The three-day conference brought together about a hundred participants from 11 countries of the region as well as the USA, the UK, Japan, Germany, Georgia and Armenia. Croatia was represented by officials from national telcos, the regulator HAKOM, and the Ministry of Foreign and European Affairs.
The main topics of discussion were: the implementation of new 5G networks and technologies, the importance of vendor diversity, legislative frameworks in the Southeast European region, as well as the cybersecurity of this technology.
As pointed out in the opening statement, for the US government, the reliability of 5G equipment vendors is one of the most important factors for the security of 5G mobile networks.
“It’s no longer just a security issue, and it’s not just one but all infrastructure equipment vendors who are required to provide access to information to their authoritarian governments. These are primarily companies from China, such as Huawei, ZTE and others, but also, for instance, Russian Kaspersky and the like,” said Joe Farrelly, head of the European team for bilateral relations in the US State Department.
When asked by journalists what they think about the current state of 5G rollout in Croatia, the vendors and legal frameworks, Tajma Rahimić, legal advisor for the trade law development program at the US Department of Commerce, said that the US sees Croatia as a good partner and that they cooperate on all relevant issues for network security, including the legislation, for the improvement of which they offer cooperation to governments and the private sector (especially in developing economies).
Both Farrelly and Rahimić pointed out that Croatia, as a member of the European Union, has the obligation to implement European laws in its national legislation, including the EU tool “Security Toolbox” (for cyber or ICT security), which, they added, the US supports as a concept, but is also ready to help improve it through cooperation.
US–EU agreement on secure data exchange
When asked by journalists about the security of data and its storage in the cloud (especially under the American Cloud Act), Paul Harrison, Foreign Service Officer in the US State Department, who tuned in from Washington via videocall, emphasized that the main problem here is a “fundamental misunderstanding of the act itself”.
“It is important to know that American companies do not have to hand over data from their servers to state security services, investigators and the like, but these services have to go through official court channels and if they are asking for it, clarify what exactly they are need and why,” Harrison explained.
He also referred to the international agreement between the USA and the EU on the protection of personal data (the so-called Safe Harbor or Privacy Shield Agreement), saying that after more than two years, the negotiations have been completed, an agreement has been reached, but they are still waiting for the American side to turn the agreement into law and forward it to the EU for consideration and coordination.
This agreement is important for the functioning of numerous American and European companies and platforms that store and process large amounts of data of European citizens in the USA. Harrison cited health research data as an example, which proved to be extremely important during the pandemic, but the agreement concerns other sectors as well, making American-European cooperation crucial:
“In international cooperation, in addition to the security of 5G and reliable vendors, the USA is also focused on the security of data and the entire global telecommunications ecosystem because this is the basis of digital economy, which is the future. The cloud, data centers, low-Earth orbit (LEO) satellites, routers, submarine cables, etc., are all connected by this.”
Rahimić added that the US government has decided to co-finance and help telecom operators get out of contracts with unreliable vendors and replace equipment defined as unreliable (e.g. from Chinese vendors) by ensuring the procurement of reliable equipment: from Nokia, Ericsson and Samsung.
This and other important topics concerning secure 5G for each of the participating countries will be individually discussed until the end of the conference, the aim of which, according to Rahimić, is to be a platform for discussion and the exchange of ideas and experiences.