The use of multiple technologies in PSN and their connections has increased the integrity of security that requires new system security policies. The challenge now is to maintain a balance between interoperable systems and unified spectrum, while building a venerable free system of security and public protection. According to the National Broadband Recommendations [BRO 16], the FCC should provide a roadmap that identifies the five most critical cybersecurity threats to communications infrastructure and its end users. The FCC should also create a voluntary cybersecurity certification program that creates business incentives for communications service providers to improve the cybersecurity of their network. In addition, additional voluntary incentives should be created to improve education on cybersecurity issues. The FCC and the Department of Homeland Security (DHS) should create a Cybersecurity Information Reporting System (CIRS) to improve “situational awareness” for a coordinated response to any cyberattack in the PSC system. In this regard, the existing Disaster Information Reporting System (DIRS) can be used and updated. The ICSAR must be designed in such a way that information is quickly shared with participating providers. Finally, the FCC should act as a trusted intermediary to ensure that any sharing is reciprocal and that the system is structured in such a way that the service simultaneously provides proprietary information, while remaining confidential. Passive mechanisms consist of observing and analyzing the messages that the tested component exchanges with its environment, and are specifically used either for the management of failures in networks or to verify compliance with a system`s security policies. Active testing is based on generating and applying specific test cases to detect errors.

Another security aspect of video streaming is copyright. This is especially true for subscription video streaming services (such as Netflix). DRM is the practice of securing digital content, including video streams, to prevent illegal copying and distribution of copyrighted material. Specifically, goals typically focus on controlling access to content, enforcing usage rules, and identifying and authenticating the content source. Therefore, DRM-protected content is generally sold as a license to use the content and not as the content itself. DRM solutions to achieve these goals often include tools such as encryption, watermarking, and cryptographic hashing.[94] Cooperation with EPS/4G is an important feature, and during the 5G work, solutions have been developed that cover the security aspects of this cooperation. In this book, we will not describe in detail the security features that apply to 4G/EPS. Instead, the interested reader is referred to books on PSE, see, for example, Olsson et al. (2012).

The next discussion is about the cooperation between EPS/4G and 5GS. Policy-based testing: An important aspect of the security of modern information management systems is access control. Data and resources must be protected against unauthorized, malicious or inappropriate use or alteration. To this end, several standards have been introduced that ensure authentication and authorization, such as eXtensible Access Control Markup Language (XACML) and regulate the drafting of access control policies. Therefore, policy-based testing is the testing process to ensure the accuracy of policy specifications and implementations. By observing the execution of a policy implementation with a test input (that is, an access request), testers can identify errors in specifications or policy implementations and validate whether the corresponding output (i.e. the access decision) is planned. Although policy testing mechanisms vary due to the lack of a uniform standard method for specifying or implementing access control policies, the primary purpose of policy testing is typically to ensure the accuracy of policy specifications and compliance between policy specifications and implementations.

New approaches to testing XACML directives are divided into the following main categories: (i) failure models and mutation tests, which are based on a failure model to describe simple errors in XACML directives; (ii) Test criteria that determine whether sufficient tests have been performed and can be stopped, and measure the adequacy or sufficiency of a series of tests. These include structural coverage criteria and default coverage criteria; and (iii) proposals for trial generation specifically focused on access control policies [102, 103]. Figure 4.3 shows a model designed to reduce the risks associated with physical (configuration) and logical (network/system) access. This model, designed to model an employee`s termination process, is designed to bridge the gap once a termination order hits an organization`s IT systems. This does not allow the human resources department or the manager of the terminated employee to guess whether all access has been terminated. If the team responsible for terminating access to the network/system is buried in the email, which can usually be the case, it can take 24-48 hours at best for any access to be revoked.