5G network providers solely on their technical qualities and assess them on the basis of "non-technical vulnerabilities related to 5G networks", such that the provider's country has "no legislative or democratic control and balance in place, or in the absence of security or data protection agreements between the EU and the given third country" or that the structure of the provider's owner and the ability for its own country to "exert any pressure, in particular with respect to the manufacture of equipment". If Huawei's name is not mentioned, it is impossible not to think about it...

As a result, Huawei once again defended itself against any interference from the Chinese authorities: "We are a 100% private company, 100% employee-owned, and cybersecurity is a top priority: our end-to-end cybersecurity assurance system covers all process areas, and our solid experience proves that it works".

No one is saying that the Commission will respond to this extended hand, since it has apparently also decided to sweep away another option proposed by Huawei. Indeed, the Chinese manufacturer had indicated that it could be satisfied with intervening only on parts considered less sensitive in the future 5G networks of EU Member States.

The European Union's next steps will result in the publication of a range of mitigation measures to address the identified cybersecurity risks at the national and EU levels by 31 December 2019. Finally, Member States should assess the effects of the Recommendation in order to determine whether further measures should be taken by 1 October 2020. This assessment should take into account the results of the coordinated European risk assessment and the effectiveness of the measures.

 Read the article

Source : ZDnet