AI/ML security in mobile telecommunication network
When adopting new technologies like AI/ML, there is always a balance between benefits and risks. It is essential to recognize that risks vary across different deployments, necessitating the selection of appropriate security controls tailored to each specific context.
Insights
AI/ML components in mobile telecommunication networks
Security of AI/ML should focus on the following components containing AI/ML technologies: Next-Generation Radio Access Networks (NG-RAN), access networks based on the O-RAN architecture, NWDAF within 5G core network, AI-driven Operations/Business Support Systems (OSS/BSS), and security management tools. Integration of AI/ML there without appropriate security measures might elevate security risks in mobile telecommunication networks.
AI/ML threat landscape in mobile telecommunication networks
A comprehensive threat analysis should thoroughly assess the entire system, considering both threats to non-AI/ML entities and the environment in which AI/ML components run, as well as AI/ML-specific threats. This requires the development of defensive strategies that encompass both traditional and AI-specific security controls to maintain a robust security posture against a broad range of potential attacks.
AI/ML threat mitigation in mobile telecommunication networks
The four layers in Ericsson’s trust stack have been adapted to secure AI/ML components within mobile telecommunication networks. This adaptation incorporates findings and recommendations from academic research, industry insights, and cybersecurity authorities’ knowledge about AI/ML risks and mitigations, as detailed in guidelines from respected bodies like the NCSC and CISA. These findings have informed and shaped Ericsson’s holistic security approach: Standardization Efforts in Securing AI/ML, Securing AI/ML Development, Securing AI/ML in Deployment and Securing AI/ML Operations Process.
