In the context of 5G systems, an analysis of the security issues related to the concepts of Network Function Virtualization (NFV) and Network Slicing was carried out. Furthermore, in view of the specific innovations introduced in the 3GPP (3rd Generation Partnership Project) and GSMA (Global System for Mobile communications Association) contexts for the security assessment of real 5G components, the revision (carried out in the preliminary study) of the SECAM (SECurity Assurance Methodology) and the corresponding NESAS (Network

Equipment Security Assurance Scheme) have been significantly updated. Finally, the analysis of vulnerabilities in the 3GPP security specifications (started in the preliminary study) was extended. The in-depth study for 5G systems allows a precise assessment of the level of security currently achievable by a 5G access network. However, it is not sufficiently specified how to approach the security assessment of real components, especially in the case of virtualized components (based on the NFV paradigm). In the context of SCADA systems, the revision of the national legislation on the National Cyber Security Perimeter (Law 133/2019 and subsequent provisions) has been updated as far as possible (given the delays in the preparation of the relevant standards), especially with regard to the requirements for the acquisition of components to be included in the perimeter itself. Furthermore, a review of the risk assessment methods used/proposed for the SCADA context

was carried out and the review (started in the preliminary study) of the vulnerabilities of (components of) SCADA systems was integrated. Finally, the preliminary definition of a risk analysis methodology related to the acquisition (of components) of SCADA systems in the National Cyber Security Perimeter was made. The proposed methodology will be developed in the future according to the evolution of the reference legislation. In the context of blockchain systems, an initial study was carried out on the potential of these systems for defining solutions to the problem of authenticating the public keys of IoT devices. The specialized literature dedicated both to the use of digital certificates and PKI (Public Key Infrastructure) (classical solutions for the authentication of public keys) in the IoT context, and to the authentication of public keys of devices based on Blockchain systems was reviewed. Some proposals for the authentication of devices (preferably of the IoT type) based on Blockchain were examined in detail. The results of the analyses will be used in the continuation of the activity to configure an appropriate experimental setup.