The initial 5G-ENSURE study on risk assessment, mitigation and requirements marks a first step towards defining a risk assessment and mitigation methodology to be followed for the specific task of evaluating the 5G security uses cases and architecture proposed by the project.
This initial study covers:
Future Work on Risk Assessment, Mitigation and Requirements
The final version of the study, which will be published in October 2017, will further refine the methodology after examining each of the approaches, especially for factors such as risk severity, impact and the level of control of remediation.
This final version will provide a full threat analysis (including ‘external’ threats coming from other sources than 5G-ENSURE use cases), their categorisation, prioritisation with regard to severity and impact, as well as complete mitigation and remediation recommendations, functional requirements and architectural options. It will also define relevant metrics for use of security monitoring, and penetration tests over the security test bed and gap analysis.
Read more here.
5G is the new mobile standardisation effort focusing on the convergence of telecom and IT to develop a ubiquitous infrastructure that offers higher capacity to customers and creates new opportunities to interconnect smart objects. There will be a massive number of devices (e.g. sensors, actuators and cameras) with a wide range of characteristics. Integrating these heterogeneous technologies poses new security challenges towards a secure, reliable and dependable infrastructure. Networks will have to cope with a very dynamic and flexible environment consisting of virtual resources that can be instantiated and released on demand to meet the users’ demands and the connectivity requirements. The heterogeneous nature of the new networks, devices and services will raise a lot of security concerns, such as trust and privacy, that have to be addressed to enable wide deployment of 5G services and especially enhance user acceptance.
The 5G-ENSURE project brings to the 5G PPP a consortium of telco and network operators, IT providers and cyber security experts addressing priorities for security and resilience in 5G networks. The project has received funding of just over 7.5 million EUR out of a total 3.5 billion EUR for the 5G PPP initiative. It will:
5G-ENSURE will define a shared and agreed 5G Security Roadmap with various 5G stakeholders. The outcome will be a trustworthy 5G system offering reliable security services to customers with a “zero perceived” downtime for service provision.