EU cybersecurity agency releases report on security controls in 3GPP

The European Union Agency for Cybersecurity (ENISA) released a report titled, Security in 5G Specifications Report, about key security controls in the Third Generation Partnership Project (3GPP). The 3GPP serves as the main body developing technical specifications for 5G mobile telecommunications networks. As vendors, system integrators, and operators build, deploy, and manage 5G networks, the report underlines the importance of cybersecurity and of the national regulatory authorities in charge of cybersecurity policy development and implementation to have a solid understanding of these controls. This report is directly driven by the objectives highlighted in the EU Toolbox for 5G security and the technical measure ‘TM02’. This technical measure calls on the relevant authorities in EU member states to ensure and evaluate the implementation of security measures in existing 5G standards, specifically 3GPP, by operators and their suppliers. The report aims to help national and regulatory authorities to better understand the standardisation environment pertaining to 5G security, 3GPP security specification, and key security controls that operators must implement to secure 5G networks.