The European Union Agency for Cybersecurity (ENISA) publishes one report on eSIMs and a second one on fog and edge computing in 5G. Both reports intend to provide insights on the challenges of these technologies.

ENISA deep dives into the eSIM technology security challenges and investigates security issues for fog and edge computing in 5G in order to support the national security competent authorities of the ECASEC group and the NIS Cooperation Group work stream on 5G cybersecurity.

The case of eSIMs

eSIM is the generic term used for the embedded form of a SIM (subscriber identity module) card. Built into the device, the eSIM is hosted on a tiny chip that provide storage for the mobile subscription details in digital format.

Like the regular SIM card, the eSIM identifies a subscriber within a mobile operator’s network and can be found in a wide range of products, such as wearable devices, computers, medical internet-of-things (IoT) devices, home automation and security systems, and handheld point-of-sale devices.

The report issued today gives an overview of the eSIM technology, assesses the market potential in Europe and includes security challenges identified and proposed mitigation measures.

The security challenges identified are associated with software attacks like eSIM swapping, memory exhaustion and undersizing memory attacks, inflated profile and locking profile attacks.  Cybercriminals can cause unavailability of services or can gain access to sensitive information. 

Still, no major technical vulnerability has been detected so far with only limited reported cybersecurity breaches. However, the large scale IoT deployment and the subsequent rise in the use of eSIMs could result in a rise of such cyber incidents.

Find out more in the report “Embedded SIM Ecosystem, Security Risks and Measures”

The case of fog and edge computing: the role it plays in 5G

Fog and edge computing has created new opportunities and novel applications in the 5G ecosystem. However, the telecommunications, cloud and industrial communities need to address multi-modal security challenges.

With an architecture being a layer below cloud computing, the main goal of fog and edge computing is to reduce the workload of edge and cloud devices by offering additional network and hardware resources to both parties.

Resorting to this technology provides computing, storage data and application services to end users while being hosted at the network’s edge. It reduces service latency and improves the overall end-user experience. End users benefit from remote access to data storage and from availability of services without extensive resources needed, therefore reducing costs.

The report provides an overview of fog and edge technologies in terms of 5G, in relation to their architecture, attributes, and security aspects. The different architectural approaches are also introduced and their applications. It also outlines the standardisation solutions and provides an analysis of applications scenarios.

Find out more in the report “Fog and Edge Computing in 5G”.

39^th meeting of the ECASEC Expert Group

Organised in a hybrid format, both in Dublin, Ireland and online, the meeting gathered about 60 experts from national authorities from EU, EFTA, EEA, and EU candidate countries, who are supervising the European telecom sector.

The group experts engaged in a discussion on the new work programme, and also focused on the potential update of the existing security measures and incident reporting frameworks with the objective to reflect the changes introduced by the NIS2 directive.