The transition from 3G and 4G networks will be a technologically complex task, which carries myriad risks that need to be properly addressed. With the adoption of 5G technology looming around the corner, it is only natural that the member states of the European Union (EU) want to dot their i’s and cross their t’s. To this end, the European Commission and the European Union Agency for Cybersecurity (ENISA) published a report assessing the cybersecurity challenges in 5G networks.
Not a surprising fact, considering that 5G networks will be the front and center of our digital lives, with a huge impact on the economy of (not only) the EU and the social lives of its citizens. Essentially all the industries are interconnected with information being carried through these systems. Services such as healthcare, energy, and transport will be adopting 5G networks into their operations.
The report deals with the possible risks and even points out a few concrete scenarios that may prove to be challenging to manage in the 5G world. It is based on the results of national cybersecurity assessments submitted to the EU’s executive arm and ENISA by all EU member states. The EU’s assessment drew on input provided by legislators and regulators as well as cybersecurity and telecommunication authorities, security and intelligence services.
Outlined are the areas that member states view as main threats and cybersecurity risks to 5G networks. Among the scenarios that are of concern to the EU member states are the local or global disruption of 5G networks, spying on the traffic/data, modification or rerouting of the traffic/data, and the destruction or alteration of digital infrastructures and information systems. An example of such a scenario would be a sophisticated attack causing an outage that would impact essential areas such as emergency services and first responders.
The report further categorizes the main types of threat actors and their motivations to attack the future 5G infrastructure. The threats include accidental events that occur as a result of human error, as well as individual hackers, hacktivist groups, organized crime groups, insiders, cyber-terrorists or state-sponsored actors.
Among the security challenges that the EU needs to tackle are the access of third-party suppliers to networks and the use of third-party systems. As the report points out, the technological changes increase the overall attack surface and the number of potential entry points for threat actors.
That is partly due to networks having a less centralized architecture and due to the increased use of software in 5G equipment. The supply chain is another key area that the EU wants to focus on, especially assessing the individual risk profiles of suppliers as that might be another entry point.
You can delve into the full report here.