The European Commission (EC) has published a report on the European Union coordinated risk assessment on cybersecurity in 5G networks, in which it outlines a number of risks associated with the deployment of 5G ntwork infrastructure.
This report is part of the implementation of the European Commission Recommendation, adopted in March 2019, to ensure a high level of cybersecurity of 5G networks across Europe.
“5G networks is the future backbone of our increasingly digitised economies and societies. Billions of connected objects and systems are concerned, including in critical sectors such as energy, transport, banking, and health, as well as industrial control systems carrying sensitive information and supporting safety systems. Ensuring the security and resilience of 5G networks is therefore essential,” the EC said in a statement.
The report is based on the results of the national cybersecurity risk assessments by all EU countries. It identifies the main threats and threat actors, the most sensitive assets, the main vulnerabilities and a number of strategic risks.
It also identifies important security challenges which are likely to appear or become more prominent in 5G networks, compared with the situation in existing networks:
According to the EC, these security challenges are mainly linked to key innovations in the 5G technology — in particular, the important role of software and the wide range of services and applications enabled by 5G, as well as the role of suppliers in building and operating 5G networks and the degree of dependency on individual suppliers.
The report also highlighted that the deployment of 5G networks is expected to result in an increased exposure to attacks and more potential entry points for attackers.
“With 5G networks increasingly based on software, risks related to major security flaws, such as those deriving from poor software development processes within suppliers are gaining in importance. They could also make it easier for threat actors to maliciously insert backdoors into products and make them harder to detect,” the report said, adding: “Due to new characteristics of the 5G network architecture and new functionalities, certain pieces of network equipment or functions are becoming more sensitive, such as base stations or key technical management functions of the networks.”
The EC also highlighted that 5G deployments could also result in an increased exposure to risks related to the reliance of mobile network operators on suppliers: “This will also lead to a higher number of attacks paths that might be exploited by threat actors and increase the potential severity of the impact of such attacks. Among the various potential actors, non-EU States or State-backed are considered as the most serious ones and the most likely to target 5G networks.”
In this scenario, the risk profile of individual suppliers will become particularly important, including the likelihood of the supplier being subject to interference from a non-EU country, the EC said.
The report did not specifically mentioned risks associated to the deployment of 5G infrastructure by Chinese vendors. The U.S. as well as other countries such as Australia and Japan, have banned Chinese vendor Huawei from the provision of 5G infrastructure due to security risk allegations, as these countries believe that the Chinese government could use their vendor’s telecom equipment for spying activities.
The post European Commission flags risks associated with 5G network deployments appeared first on RCR Wireless News.