Cybersecurity is evolving with the rise of 5G technology

5G isn’t just “faster mobile internet.” 5G is a fundamental redesign in how networks are designed and consumed. It includes cloud-native networks, software-defined cores, massive IoT access points, ultra-low-latency edge computing, and finely-tuned network slices tailored for specific services. These advances not only open up new opportunities – autonomous vehicles, remote surgeries, smart cities – but also fundamentally alter the landscape of cybersecurity. This article explains the security is evolving in order to keep up with 5G. It also outlines new risks that it brings, as well as concrete strategies security teams are using today.

What 5G means — in a nutshell

5G is a new generation that introduces architectural and operational changes to threat models.

• Virtualized, cloud-native network functions replace specialized appliances and increase software complexity.

• Network Slicing allows operators to create multiple virtual networks using the same physical infrastructure. Each network can have different security and service level agreements.

• Edge computing shifts processing from centralized clouds to thousands distributed nodes near users.

• The massive device scale — with billions of IoT devices — increases the attack surface.

• Multi-vendor and open RAN ecosystems Increase supply-chain dependence.

This is already a significant change at scale. Global 5G adoption has increased rapidly, and it’s no longer an experimental technology. 5G Americas

New high-value targets and an expanded attack surface

Attackers can target 5G systems because they are mostly software-based, integrated with cloud environments and edge environments.

• Virtualized Network Functions (VNFs), and Container Platforms.

• APIs and control-plane services manage network slices, orchestration and can be controlled by a successful compromise.

• Edge Nodes and IoT Concentrators that processes sensitive data on premises.

• Supply Chain Components (open source libs, software, third-party VNFs), due to the multi-vendor stacks.

Researchers in academia and the industry have identified network slicing to be a sensitive area. Slice isolation, orchestration APIs, and cross-slice attack vectors are real and worrying. Researchers and operators are exploring mitigations. MDPI+1

From perimeter security to zero-trust and identity-centric cybersecurity

The 5G network is distributed and multi-tenant, making traditional perimeter-based models ineffective. The industry is convergent on zero trust architecture (ZTA) principles for telco networks.

• Before granting access, authenticate and authorize each entity (devices, users, services).

• Use the least privilege and continuous policy enforcement for APIs and service functions.

• Use micro-segmentation between control/management plans and within slices.

NIST, along with other national bodies, has published guidance and projects that demonstrate how to implement Zero Trust in complex infrastructures. Telcos and businesses are adapting this guidance for 5G environments. NCCoE

Edge computing and the IoT: Low latency but greater risk

The edge computing model reduces latency, which is critical to many 5G applications. However, it creates a large number of nodes that need to be secured. Edge and IoT present risks including:

• Compromise edge nodes that allow tampering of local data flows, or launch of lateral attacks.

• Risks to privacy from sensitive processing near users.

• It is difficult to apply uniform patches and monitor thousands of remote nodes.

Industry analysts say that organizations moving towards 5G deployments must prioritize edge security, including lifecycle management. ISACA+1

Standards and regulation: the role of 3GPP, ETSI and CISA

Standards bodies and national agencies are shaping 5G security. The SA3 group of the 3GPP defines 5G’s security and privacy architecture; ETSI, regional agencies and other standards bodies produce specifications and test frameworks. National guidance (for instance, CISA publications), provides operators with practical considerations regarding security for cloud and slicing implementations. As threats change, standards are updated. Compliance will continue to be an important part of risk management for operators. 3GPP+1

Security and key defensive strategies

As 5G technology becomes more prevalent, security practices are changing. Here are some of the key trends and controls that have been adopted.

1. Zero trust + identity-first control

Identity is centralized: Strong device identification, mutual TLS communication for services-to-services, and short-lived credentials (VNFs) for VNFs. Runtime access decisions are made by policy engines for APIs, slices and other components. (See NIST’s recommendations.) NCCoE

2. Secure-by-design, cloud-native hardening

Operators and vendors are integrating security into VNF, container images and orchestration platforms. Immutable infrastructure patterns decrease drift and attack surface.

3. Slice-aware Security

Slice-aware security stacks are required: slice-specific isolation, policy enforcement points and dedicated monitoring to ensure a breach on one slice does not contaminate other slices. CISA and industry guidelines outline slice threat models, and design recommendations. CISA

4. Telemetry and edge hardening

Edge nodes need tailored patching schedules (TPM/secure elements) and lightweight, but comprehensive telemetry to detect anomalies close to their source.

5. Supply Chain Resilience

Operators increase the vetting process of suppliers by using SBOMs and runtime integrity checks. They also tighten procurement security clauses. Supply-chain risks become strategic with Open RAN ecosystems and multi-vendor ecologies.

6. AI-assisted detection

Manual monitoring is impractical due to the high volume of telemetry coming from distributed nodes. AI/ML systems with human oversight can detect anomalies, automate playbooks and triage incidents. It is important to protect ML models from adversarial weaknesses and secure them.

7. Post-quantum preparedness

Although it is not an immediate change in operations for most operators, enterprises and forward-looking operators are planning to migrate to post-quantum encryption for long-term protection of sensitive communications (e.g. signing, key-exchange).

Checklist for security teams: What to do?

Prioritize these concrete steps if your organization plans to or operates on 5G-enabled Infrastructure:

1. Adopt zero trust principles when it comes to network, APIs and services. Inventory identities and enforce the least privilege. NCCoE

2. Map slices and treat each one as a security domain. CISA

3. Harden cloud native platforms and require signed artifacts.

4. Secure edge by leveraging hardware-backed trust, controlled update mechanisms and local telemetry collection. ISACA

5. Improve supply-chain processes : vendor risk assessment, contract clauses and traceability (SBOMs).

6. Improve visibility : central logging, telemetry and AI-assisted analysis to handle distributed observability.

7. Red-team exercises and threat models that focus on 5G-specific vectors such as slice compromise, control plane attack, cross-slice movement, etc.

8. Engage standards and regulators : align with 3GPP/ETSI guidelines to avoid gaps in compliance. 3GPP

The near future

These are the trends to expect in the coming years:

• Cloud native security tools will be standard in SOCs of telcos.

• Development of security products that are aware of the slice (per-slice monitoring, policy controllers and firewalls)

• Increased regulatory focus as the 5G infrastructure becomes a critical national infrastructure for many countries

• Increased use of AI in both offensive and defensive. This creates a constant arms race for detection and evasion methods.

• In critical sectors such as finance, defense and healthcare, there is a growing emphasis on planning for post-quantum migration.

Final Thoughts

5G increases both the opportunity and complexity. The 5G technology forces a change in thinking from perimeter security to identity and policy-driven protection, requiring the securement of thousands of edge locations and new supply chain responsibilities. Good news! The industry has already adapted. Standards bodies, national agencies and vendors are developing technology and publishing guidance to meet these challenges. Security teams who embrace Zero Trust and adopt cloud-native hardening as well as slice-aware monitoring and stringent supply-chain controls are best placed to transform 5G’s promises into secure, resilient capabilities.