Issue link: https://maltatoday.uberflip.com/i/1177088
17.10.19 7 NEWS LAST week, EU member states, with the support of the Commission and the European Agency for Cybersecurity published a report on the EU coordi- nated risk assessment on cybersecurity in Fifth Generation (5G) networks. is major step is part of the implementa- tion of the European Commission Rec- ommendation adopted in March 2019 to ensure a high level of cybersecurity of 5G networks across the EU. 5G networks is the future backbone of our increasingly digitised economies and societies. Billions of connected objects and systems are concerned, in- cluding in critical sectors such as en- ergy, transport, banking, and health, as well as industrial control systems carrying sensitive information and sup- porting safety systems. Ensuring the se- curity and resilience of 5G networks is therefore essential. e report is based on the results of the national cybersecurity risk assess- ments by all EU Member States. It iden- tifies the main threats and threats ac- tors, the most sensitive assets, the main vulnerabilities (including technical ones and other types of vulnerabilities) and a number of strategic risks. is assessment provides the basis to identify mitigation measures that can be applied at national and European level. Main insights of the EU coordinated risk assessment e report identifies a number of im- portant security challenges, which are likely to appear or become more prom- inent in 5G networks, compared with the situation in existing networks: ese security challenges are mainly linked to: • key innovations in the 5G tech- nology (which will also bring a number of specific security im- provements), in particular the im- portant part of software and the wide range of services and appli- cations enabled by 5G; • the role of suppliers in building and operating 5G networks and the degree of dependency on indi- vidual suppliers. Specifically, the roll-out of 5G net- works is expected to have the following effects: • An increased exposure to attacks and more potential entry points for attackers: With 5G networks increasingly based on software, risks related to major security flaws, such as those deriving from poor software development pro- cesses within suppliers are gaining in importance. ey could also make it easier for threat actors to maliciously insert backdoors into products and make them harder to detect. • Due to new characteristics of the 5G network architecture and new functionalities, certain pieces of network equipment or functions are becoming more sensitive, such as base stations or key technical management functions of the net- works. • An increased exposure to risks re- lated to the reliance of mobile net- work operators on suppliers. is will also lead to a higher number of attacks paths that might be ex- ploited by threat actors and in- crease the potential severity of the impact of such attacks. Among the various potential actors, non- EU States or State-backed are considered as the most serious ones and the most likely to target 5G networks. • In this context of increased expo- sure to attacks facilitated by sup- pliers, the risk profile of individual suppliers will become particularly important, including the likeli- hood of the supplier being subject to interference from a non-EU country. • Increased risks from major de- pendencies on suppliers: a major dependency on a single supplier increases the exposure to a poten- tial supply interruption, resulting for instance from a commercial failure, and its consequences. It also aggravates the potential im- pact of weaknesses or vulnerabili- ties, and of their possible exploita- tion by threat actors, in particular where the dependency concerns a supplier presenting a high degree of risk. • reats to availability and integ- rity of networks will become ma- jor security concerns: in addition to confidentiality and privacy threats, with 5G networks expect- ed to become the backbone of many critical IT applications, the integrity and availability of those networks will become major na- tional security concerns and a major security challenge from an EU perspective. Together, these challenges create a new security paradigm, making it nec- essary to reassess the current policy and security framework applicable to the sector and its ecosystem and essential for Member states to take the necessary mitigating measures. To complement the Member States' report, the European Agency for Cy- bersecurity is finalising a specific threat landscape mapping related to 5G net- works, which considers in more detail certain technical aspects covered in the report. Next Steps By 31 December 2019, the Coopera- tion Group should agree on a toolbox of mitigating measures to address the identified cybersecurity risks at nation- al and Union level. By 1 October 2020, Member States – in cooperation with the Commission – should assess the effects of the Rec- ommendation in order to determine whether there is a need for further ac- tion. is assessment should take into account the outcome of the coordinat- ed European risk assessment and of the effectiveness of the measures. EU coordinated risk assessment of 5G networks security With 5G networks increasingly based on software, risks related to major security flaws, such as those deriving from poor software development processes within suppliers are gaining in importance