Author : Erika Magonara
Publisher :
ISBN 13 : 9789292045685
Total Pages : pages
Book Rating : 4.0/5 (456 download)
Book Synopsis 5G Cybersecurity Standards by : Erika Magonara
Download or read book 5G Cybersecurity Standards written by Erika Magonara and published by . This book was released on 2022 with total page pages. Available in PDF, EPUB and Kindle. Book excerpt: The ambition of this report is to outline the contribution of standardisation to the mitigation of technical risks, and therefore to trust and resilience, in the 5G ecosystem. The 5G ecosystem considered in this report is a multi-dimensional space encompassing not only technological and functional domains, but also the related technology lifecycle processes and stakeholders. This report focuses on standardisation from a technical and organisational perspective. Considerations of the effectiveness of specific standards and of the strategic aspects related to 5G security, although important, are outside the scope of this report. Accordingly, this report: - Collects standards, specifications and guidelines relevant to the cybersecurity of the 5G ecosystem that had been published, either as drafts or in their final versions, by September 2021; - Positions them within the defined 5G ecosystem by assessing the extent to which they address security objectives; - Identifies gaps in standardisation by comparing the existing literature against an ideal situation of cybersecurity robustness and resilience, where standardisation addresses the necessary technical and organisational security aspects; - Formulates recommendations on standardisation in the area of 5G cybersecurity. The report collects and analyses more than 140 documents and positions them across 150 security measures. The main observations that can be derived from the analysis are the following. - All in all, available standards, specifications and guidelines are general. They can be applied consistently to the 5G technical and functional domains and related lifecycle processes only after being tailored accordingly. - 5G-specific standards, specifications and guidelines are available to a greater extent to the stakeholders of the telecommunication sector than for other stakeholders (e.g. audit organisations and stakeholders in the connected devices industry). - 5G-specific standards, specifications and guidelines cover to a greater extent the 'run' phase of a technology lifecycle, whereas other phases would need tailoring. - Existing knowledge bases on cybersecurity threats and IT-security guidelines can be used for 5G cloud native architectures and architectures relying on APIs (Application Programming Interface). Although these families of software are well known to the IT industry, their use is quite recent and constitute drivers of the 'cloudification' of the telecom sector. - The existing literature does not allow for 'end-to-end' trust and resilience in the 5G ecosystem. For example, guidelines for 5G-specific tools and key performance indicators could be needed to ensure a common understanding of 5G protection and of end-to-end trust and resilience. Concerning gaps in standardisation, the report finds that only the areas of governance and risk management as well as the security of human resources present moderate gaps e.g. related to sector-specific risk management. The other areas considered (e.g. operations management,business continuity management and incident management) present major gaps in standardisation. Still, this report recommends the adoption of a progressive approach to 5G standardisation, which should consider several elements such as the usefulness and necessity of new standards and their link with strategic objectives. It also notes the importance of fostering the maturity and the completeness of the identification and assessment of risk by harmonising risk assessment practices in a way that is inclusive of all stakeholders in the 5G ecosystem. Finally, this report stresses that, while the technical and organisational standards analysed can contribute to the security of 5G, they should not be treated as an exhaustive list of measures guaranteeing security. There are risks that are not covered by standards, for example residual risks whose cost is neither borne by nor attributable to a specific stakeholder, such as societal risks resulting from network malfunctions. Indeed, the complexity of 5G calls for a comprehensive vision of trust and of resilience that goes beyond standardisation. This vision should be future-proof and not dependent on the variability of assets and configurations in the network.