News Item

Tackling Security Challenges in 5G Networks

The EU Agency for Cybersecurity (ENISA) proposes good practices for the secure deployment of Network Function Virtualisation (NFV) in 5G networks.

Published on February 24, 2022

Network Function Virtualisation is a new technology in 5G networks, which offers benefits for telecom operators in terms of flexibility, scalability, costs, and network management. However, this technology also introduces new security challenges.

The report released today supports national authorities with the implementation of the 5G toolbox, and in particular the recommendation for EU Member States to ensure that Mobile Network Operators follow security good practices for NFV. It explores the relevant challenges, vulnerabilities and attacks pertaining to NFV within the 5G network. It analyses the relevant security controls and recommends best practices to address these challenges and solutions, taking into account the particularities of this highly complex, heterogeneous and volatile environment.

How does it work?

Traditionally, mobile network functions have been implemented using dedicated hardware and networking equipment, built especially for telecom operators and their networks. Network Function Virtualisation is a new technology used in 5G networks to implement networking functions using software, therefore running virtually on top of standard server hardware or standard cloud platforms.

Applying network function virtualisation will therefore reduce the number of operations and maintenance costs.

60 security challenges were identified in the report and classified under 7 categories:

  1. Virtualisation or containerisation;
  2. Orchestration and management;
  3. Administration and access control;
  4. New and legacy technologies;
  5. Adoption of open source or COTS;
  6. Supply chain;
  7. Lawful interception (LI).

 How do we address the security challenges

The report explores vulnerabilities, attack scenarios and their impact on the 5G NFV assets. The work includes a total of 55 best practices classified under Technical, Policy and Organisational categories.

Some of the key findings the report include:

  • Resource virtualisation:
    • The virtualisation layer provides unified computing resources based on generalised hardware to the layers above and is the basis of all cloud-native and virtualised network functions and service software. If the virtualisation layer is breached, all network functions come under direct attack with disastrous consequences.
  • Resource sharing: 
    • A single physical server may run several different tenants' virtual resources (e.g. virtual machines (VMs) or containers), and a single tenant's virtual resource might be distributed across several physical servers. Multi-tenancy resource sharing and the breaking of physical boundaries introduce the risks of data leaks, data residue and attacks. 
  • Use of open source:
    • There will be increasing use of open-source software. This introduces a new set of security challenges in terms of keeping a consistent and coherent approach to security-by-design and prevention of deliberate security flaws.
  • Multi-vendor environment:
    • In such environment, it remains difficult to coordinate security policies and determine responsibility for security problems and more effective network security monitoring capabilities are required.

NFV is an important technology in 5G and its security is critical for the overall security of the 5G networks, especially because 5G networks are underpinning critical infrastructures.

Background

ENISA supports EU member states with the ensuring that 5G networks are deployed securely. For instance ENISA has supported the European Commission and the EU Member States with developing the EU toolbox for 5G security.

Related publications and documents

NFV Security in 5G – Challenges and Best Practices

EU Toolbox on 5G

5G Supplement - to the Guideline on Security Measures under the EECC

Security in 5G Specifications – Controls in 3GPP

ENISA Threat Landscape for 5G Networks - 2020

EU Cybersecurity Strategy

 Contact

For questions related to the press and interviews, please contact press(at)enisa.europa.eu

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information