She works as Security Associate Manager at Accenture Italia. Her expertise is related to mobile security: development of a system for Android app analysis (goodware and malware).

5G: Need of a comprehensive Cyber Security Framework

Until now, the telecommunication technologies (fixed and mobile) has been intended to provide connectivity with the highest through put and the platforms have been a consequence of this capability to offer new services for critical sectors such as Public Safety, eHealth, Automotive, Manufacturing and Utilities. 5G networks will be based on a new architecture which will allow flexibility and high performance tailored for several B2B and B2C use cases, where heterogenous devices (e.g. IoT, phones) will be connected via heterogeneous access networks or using Multi-access Edge Computing , to guarantee the right connection for each service. Traditional RAN and Core Network (CN) have been completely redesigned to create dynamic IP based architectures based on VNF and SDN.
New RAN also implements the splitting of radio access node in RadioRemoteHead and BaseBandUnit. In this way, it has been possible to virtualize RAN. This approach will tailor different topology on different services, also in correlation with other needs (for instance URLL). This is will be relevant not only in term of resource optimization and performance, but because there will be a densification than 4G and there will be shared between different providers. 5G CN is decomposed in VNFs dynamically allocated and connected to guarantee flexibility and quick delivering of customizable services.
Using this approach, the traditional network is portioned in multiple virtual networks (Network Slices) which are created on top of a shared physical infrastructure.
Another important evolution is the moving from a point-to-point signaling architecture to a Service Based Architecture (SBA). Signaling messages used internally or over the roaming interconnections will be replaced by REST API over HTTP/2, moving toward a deployment model based on client-server approach.
Considering these key points of the 5G networks, the speech will describe the main security challenges which can be envisaged in 5G, focusing on all aspects, i.e.:
• Heterogeneous Devices
• Security fronthauling and backhauling interfaces
• Heterogeneous Access Networks
• New Signaling Protocols
• Resource sharing and SDN&NFV
• Network Slicing
• User Privacy
• Complex Ecosystem
• Untrusted External Network Exposure
• Supply-chain integrity
These threats need to be addressed properly by the adoption of better than state-of-the-art security measures. Technical and organizational measures are needed to appropriately manage these risks. So, it is necessary to rethink traditional approach to cyber security and in the speech, we detail a flexible and cost-effective Cyber Security Framework able to guarantee the protection and resilience of 5G networks. This framework shall include traditional security technologies, but also new ones based for example on artificial intelligence, machine learning and big data analytics. Within this framework new security governance models to properly address the complexity of the ecosystem shall also be defined. Finally, we also talk about the need of a certification framework for digital products, processes and services which could also be useful to promote and enforce consistent levels of security between the different players. The European Cyber Security Act will be analysed to underline possible gap to address.