Mapping Cyber Threats in the 5G Supply Chain: Landscape, Vulnerabilities, and Risk Management

Moyan Lyu, Junaid Farooq, Quanyan Zhu

Research output: Contribution to journalArticlepeer-review

Abstract

Modern 5G systems are not standalone systems that come from a single vendor or supplier. In fact, it comprises an integration of complex software, hardware, and cloud services that are developed by specialist entities. Moreover, these components have a supply chain that may have linkages and relationships between different vendors. A mobile network operator relies on the functionality and integrity of all the constituent components and their suppliers to ensure the communication network’s confidentiality, integrity, and availability. While the operator can employ cybersecurity best practices itself, it does not have control over the cybersecurity practices of its immediate vendors and the wider supply chain. Recently, attackers have exploited cyber vulnerabilities in the supplier network to launch large-scale breaches and attacks. Hence, the supply chain becomes a weak link in the overall cybersecurity of the 5G system. Hence, it is becoming crucial for operators to understand the cyber risk to their infrastructure, with a particular emphasis on the supply chain risk. In this paper, we systematically break down and analyze the 5G network architecture and its complex supply chains. We present an overview of the key challenges in the cybersecurity of 5G supply chains and propose a systemic cyber risk assessment methodology to help illuminate the risk sources and use it to manage and mitigate the risk. It will guide stakeholders in establishing a secure and resilient 5G network ecosystem, safeguarding the backbone of modern digital infrastructure against potential cybersecurity threats.

Original languageEnglish (US)
Pages (from-to)1
Number of pages1
JournalIEEE Network
DOIs
StateAccepted/In press - 2024

Keywords

  • 5G mobile communication
  • 5G networks
  • Computer security
  • Ecosystems
  • Hardware
  • Security
  • Software
  • Supply chains
  • bill-of-materials
  • cybersecurity
  • supply chain
  • vendor risk management

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Hardware and Architecture
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Mapping Cyber Threats in the 5G Supply Chain: Landscape, Vulnerabilities, and Risk Management'. Together they form a unique fingerprint.

Cite this