On Identifying Threats and Quantifying Cybersecurity Risks of Mnos Deploying Heterogeneous Rats

Wireless networks constitute a significant attack vector for adversaries due to their wide usage in our everyday life. As the fifth generation of wireless networks reaches maturity, several vulnerabilities affecting earlier generations have been resolved. Nevertheless the coexistence of legacy wireless technologies is giving rise to the risk of allowing adversaries to perform downgrade attacks, thus bypassing the improved security of the state-of-the-art communication networks. Vulnerabilities due to the trade-off between security and usability could also exist in the latest wireless networking technologies; hence mobile network operators need to be aware of the risks related to both protocol vulnerabilities and configuration defects. This paper proposes a methodology for the systematic identification of vulnerabilities associated with wireless access protocols and systems and the quantitative evaluation of the resulting risks for mobile operators using attack trees, while considering the current legislative frameworks. The proposed methodology has been designed to aid both, mobile operators towards planning more effective cybersecurity strategies and adopting efficient defences to minimise the probability of an attack and predict its impact on the operational, market and business aspects of mobile network operators. The proposed risk assessment analysis is evaluated over three distinct vertical scenarios, namely an emergency call, a high-speed train commute and a massive public event, with the most relevant threats and their impact being measured and discussed. The evaluation of the model revealed significant results for mobile network operators that are deploying a mix of legacy and state of the art cellular technologies.