Cybersecurity for 5G
As 5G networks become the foundation for next-generation telecommunications and critical services (such as healthcare, smart cities, and autonomous vehicles), the security of these networks is more vital than ever.
Sign up for a Virtual Classroom Session
Dates: 8-10 April 2025
Hours: 09.00 – 13.00 CEST
Price: € 1 870
CONTENTS
The Cybersecurity for 5G course is a comprehensive 12-hour training designed to equip cybersecurity professionals, telecom engineers, managers, and governance teams with the knowledge and skills to identify, mitigate, and manage security threats in 5G networks. The course covers the unique security challenges posed by 5G technology, explores emerging threats such as virtualization and cloud-native infrastructures, and provides practical guidance on implementing security controls across various 5G domains. Additionally, the course delves into the governance and risk management practices required to maintain a secure 5G network once deployed.
COURSE OBJECTIVES
1. Understanding and Identifying 5G Security Threats
– Understand the unique security challenges of 5G technology, including scalability, virtualization, IoT, low-latency use cases, and network slicing.
– Analyze the evolving 5G threat landscape, including risks related to network function virtualization (NFV), software-defined networking (SDN), and third-party supply chains.
– Identify and model security threats using tools such as threat modeling and risk assessment, particularly in key areas like the RAN, core network, and MEC (Multi-Access Edge Computing).
– Recognize new attack vectors introduced by AI-powered threats and how machine learning can be exploited by attackers.
2. Implementing Security Controls and Mitigation Strategies
– Implement industry best practices for securing 5G networks, focusing on the core network, RAN, MEC, and network slicing.
– Secure cloud-native 5G environments, including containerized network functions, orchestrators (e.g., Kubernetes), and micro-segmentation techniques to isolate critical functions.
– Apply encryption, mutual authentication, and other security measures to protect data flows and secure communication between VNFs and other network components.
– Design slice-specific security measures, ensuring isolation between network slices to prevent lateral movement and attacks across different use cases.
3. Managing and Governing Security in 5G Networks
– Develop governance frameworks for telecom operators, incorporating best practices in security management, compliance, and auditing for 5G networks.
– Comply with global security standards such as 3GPP TS 33.501, GDPR, HIPAA, and other regulatory requirements affecting telecom operators.
– Manage ongoing risks and incidents in live 5G networks, creating business continuity and disaster recovery plans tailored to 5G architecture.
– Develop and execute incident response plans, utilizing automated response mechanisms and collaborating with stakeholders across borders to ensure swift resolution of breaches.
– Conduct security audits and assessments to ensure that the network remains compliant and secure over time, while identifying new vulnerabilities as technology evolves.
Course outline
- Overview of 5G Technology: RAN, Core, MEC, network slicing, and IoT integration.
- Unique Security Challenges in 5G: Scalability, virtualization, IoT, low-latency requirements, and diverse use cases.
- Introduction to Key Standardization Bodies: 3GPP, ETSI, ITU-T, and their roles in 5G security.
- Introduction to ENISA’s 5G Threat Landscape: Overview of ENISA’s 5G threat landscape methodology and its relevance to 5G security.
- Detailed analysis of threats identified by ENISA, including those related to virtualization and supply chains.
- Security risks introduced by network function virtualization (NFV) and software-defined networking (SDN).
- Risks from third-party vendors, hardware, and software components.
- Methods on securing the air interface, gNodeB, and managing IoT at scale.
- Security risks due to distributed architecture at the network edge.
- Emerging AI-powered threats and the use of AI/ML in defense.
- Core network security: Encryption, mutual authentication, and securing data flows.
- RAN security: Securing the radio interface, handovers, and massive IoT deployments.
- Network slicing: Slice-specific security measures, isolation, and preventing lateral movement.
- Advanced security measures: AI-powered threat detection, behavioral analytics, balancing security with network performance.
- Cloud-native security: Securing VNFs, containerization, and orchestrators (Kubernetes, Docker).
- Multi-Access Edge Computing (MEC): Physical and logical security at the edge.
- Micro-segmentation and isolation in virtualized environments.
- Securing communication between VNFs and cloud infrastructure.
- Governance in 5G Security : Developing governance frameworks for telecom operators.
- ENISA’s Cybersecurity Assessment Methodology: A detailed look at sectoral assessments and how they apply to telecom operators.
- 3GPP TS 33.501: Key security standards and requirements for compliance.
- Regulatory compliance: GDPR, HIPAA, and other key regulations affecting 5G networks.
- Security Audits: Regular audits and assessments to ensure compliance with both standards and internal policies.
- Risk Management: Developing mitigation strategies and prioritizing risks based on critical assets.
- Business continuity : Creating business continuity plans tailored to 5G networks.
- Incident response plans: Automated response mechanisms, cross-border coordination, and collaboration with external stakeholders.
- Emerging 5G Use Cases: IoT Security, URLLC, Massive Machine-Type
- Communication (mMTC)
- The Role of AI and Machine Learning: AI-powered automation for security
- monitoring and threat detection in 5G environments.
- Future Trends in 5G Security: Post-Quantum Cryptography, Security
- Automation, 6G and Beyond
Target Audience
Cybersecurity Professionals: Those working in telecom, critical infrastructure, and technology sectors.
Telecom Operators and Vendors: Engineers and managers responsible for network security.
Regulators and Policymakers: Government and industry professionals involved in setting security standards and policies.