The European Union Cybersecurity Agency (ENISA), with the support of EU Member States, the European Commission and the expert group, has published an extensive report on the threats posed by mobile networks of fifth generation (5G).
It contains 10 high-level risk scenarios based on national risk assessments conducted by EU Member States.“The arrival of 5G networks brings numerous security challenges just as the technology from 1G to 4G did previously. Today’s report will support stakeholders to carry out more detailed threat analyses and risk assessments focussed on particular elements of the 5G infrastructure to help understand their threat exposure”, — stated ENISA’s Executive Director Juhan Lepassaar.
5G infrastructures are highly sophisticated due to the many features provided by this technology. While 5G pilot projects are ongoing, standardization work is also progressing in the same way as supplier development activities are moving towards 5G. In this very dynamic environment, threat and risk assessments will need to be performed in an iterative manner to cover upcoming developments.
Read also: OPSWAT specialists told which products are leading in the market of antiviruses for Windows
The developed 5G risk assessment and 5G threat landscape are the initial steps to a longer path of maturity of 5G infrastructures, their deployment and implementation. They must be updated regularly to properly reflect these changes. 5G component certification is perceived as another trigger for threat and risk management activities.
The publication is supplemented by the Coordinated Risk Assessment risk assessment report with a more technical and detailed view of the 5G structure, assets and cyber threats for these assets.
The ENISA report describes the most important components of the 5G infrastructure and detailed threat assessment for it.
“Certification of 5G architecture components is a likely action depending on the exact designation of tools under the toolbox initiative carried out. The scope of 5G certification schemes needs to be determined by the European Commission with input from the Member States and duly communicated to ENISA”, — argue in ENISA.