The document provides a comprehensive analysis of threats, vulnerabilities, and risk scenarios in the telecommunications sector, focusing on public electronic communications networks and core Internet infrastructure. It outlines the methodology used, including data collection through questionnaires and discussions with Member States within the NIS Cooperation Group. The report highlights the importance of assessing the security and resilience of international interconnections, particularly submarine cables, and clarifying the supervisory mandates for these connections.
One key recommendation is to evaluate the criticality, resilience, and redundancy of core Internet infrastructure, such as submarine cables, to address gaps in information and understanding in this area. Supply chain risks related to 5G networks are also emphasized, with a call for operators to implement appropriate cybersecurity measures and report incidents to national authorities.
The document underscores the need for strategic recommendations to enhance the resilience of communications infrastructures, including assessing international interconnections and core Internet infrastructure. Technical recommendations focus on strengthening security measures for 5G networks and addressing technological, process-related, human factor, and physical risks.
Furthermore, the report suggests actions such as evaluating the resilience of international interconnections, promoting transparency in supplier selection, engaging in cyber exercises and operational collaboration, enhancing information sharing, and providing financial support for technical measures against cyber threats in networks.
Annexes detail vulnerabilities in network equipment, routing protocols, network management, end-user devices, physical infrastructure, supplier dependencies, technical expertise, and power supply. Risk scenarios related to 5G network security are presented, along with strategic and technical measures to mitigate these risks effectively.
Overall, the document serves as a valuable resource for policymakers and stakeholders in the telecommunications sector to address cybersecurity challenges, enhance network resilience, and mitigate potential threats and vulnerabilities effectively.
