EU’s PEGA Committee Adopts 8 Recommendations on Telecom Networks
June 2023 by Enea
Enea welcomes the PEGA Committee’s adoption of the eight telecom network recommendations to address the critical gaps which persist in protective frameworks. The Committee was set up by the European Parliament to investigate Pegasus and equivalent surveillance threats. The committee held its final vote on June 15 and all eight recommendations were adopted to safeguard mobile communications.
Rowland Corr, Vice President of Government Relations at Enea said: “These recommendations by PEGA are of vital importance to telecom network operators. Firstly, it recognizes the gaps at various levels today – including technical and institutional, regulatory and doctrinal, national and international – which leave mobile subscribers vulnerable to more than just the misuse of spyware by attackers. Secondly the recommendations also highlight areas for concrete measures to close those systemic gaps, emphasizing the need for national authorities to evaluate, and for operators to mitigate the cyber surveillance threat posed by mobile signalling attacks. Member states will need to invest in critical infrastructure to detect and defend against unauthorized intrusions over signaling.”
The recommendations include:
1. Revoking the licenses of (2G – 5G) service providers found to be facilitating unlawful access to national and/or international mobile signaling infrastructure.
2. Regulating the processes through which malicious actors can create new phone numbers from all over the world.
3. Requiring telecom providers to have the capacity to detect potential misuse of access, control, or effective end use of signaling infrastructure gained by third parties.
4. Compelling Member States to evaluate telecom providers’ level of resilience to unauthorized intrusions
5. Necessitating telecom providers to take firm and demonstrable action to mitigate against various forms of unauthorized surveillance.
6. Requiring Member States to take action to ensure that non-EU state actors that do not respect fundamental rights do not have control or effective end use of strategic infrastructure, or influence over decisions related to strategic infrastructure within the Union, including telecommunications infrastructure.
7. Prioritizing greater investment in the protection of critical infrastructure, such as national telecommunications systems, to address gaps in protection against privacy breaches, data leaks, and unauthorized intrusions.
8. Calling on national authorities to strengthen providers’ capabilities to identify and report illegal targeting, to mitigate security gaps exploited by malicious actors
Earlier this year, Rowland Corr, was one of several industry experts invited to share his expertise. Corr highlighted the wider threat of unauthorized intrusions beyond the use of spyware which pose the same fundamental societal threats.
Corr concluded: "We applaud the PEGA Committee for its work in developing and adopting these critical recommendations Enea is committed to supporting EU stakeholders in implementing these vital recommendations and making mobile networks more secure.”