October 14, 2019 News Magazine

European risk report flags 5G security challenges

European Union Member States have published a joint risk assessment report into 5G technology which highlights increased security risks that will require a new approach to securing telecoms infrastructure.

The EU has so far resisted pressure from the U.S. to boycott Chinese tech giant Huawei as a 5G supplier on national security grounds, with individual Member States such as the UK also taking their time to chew over the issue.

But the report flags risks to 5G from what it couches as “non-EU state or state-backed actors” — which can be read as diplomatic code for Huawei. Though, as some industry watchers have been quick to point out, the label could be applied rather closer to home in the near future, should Brexit comes to pass…

Back in March, as European telecom industry concern swirled about how to respond to US pressure to block Huawei, the Commission stepped in to issue a series of recommendations — urging Member States to step up individual and collective attention to mitigate potential security risks as they roll out 5G networks.

Today’s risk assessment report follows on from that.

It identifies a number of “security challenges” that the report suggests are “likely to appear or become more prominent in 5G networks” vs current mobile networks — linked to the expanded use of software to run 5G networks; and software and apps that will be enabled by and run on the next-gen networks.

The role of suppliers in building and operating 5G networks is also noted as a security challenge, with the report warning of a “degree of dependency on individual suppliers”, and also of too many eggs being placed in the basket of a single 5G supplier.

Summing up the effects expected to follow 5G rollouts, per the report, it predicts:

  • An increased exposure to attacks and more potential entry points for attackers: With 5G networks increasingly based on software, risks related to major security flaws, such as those deriving from poor software development processes within suppliers are gaining in importance. They could also make it easier for threat actors to maliciously insert backdoors into products and make them harder to detect.
  • Due to new characteristics of the 5G network architecture and new functionalities, certain pieces of network equipment or functions are becoming more sensitive, such as base stations or key technical management functions of the networks.
  • An increased exposure to risks related to the reliance of mobile network operators on suppliers. This will also lead to a higher number of attacks paths that might be exploited by threat actors and increase the potential severity of the impact of such attacks. Among the various potential actors, non-EU States or State-backed are considered as the most serious ones and the most likely to target 5G networks.
  • In this context of increased exposure to attacks facilitated by suppliers, the risk profile of individual suppliers will become particularly important, including the likelihood of the supplier being subject to interference from a non-EU country.
  • Increased risks from major dependencies on suppliers: a major dependency on a single supplier increases the exposure to a potential supply interruption, resulting for instance from a commercial failure, and its consequences. It also aggravates the potential impact of weaknesses or vulnerabilities, and of their possible exploitation by threat actors, in particular where the dependency concerns a supplier presenting a high degree of risk.
  • Threats to availability and integrity of networks will become major security concerns: in addition to confidentiality and privacy threats, with 5G networks expected to become the backbone of many critical IT applications, the integrity and availability of those networks will become major national security concerns and a major security challenge from an EU perspective.

The high level report is a compilation of Member States’ national risk assessments, working with the Commission and the European Agency for Cybersecurity. It’s couched as just a first step in developing a European response to securing 5G networks.

“It highlights the elements that are of particular strategic relevance for the EU,” the report says in self-summary. “As such, it does not aim at presenting an exhaustive analysis of all relevant aspects or types of individual cybersecurity risks related to 5G networks.”

The next step will be the development, by December 31, of a toolbox of mitigating measures, agreed by the Network and Information Systems Cooperation Group, which will be aimed at addressing identified risks at national and Union level.

“By 1 October 2020, Member States – in cooperation with the Commission – should assess the effects of the Recommendation in order to determine whether there is a need for further action. This assessment should take into account the outcome of the coordinated European risk assessment and of the effectiveness of the measures,” the Commission adds.

For the toolbox a variety of measures are likely to be considered, per the report — consisting of existing security requirements for previous generations of mobile networks with “contingency approaches” that have been defined through standardisation by the mobile telephony standards body, 3GPP, especially for core and access levels of 5G networks.

But it also warns that “fundamental differences in how 5G operates also means that the current security measures as deployed on 4G networks might not be wholly effective or sufficiently comprehensive to mitigate the identified security risks”, adding that: “Furthermore, the nature and characteristics of some of these risks makes it necessary to determine if they may be addressed through technical measures alone.

“The assessment of these measures will be undertaken in the subsequent phase of the implementation of the Commission Recommendation. This will lead to the identification of a toolbox of appropriate, effective and proportionate possible risk management measures to mitigate cybersecurity risks identified by Member States within this process.”

The report concludes with a final line saying that “consideration should also be given to the development of the European industrial capacity in terms of software development, equipment manufacturing, laboratory testing, conformity evaluation, etc” — packing an awful lot into a single sentence.

The implication is that the business of 5G security will need to get commensurately large to scale to meet the multi-dimensional security challenge that goes hand in glove with the next-gen tech. Just banning a single supplier isn’t going to cut it.


Source: TechCrunch

Tags: in Uncategorized
Banner
Related Posts

Fortnite bugs put accounts at risk of takeover

January 16, 2019

January 16, 2019

With one click, any semi-skilled hacker could have silently taken over a Fortnite account, according to a cybersecurity firm who...

Delane Parnell’s plan to conquer amateur esports

May 29, 2019

May 29, 2019

Most of the buzz about esports focuses on high-profile professional teams and audiences watching live streams of those professionals. What...

Crowdfunded spacecraft LightSail 2 prepares to go sailing on sunlight

June 21, 2019

June 21, 2019

Among the many spacecraft and satellites ascending to space on Monday’s Falcon Heavy launch, the Planetary Society’s LightSail 2 may...

Wedding dress customizer Anomalie raises $13M as bridal stores crumble

June 25, 2019

June 25, 2019

David’s Bridal once owned 50% of the $36 billion wedding gown market before it filed for bankruptcy last year. Brides...

Life-size robo-dinosaur and ostrich backpack hint at how first birds got off the ground

May 2, 2019

May 2, 2019

Everyone knows birds descended from dinosaurs, but exactly how that happened is the subject of much study and debate. To...

Google’s SMILY is reverse image search for cancer diagnosis

July 19, 2019

July 19, 2019

Spotting and diagnosing cancer is a complex and difficult process even for the dedicated medical professionals who do it for...

NASA’s OSIRIX-REx probe sets a space record with a close orbit of weird asteroid Bennu

June 14, 2019

June 14, 2019

If you follow space news at all, you may have heard of ‘Bennu’ – the near-Earth asteroid that has a...

NASA shares 3D Moon data for CG artists and creators

October 5, 2019

October 5, 2019

If you want to set your movie or game on the Moon, it’s not hard to find imagery of our...

Apple tries out the ‘choose-your-own adventure’ Twitter thread format that recently went viral

June 28, 2019

June 28, 2019

It looks like choose-your-own-adventure Twitter games won’t be a one-hit wonder, now that Apple’s social team has adopted the format....

How tech is transforming the intelligence industry

August 10, 2019

August 10, 2019

Shay Hershkovitz Contributor Share on Twitter Shay Hershkovitz is a Senior Research Fellow at The Intelligence Methodology Research Center (IMRC)....

The inevitability of tokenized data

March 15, 2019

March 15, 2019

Chris McCoy Contributor Chris McCoy is the chief executive of Footprint and the creator of Storecoin. More posts by this...

JD.com’s drones take flight to Japan in partnership with Rakuten

February 21, 2019

February 21, 2019

Chinese e-commerce company JD.com is taking its drone delivery system to Japan. Rakuten, the Japanese e-commerce giant, just announced a...

Google is using 3D printers to re-create ancient artifacts

January 30, 2019

January 30, 2019

One of 3D printing’s biggest selling points has always been the ability to create objects that would otherwise be difficult...

India’s budget hotel startup Oyo enters co-working business with $30 million Innov8 acquisition

July 16, 2019

July 16, 2019

India’s Oyo has expanded its hotel chain business to over 80 countries and entered co-living spaces segment in recent years....

Is a $600 smart oven ever worth it?

May 19, 2019

May 19, 2019

Part of closely following tech is the often mistaken belief that newer, better technologies can help right some of the...

Comments
Leave a Reply

Your email address will not be published. Required fields are marked *