U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

ENISA publishes a Threat Landscape for 5G Networks

ENISA, the European Union Agency for Cybersecurity publishes a Threat Landscape for 5G Networks, assessing the threats related to the fifth generation of mobile telecommunications networks (5G). ENISA with the support of the Member States, the European Commission and an Expert Group, published an extensive report on threats relating to 5G networks. An EU-wide Coordinated […]

5G networks European Commission

ENISA, the European Union Agency for Cybersecurity publishes a Threat Landscape for 5G Networks, assessing the threats related to the fifth generation of mobile telecommunications networks (5G).

ENISA with the support of the Member States, the European Commission and an Expert Group, published an extensive report on threats relating to 5G networks.

An EU-wide Coordinated Risk Assessment of 5G networks has been published on the 9th October 2019. It contained 10 high-level risk scenarios, based on the national risk assessments by EU Member States. Today’s  ENISA 5G Threat landscape complements the Coordinated Risk Assessment with a more technical and more detailed view on the 5G architecture, the assets and the cyber threats for those assets.

The ENISA 5G threat landscape contains:

  • A detailed architecture outlining the most important 5G infrastructure components through 9 detailed zoom-ins of the 5G architectural elements mentioned in the coordinated risk assessment. These include the security architecture, slice architecture, edge computing architecture, software defined networks architecture, physical architecture, and others.
  • Detailed threat assessments for the 5G infrastructure components. The assessed threats refine the threats reviewed in the coordinated risk assessment.

Understanding threat exposure

ENISA’s Executive Director, Juhan Lepassaar, made the following statement:

The arrival of 5G networks brings numerous security challenges just as the technology from 1G to 4G did previously. Today’s report will support stakeholders to carry out more detailed threat analyses and risk assessments focussed on particular elements of the 5G infrastructure to help understand their threat exposure.

The on-going guide for gap analysis

5G infrastructures possess a high degree of complexity due to the multiple features introduced by this technology. While 5G pilots are ongoing, standardisation work is also advancing as do vendor development activities towards migrations to 5G. In this still very dynamic environment, threat and risk assessments will need to be performed in an iterative manner to cover upcoming developments.

The developed 5G Risk Assessment and the 5G Threat Landscape are initial steps towards the longer maturity trajectory of 5G infrastructures, their deployment and adoption. They will need to be regularly updated in order to capture those changes appropriately. Certification of 5G components is perceived as a further trigger of threat and risk management activities.

Next Steps

The 5G toolbox, which are documents produced by the NIS Cooperation group and the Member States with the support of ENISA will be published towards the end of 2019. In this way, the toolbox will provide a number of different directions and options for the Member States to take.

Certification of 5G architecture components is a likely action depending on the exact designation of tools under the toolbox initiative carried out. The scope of 5G certification schemes needs to be determined by the European Commission with input from the Member States and duly communicated to ENISA.

ENISA will continue engaging on cybersecurity activities of 5G. Coordination with EU-wide activities will be key to the success of secure 5G practices.

Further information:

The ENISA threat landscape for 5G Networks report.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – 5G networks, cybersecurity)

[adrotate banner=”5″]

[adrotate banner=”13″]