You can also listen to the commentary in the audio version.
We regularly hear in the media how the threat of cyber attacks is growing exponentially. Even now, while reading this article, there are dozens of attacks on Czech mobile networks. Cybersecurity is undoubtedly the topic of this decade, perhaps the entire 21st century. However, creating the impression that we will “re-regulate” safety thanks to state control is completely illusory.
Although mobile operators do more to increase the level of security and technological equipment than any other sector in the Czech Republic (we invest approx. 12 billion crowns every year), the state, led by the National Office for Cybernetic and Information Security (NUKIB), comes with a proposal for unprecedented regulation. It has the ambition to directively determine to private companies which suppliers they can cooperate with and which they cannot. The criterion should be simple: When the official evaluates that a democratic regime prevails in the given country, cooperation is given the green light. When he evaluates that there is no democratic regime in the given country, the official will be able to ban such a supplier.
A de facto super-authority will be created, which independently determines the scope of regulation in the form of its own decree, independently determines the evaluation criteria of the supplier’s safety, conducts an evaluation based on its own methodology and independently decides on restrictions, or exclusion of a specific supplier. In practice, the decision of one authority can cause the failure of investments in the order of tens of billions of crowns on the part of the private sector. Such a high concentration of power is unacceptable in a democratic legal state. This significantly disrupts the predictable business environment and causes a significant degree of investment uncertainty.
It’s a little reminiscent of the past and the days of the CIS (Council for Mutual Economic Assistance), when the West bought from its Western suppliers and the East from its CIS member countries. The slight difference was that at the time the West was at the cutting edge of technology. Although we all drove 120s or Russian Zhiguli, we actually wanted German VWs because they were demonstrably better. Unfortunately, today’s times are different. The pace of innovation is no longer set by Europe, but often by Asia. Banning Asian suppliers can paradoxically lead to technological backwardness and suppression of the competitive environment. At the same time, competition is nothing more than the basic driving force of progress and innovation.
I’m probably not exaggerating too much when I say that this approach on the part of NÚKIB scares us. We are very concerned that if the non-cyber security, but the unbridled geopolitical approach prevails, it will end up monopolizing the supply environment along with increasing dependence on another supplier, which by the way makes most of its production in Asia. The money we want to invest today in modernizing the Czech digital infrastructure, we will have to invest in excessive regulation.
For example, the European Commission’s DESI Index, which compares the digital equipment of European countries, ranks the Czech Republic in the bottom third in 2023. The Czech Republic simply cannot afford to let up in investments in the development of telecommunications networks. Paradoxically, we are not hindered here by the lack of interest of private companies to invest, but for a change by another boundless state regulation, this time construction. This can de facto delay any telecommunications investment by several years. But no office or politician rushes in to correct this problem. They prefer to invent more and more regulation.
We are sure that we can maintain and ensure the security of our mobile and fixed networks in the future with a high degree of professionalism. It is the basic DNA of our business. Without security there is no trust and without trust there is no satisfied customer. After all, today operators already fulfill over 900 obligations and measures of a technical and organizational nature. Even NÚKIB itself did not detect any serious violations of the operators’ obligations in this area during its regular inspection activities.
The relationship between companies that have been building top competence in the field of cyber security and the state for years needs to be developed positively. There is no need for money, incentives or subsidies. It is enough for the state to build a predictable business environment and conduct a professional dialogue with companies, which is based on mutual trust and respect. We have exactly the same security goals as the state. We just differ in the way of execution. Banning suppliers is the most extreme and essentially the most desperate tactic to achieve otherwise quite reasonable goals.
