ENISA Releases 5G Threat Landscape 2023 Report — January 23, 2024
Europe’s cybersecurity agency catalogued 5G attack trends, emphasizing supply chain assurance, slicing security, and open RAN hardening.
Executive briefing: On the European Union Agency for Cybersecurity (ENISA) published its 5G Threat Landscape 2023 report. The study surveys evolving threats to European 5G networks and recommends actions for mobile network operators, vendors, and national authorities.
Top risk themes
- Supply chain exposure. ENISA highlights risks stemming from third-party software, chipsets, and managed services integrated into 5G core and radio access networks.
- Network slicing complexity. Misconfigurations and insufficient isolation between slices could enable privilege escalation or lateral movement between tenants.
- Open RAN adoption. Increased use of open interfaces introduces new attack surfaces that require rigorous testing and certification.
Control alignment guidance
- EU 5G Toolbox. Align vendor risk assessments and certification requirements with the toolbox’s strategic and technical measures.
- NIS2 readiness. Telecommunications operators should map ENISA’s recommendations to forthcoming national NIS2 transpositions covering electronic communications.
- ISO/IEC 27011. Incorporate report findings into telecom-specific information security management systems, particularly supplier due diligence and secure configuration controls.
Operational recommendations
- Expand security testing for open RAN components, including fuzzing of O-RAN interfaces and validation of secure boot mechanisms.
- Enhance telemetry from 5G core network functions to detect anomalous slice requests or unauthorized API calls.
- Coordinate with national regulators to ensure incident reporting and threat intelligence sharing mechanisms cover 5G standalone deployments.