The preliminary study on cyber security in 5G and SCADA environments was performed with targeted investigations in the framework of the 3rd Generation Partnership Project (3GPP) and related activities of the Global System for Mobile communications Association (GSMA). The specifications produced within 3GPP and GSMA were also analysed based on the specialised literature on the search for security weaknesses that could generate vulnerabilities in real 5G systems. As a result, the security specification of 3GPP was found to be not only incomplete (with reference to specification plans for 5G systems) but also not final, especially due to the critical review to which it is subjected in the specialised literature (which is carefully observed and possibly appreciated by 3GPP and GSMA).

Based on the accessible documents, it also emerged that the security of real 5G components seems not to have been sufficiently investigated and specified, and therefore, a critical review of the 3GPP-GSMA approach was launched. Regarding the SCADA environment, an initial investigation was carried out both on Law 133/2019 (national security perimeter) and on the typical vulnerabilities of SCADA systems. Particular attention was paid to the PLC (Programmable Logic Controller) component, for which, in addition to the typical vulnerabilities, the security and/or security verification requirements defined in various fields were investigated, such as, for example, IEC 62443 (Security for Industrial Automation and Control Systems) and CSPN (Certification de Securitè de Premier Niveau).

The result is not a final picture, since the investigated area is rather dynamic (e.g., additional and significant specifications are expected from the Law on the perimeter of national security). However, some aspects of the vulnerability assessment process for SCADA systems were analysed which, due to the fusion between IP (Internet Protocol) and SCADA technologies, can also count, with proper adaptations, on tools and methods already used for generic ICT components.