The EU's cybersecurity agency Enisa has issued new guidelines on telecom network security for national authorities. Updating its previous guidelines from 2014, Enisa said it incorporated the security elements from the new European Electronics Communications Code, which must be implemented in national law by the end of this year, and the latest recommendations on 5G network security.
The non-binding technical guidance is designed to help telecom security authorities implement and enforce the new regulatory code. Article 40 of the EECC contains detailed security requirements for electronic communication providers, and Article 41 of the code empowers competent authorities to implement and enforce these requirements.
The guidelines cover 29 high-level security objectives listed under eight security domains: governance and risk management, human resources security, security of systems and facilities, operations management, incident management, business continuity management, monitoring, auditing and testing, and threat awareness. The Enisa report also provides detailed security measures organised into three levels of increasing sophistication (basic, industry standard, state-of-the-art). Each security measure includes examples of evidence to help assess if the measures are in place.
The 5G supplement provides national authorities with a guide to ensure the security of 5G networks and services, adding 70 proposed checks for 5G to the standard network guidelines. This builds on the EU's 5G 'tool box' with additional information and references at the technical level for new technologies, such as virtualisation, slicing and edge computing.
The guidelines and the 5G supplement were drafted in close collaboration with the ECASEC expert group of national telecom security authorities and in line with the work stream on 5G cybersecurity under the NIS Cooperation Group.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. If you see a comment that you believe is inappropriate to the discussion, you can bring it to our attention by using the report abuse links. As the comments are written and submitted by visitors of the Telecompaper website, they in no way represent the opinion of Telecompaper.