The initial 5G-ENSURE study on risk assessment, mitigation and requirements marks a first step towards defining a risk assessment and mitigation methodology to be followed for the specific task of evaluating the 5G security uses cases and architecture proposed by the project.
This initial study covers:
The conceptual 5G security framework proposed at this point in time within the 5G-ENSURE project based on on-going work.
The definition of the Risk Management Context, looking first at the 5G assets and actors and then at the identification of threats.
Initial threat analysis of representative use cases defined by 5G-ENSURE and with a focus on ‘internal’ threats, that is, threats derived from the 5G-ENSURE use cases, which capture the very essence of security and privacy aspects of 5G networks.
Initial design recommendations with respect to the 5G threats analysed.
Future work on risk assessment, mitigation and requirements
The final version of the study, which will be published in October 2017, will further refine the methodology after examining each of the approaches, especially for factors such as risk severity, impact and the level of control of remediation.
This final version will provide a full threat analysis (including ‘external’ threats coming from other sources than 5G-ENSURE use cases), their categorisation, prioritisation with regard to severity and impact, as well as complete mitigation and remediation recommendations, functional requirements and architectural options. It will also define relevant metrics for use of security monitoring, and penetration tests over the security test bed and gap analysis.
Co-authors: Ericsson, IT Innovation, NEC, NIXU, Orange, Thales Alenia Space, Oxford University, Thales, Telecom Italia and VTT.
All current 5G-ENSURE outputs.