5G-ENSURE publishes initial study on risk assessment, mitigation and requirements
The initial 5G-ENSURE study on risk assessment, mitigation and requirements marks a first step towards defining a risk assessment and mitigation methodology to be followed for the specific task of evaluating the 5G security uses cases and architecture proposed by the project.
This initial study covers:
- The conceptual 5G security framework proposed at this point in time within the 5G-ENSURE project based on on-going work.
- The definition of the Risk Management Context, looking first at the 5G assets and actors and then at the identification of threats.
- Initial threat analysis of representative use cases defined by 5G-ENSURE and with a focus on ‘internal’ threats, that is, threats derived from the 5G-ENSURE use cases, which capture the very essence of security and privacy aspects of 5G networks.
- Initial design recommendations with respect to the 5G threats analysed.
Future Work on Risk Assessment, Mitigation and Requirements
The final version of the study, which will be published in October 2017, will further refine the methodology after examining each of the approaches, especially for factors such as risk severity, impact and the level of control of remediation.
This final version will provide a full threat analysis (including ‘external’ threats coming from other sources than 5G-ENSURE use cases), their categorisation, prioritisation with regard to severity and impact, as well as complete mitigation and remediation recommendations, functional requirements and architectural options. It will also define relevant metrics for use of security monitoring, and penetration tests over the security test bed and gap analysis.
Read more here.
5G is the new mobile standardisation effort focusing on the convergence of telecom and IT to develop a ubiquitous infrastructure that offers higher capacity to customers and creates new opportunities to interconnect smart objects. There will be a massive number of devices (e.g. sensors, actuators and cameras) with a wide range of characteristics. Integrating these heterogeneous technologies poses new security challenges towards a secure, reliable and dependable infrastructure. Networks will have to cope with a very dynamic and flexible environment consisting of virtual resources that can be instantiated and released on demand to meet the users’ demands and the connectivity requirements. The heterogeneous nature of the new networks, devices and services will raise a lot of security concerns, such as trust and privacy, that have to be addressed to enable wide deployment of 5G services and especially enhance user acceptance.
The 5G-ENSURE project brings to the 5G PPP a consortium of telco and network operators, IT providers and cyber security experts addressing priorities for security and resilience in 5G networks. The project has received funding of just over 7.5 million EUR out of a total 3.5 billion EUR for the 5G PPP initiative. It will:
- Deliver strategic impact across technology, business enablement & standardisation.
- Develop a set of non-intrusive security enablers (AAA, Privacy, Trust, Monitoring, Network Management and Virtualization Isolation) for the core of the 5G Reference Architecture.
- Define a 5G Security Architecture needed to expand the mobile ecosystem giving operators a platform for entirely new business opportunities.
- Initiate a 5G Security test bed vision and initial set-up in which the security enablers will be made available and demonstrated
5G-ENSURE will define a shared and agreed 5G Security Roadmap with various 5G stakeholders. The outcome will be a trustworthy 5G system offering reliable security services to customers with a “zero perceived” downtime for service provision.