Among today’s many technological advancements, 5G (fifth-generation wireless network) is among the ones that will have the most impact on citizens. It offers two significant improvements in data transmission: more volume and more speed. These enhancements to the current network could have a significant effect on both the public and private sectors.
The issue of cybersecurity is one of the challenges facing 5G deployment, and the European Union wants its institutions to be instrumental in dealing with the problem. In March 2019, the European Council and the European Commission presented a series of recommendations outlining the steps and measures to be taken, both at a national and European level, to achieve the necessary high levels of 5G cybersecurity throughout the European Union.
One of the European-level measures was the issue of the Threat Landscape Report to assist member states with their national risk assessments. In October 2019, this was complemented by the publication of the EU coordinated risk assessment of the cybersecurity of 5G networks report. The report was compiled from information provided by Member States and from ENISA (the European Union Agency for Cybersecurity). Its risk assessment outlines the principal threats and threat actors, the assets that could be at risk from those threats, vulnerabilities, risk scenarios, and a set of existing security measures that could be used as a baseline for mitigating those risks and threats.
With regard to principal threats, the scenarios which pose the greatest danger are:
- Local or global 5G network disruption affecting the availability of the network;
- Spying of traffic or data in the 5G network infrastructure with implications for confidentiality;
- The modification or re-routing of traffic or data in the 5G network infrastructure, which could affect the integrity or confidentiality of communications; and
- The destruction or alteration of other digital infrastructures or information systems through the 5G network, which could affect the integrity or availability of services.
These threats, which already exist for the current network, become more significant with 5G because it increases their potential intensity and impact.
Among the conclusions drawn in the document, four are highlighted:
- The technological changes introduced by 5G will bring about enhanced functionality at the edge of the network, a less centralised architecture, and an increase in the use of software as part of the 5G equipment. These factors will increase the overall attack surface and the number of potential entry points for attackers.
- The new technological features of 5G will lead mobile network operators to rely more on third-party suppliers, which, in turn, will increase the number of system attack paths.
- Any dependency on a single supplier increases the exposure to and consequences of potential supply incidences.
- 5G networks will play an important role in the supply chain of critical network applications. This will impact the confidentiality, privacy, integrity, and availability of those networks, becoming one of the major national-security concerns and most significant security challenges from an EU perspective.
It should be noted that the Catalan Government has made the deployment of 5G technology a priority for the country, and already has the infrastructure to run usage tests like the one undertaken by TV3 when broadcasting the National Day of Catalonia on the 11th of September 2019.