5G is the next generation network which will replace the older 4G technology with the evolution of all elements of the network. The adoption of the 5G technology will, however, also lead to the intensification of security challenges or the emergence of new ones.
The sheer volume of connected devices, in addition to new use cases and evolving business models, make 5G a potential target for cyberwarfare.
Despite the adoption of a Security by Design approach in designing the organisation’s network, it will be crucial to deal with a series of challenges over the next few years.
To address this issue, Reply has developed a Security Proposition strategy focused on 5G. It is designed to support organisations in defining an approach aimed at minimising risks and implementing high security standards, with flexible solutions that can be adapted to the evolutionary developments of a technology in continuous growth.
Thanks to its longstanding, consolidated experience in cyber security, Reply offers a comprehensive approach that carefully takes into consideration all the various security and privacy aspects necessary to implement the most correct protection strategy for 5G networks, technologies and related services.
In order to adequately respond to current and future risks related to the 5G network, a risk-based method is required:
Risk identification: identification of assets or threats;
Risk evaluation: identification of metrics, risk criteria and quantification of the relative risk value;
Risk treatment: application of the strategies recommended by the Threat Vulnerability and Risk Analysis (TVRA) method, with a focus on the redesign and hardening of assets, as well as compliance with applicable security standards.
Once the risk assessment plan and the corresponding risks have been defined, the process continues with the assessment of the most appropriate security solution for each layer of the 5G architecture (endpoint, end-to-end communication, cloud & core network). In this phase, the following activities are carried out:
The analysis and definition of security requirements;
Technical analysis and scouting for the security solution;
The evaluation of the solution identified with regard to the technological and to the business context, in order to develop a Proof of Concept.
The implementation of the security solution identified can be managed at the Core Network or at the Edge level, ensuring active infrastructure security, as well as network and security events monitoring. The Reply approach focuses on the scalability of the solution, ensuring operation and maintenance upstream of the delivery phase, as well as end-to-end protection at the infrastructure level.