Abstract
This article discusses how the gap between early 5G network threat
assessments and an adversarial Tactics, Techniques, Procedures (TTPs) knowledge
base for future use in the MITRE ATT&CK threat modelling framework can be
bridged. We identify knowledge gaps in the existing framework for key 5G
technology enablers such as SDN, NFV, and 5G specific signalling protocols of
the core network. We adopt a pre-emptive approach to identifying adversarial
techniques which can be used to launch attacks on the 5G core network (5GCN)
and map these to its components. Using relevant 5G threat assessments along
with industry reports, we study how the domain specific techniques can be
employed by APTs in multi-stage attack scenarios based on historic
telecommunication network attacks and motivation of APT groups. We emulate this
mapping in a pre-emptive fashion to facilitate a rigorous cyber risk
assessment, support intrusion detection, and design defences based on common
APT TTPs in a 5GCN.