ENISA releases updated 5G threat assessment report to enhance cybersecurity of 5G by identifying vulnerabilities and proposing corresponding technical 5G security controls.
Today, the European Union Agency for Cybersecurity (ENISA) published an updated version of its 5G threat assessment report to address advancements in the areas of fifth generation of mobile telecommunications networks (5G) and to contribute to the implementation of the EU 5G toolbox cybersecurity risk mitigating measures.
The new ENISA Threat Landscape for 5G Networks report is a major update of the previous edition as it captures recent developments in 5G standardisation. The publication includes a vulnerability analysis, which examines the exposure of 5G components. The analysis explores how cyber threats can exploit vulnerabilities and how technical security controls can help mitigate risks.
European Union Agency for Cybersecurity Executive Director Juhan Lepassaar explained: “By providing regular threat assessments, the EU Agency for Cybersecurity materialises its support to the EU cybersecurity ecosystem. This work is part of our continuous contribution to securing 5G, a key infrastructure for the years to come.”
The New Threat Landscape includes:
- An updated system architecture of 5G, indicating introduced novelties and assessed security considerations;
- A detailed vulnerability analysis of all relevant 5G assets, including their exposure to threats;
- A mapping of related security controls aiming at the reduction of threat surface;
- An update of the relevant threats in accordance with their exploitation potential of the assessed vulnerabilities;
- The consideration of implementation options – migration paths from 4G to 5G infrastructures;
- The development of a process map showing the contribution of operational, life cycle and security assurance processes to the overall security of 5G infrastructures;
- A new inventory of critical components.
The information produced for this report is based on publicly available content published by 5G market players (operators, vendors, and national and international organisations), standardisation groups and bodies (for example: 3rd Generation Partnership Project (3GPP); International Telecommunications Union (ITU); European Telecommunications Standardisation Institute (ETSI); International Organisation for Standardisation (ISO); the Global System for Mobile Communications (GSMA)).
Backgrounds
In November 2019, the European Union Agency for Cybersecurity, with support of the EU Member States, the European Commission and experts, published the first 5G Threat Landscape, assessing the threats related to 5G.
One month prior, EU Member States published the EU-wide Coordinated Risk Assessment of 5G networks, which contains 10 high-level risk scenarios, based on the national risk assessments by Member States.
The ENISA 5G Threat Landscape complements the Coordinated Risk Assessment with a more technical and more detailed view of the 5G architecture, the assets and the cyber threats for those assets. This year’s update goes one step further with a dedicated vulnerability assessment and input on the current status of 5G.
The Agency will continue engaging on cybersecurity activities of 5G. Coordination with EU-wide activities will be key to the success of secure European 5G practices.
Upcoming Event on the 21st December:
The EU Agency for Cybersecurity and the Body of European Regulators for Electronic Communications (BEREC) are organising a joint workshop on the 21st of December to discuss the implementation of the EU 5G toolbox. For more information about the event, please visit: ENISA-BEREC Workshop: 5G cybersecurity toolbox developments and way(s) forward.
Contacts
For questions related to the press and interviews, please contact press (at) enisa.europa.eu