The introduction of 5G in mobile networks represents a paradigm shift which requires new approaches for dealing with security threats. The softwarization of network functions, the requirements to support less secure legacy networks, and the adoption of web-centric protocols give 5G an increasing attack surface which must be controlled. In the future, the Next Generation Critical Communication (NGCC) networks will be moving towards high-speed public 5G networks and eventually turning them into a part of national critical infrastructure. Also, security requirements are generally stricter for NGCC networks than for 5G, hence it is crucial to understand how this may influence the threat landscape. There is a need for new threat modeling methods and tools to effectively identify and address emerging risks in multi-generational 5G networks. Moreover, it is difficult to validate threat modeling approaches by performing security exercises and pentesting on operational 5G networks, as this could lead to unacceptable risk. The project objective is to improve the security of 5G-enabled NGCC networks (Nødnett in Norway) that emergency organizations such as police, health, fire, and rescue services use. The project seeks to investigate the application of threat modeling science together with a cyber range concept for simulating realistic 5G inherited risks to the NGCC network and validate countermeasures. The project aims to identify and analyze security vulnerabilities proactively in 5G to stay ahead of the attackers. The project delivers a 5G cyber-range platform empowered with tools for risk assessment, attack simulation, evaluation, and demonstration of defensive solutions for NGCC. The project includes a Norwegian mobile operator, authorities responsible for cellular networks and security, research institutes, and universities. The proposed approach could be a future best practice for the Norwegian telecom industry to address cyber security challenges.
