documentation
THE EUROPEAN – SECURITY AND DEFENCE UNION
Cybersecurity in 5G networks Report on EU coordinated risk assessment of 5G networks security On 9th October 2019, EU Member States, with the support of the European Commission and the European Union Agency for Cybersecurity (ENISA), published a report on the EU coordinated risk assessment on cybersecurity in fifth-generation (5G) networks. The report is based on the results of national cybersecurity risk assessments by all EU Member States, which is part of the implementation of the European Commission Recommendation adopted in March 2019 to ensure a high level of cybersecurity of 5G networks across the EU. 5G networks will provide virtually ubiquitous, ultra-high bandwidth and low latency connectivity not only to individual users but also to billions of connected objects. 5G networks are expected to serve a wide range of applications and sectors, which could include a diverse range of services
that are essential for the functioning of the internal market as well as for the maintenance and operation of vital societal and economic functions, e.g. energy, transport, banking, and health, as well as industrial control systems. Also the organisation of elections is expected to rely more and more on digital infrastructure and 5G net-
works. It is evident that ensuring the security and resilience of 5G networks is graphik: © dmutrojarmolinua, stock.adobe.com essential and that any vulnerability in 5G networks or a cyberattack targeting the future networks in one Member State would affect the Union as a whole.
“
Protecting 5G networks aims at protecting the infrastructure that will support vital societal and economic functions – such as energy, transport, banking, and health, as well as the much more automated factories of the future. It also means protecting our democratic processes, such as elections, against interference and the spread of disinformation.” Commissioner Mariya Gabriel, in charge of the Digital Economy and Society, 26 March 2019
phto: © European Union 2019, Source: EC – Audiovisual Service
The Report The report identifies a number of important security challenges likely to appear or become more prominent in 5G networks, in reason of the key innovations in 5G technology, in particular the important part of software and the wide range of services and applications enabled by 5G.
30
Conclusions (excerpt):
number of attacks paths that could be
“a) The technological changes introduced by 5G will increase the
exploited by threat actors, in particular
overall attack surface and the number of potential entry points for
non-EU state or state-backed actors, be-
attackers:
cause of their capabilities (intent and
• Enhanced functionality at the edge of the network and a less
resources) to perform attacks against
centralised architecture than in previous generations of mobile
EU Member States telecommunications networks,
networks means that some functions of the core networks may be
as well as the potential severity of the impact of such attacks.
integrated in other parts of the networks making the corresponding
(…)
equipment more sensitive (e.g. base stations or MANO functions);
Together, these challenges create a new security paradigm, making
• the increased part of software in 5G equipment leads to increased
it necessary to reassess the current policy and security framework
risks linked to software development and update processes, cre-
applicable to the sector and its ecosystem and essential for Member
ates new risks of configuration errors, and gives a more important
States to take the necessary mitigating measures. This requires
role in the security analysis to the choices made by each mobile
identifying potential gaps in existing frameworks and enforcement
network operator in the deployment phase of the network;
mechanisms, ranging from the implementation of cybersecurity leg-
b) These new technological features will give greater significance to
islation, the supervisory role of public authorities, and the respective
the reliance of mobile network operators on third-party suppliers and
obligations and liability of operators and suppliers.”
to their role in the 5G supply chain. This will, in turn, increase the
> Web https://bit.ly/33RmoAY