February 25, 2026
CloudRAN.AI and Firecell Partner to Cut the Cost and Complexity of Private 5G
read now
BREAKING NEWS: Firecell and Accelleran Merge to Deliver Sovereignty-Compliant Industrial Private 5G Learn more
5G networks are transforming industries, but they also bring new security challenges. With decentralised architectures, billions of IoT devices, and software-driven components, the attack surface has grown exponentially. This makes real-time threat intelligence critical for detecting and responding to cyber threats before they cause damage.
From supply chain breaches to advanced persistent threats, the stakes are high as 5G supports critical infrastructure. By integrating advanced tools, AI, and robust security frameworks, organisations can stay ahead of evolving cyber risks.
Traditional vs Private 5G Networks Security Architecture Comparison
Private 5G networks bring a whole new set of security challenges compared to older systems. Unlike traditional setups built on proprietary hardware, 5G uses cloud-native software and virtualised functions. This shift introduces vulnerabilities typically found in IT systems – like malware, misconfigurations, and software exploits – into the telecommunications world in ways we haven’t seen before.
Decentralisation through Multi-Access Edge Computing (MEC) adds another layer of complexity. By moving computing resources closer to the network edge, organisations can reduce latency, but they also create more physical access points. This decentralised setup, combined with the explosion of industrial IoT devices – many of which lack proper security – leads to a much larger attack surface. Between July 2020 and June 2021, the telecommunications sector became the most targeted industry, accounting for 40% of all intrusions. While this architecture enables exciting new capabilities, it also opens the door to more advanced threats.
Network slicing, a key feature of 5G, brings its own risks. This technology allows multiple virtual networks to operate on shared physical infrastructure, but misconfigurations can lead to cross-slice attacks. For example, a breach in a low-security slice, like a guest network, could compromise critical industrial operations running on the same hardware. The LightBasin threat group exploited such vulnerabilities, staying undetected while stealing sensitive data through poorly secured interfaces.
| Feature | Traditional Infrastructure (4G/Wi-Fi) | Private 5G Networks |
|---|---|---|
| Architecture | Centralised, hardware-based | Decentralised, cloud-native, software-defined |
| Security Model | Perimeter-focused (implicit trust) | Zero Trust (never trust, always verify) |
| Attack Surface | Limited, well-defined entry points | Expanded via MEC, IoT, and APIs |
| Primary Threat | External breaches | Lateral movement and insider threats |
"By bringing Wi-Fi and 5G under a common security framework, the industry can accelerate digital transformation without compromising resilience or interoperability." – Tiago Rodrigues, President and CEO, Wireless Broadband Alliance
The expanded attack surface created by MEC and network slicing has given adversaries new opportunities to deploy advanced tactics. Attackers now use AI-driven automation to adapt their methods in real time, bypassing even the most up-to-date security measures. The software-defined nature of 5G makes critical components like the User Plane Function (UPF) and network slicing infrastructure prime targets for attacks aimed at disrupting operations or stealing sensitive industrial data.
Supply chain attacks are another major concern. In February 2026, a joint report by Booz Allen Hamilton and Palo Alto Networks revealed how the China-linked group Salt Typhoon compromised 5G core components using stolen credentials and supply chain vulnerabilities. This breach, described by Senator Mark Warner as one of the most severe telecom hacks in U.S. history, resulted in the exfiltration of call records and network configurations. Advanced Persistent Threats (APTs) like this exploit legitimate network tools to maintain prolonged, undetected access to 5G infrastructure.
"The campaign [Salt Typhoon] highlights the need for secure-by-design defences across telecommunications and private 5G networks to counter advanced, long-dwell threats targeting critical infrastructure." – Booz Allen Hamilton and Palo Alto Networks
For industries such as manufacturing, logistics, and energy, the stakes are incredibly high. Unlike traditional enterprise networks, where disruptions may only affect office productivity, failures in private 5G networks can halt production lines, compromise safety systems, and lead to massive financial losses. Ransomware operators specifically target these sectors because their low tolerance for downtime makes them more likely to pay.
The convergence of cyber and physical threats adds another layer of risk. Attackers can weaponise 5G’s IoT connectivity to launch large-scale DDoS attacks or create botnets that disrupt entire facilities. Weak authentication systems, poor role-based access controls, and insufficient multi-factor authentication further expose networks to insider threats and unauthorised access. In this environment, traditional perimeter-based security is no longer effective. Instead, identity has become the new perimeter.
Effective 5G threat intelligence isn’t just about collecting alerts – it’s about combining internal telemetry with external data to understand how threats target cloud-native systems. The unique architecture of 5G, built on Software-Defined Networking (SDN), Network Function Virtualisation (NFV), and Open Radio Access Network (O-RAN) components, introduces specific vulnerabilities. Addressing these requires contextual Cyber Threat Intelligence (CTI) that not only identifies threats but also explains how they impact 5G infrastructure. A strong starting point for this approach lies in real-time threat feeds, which act as the foundation of 5G security.
Real-time threat feeds are essential for any 5G security framework. These feeds provide immediate indicators of malicious activity, such as flagged IP addresses, domains, and file hashes, which can be cross-referenced with both current and historical network data. The most effective strategies combine a variety of intelligence sources, including:
Threat Intelligence Platforms (TIPs) streamline the process by automating data collection, standardisation, and retroactive analysis – allowing organisations to identify hidden breaches by comparing new threat indicators with past data.
Mapping adversarial Tactics, Techniques, and Procedures (TTPs) to frameworks like MITRE ATT&CK provides a shared understanding of how attackers target 5G core networks. This involves monitoring critical components such as SDN controllers (which direct network traffic), NFV orchestrators (which manage virtualised network functions), and signalling protocols like HTTP/2 used in service-based architectures. Tools like Amass, Maltego, and Onyphe enhance visibility by offering detailed insights into decentralised 5G deployments. Together, these feeds and tools form the backbone of advanced detection capabilities.
Artificial intelligence is redefining threat detection by shifting from reactive to proactive defence. Traditional signature-based systems can miss up to 70% of zero-day exploits. AI-driven anomaly detection, on the other hand, analyses massive volumes of network data to anticipate and counteract threats like DDoS attacks or insider breaches.
For example, the SecureNet-RL framework uses reinforcement learning to achieve a detection accuracy of 95.8% in 5G environments – significantly outperforming traditional intrusion detection systems (78.2%) and even supervised machine learning models (88.5%). These AI-powered systems can mitigate threats in under 50 milliseconds, a key advantage for low-latency applications like autonomous vehicles.
In 2024, Vertiv adopted Google Security Operations, logging 22 times more data and detecting three times as many events compared to their previous SIEM system. They also halved the time needed for security investigations.
"The Gemini AI functionality within Google Security Operations really impressed me. It gives you essentially 70 or 80 per cent of the detection right out of the box and then you only have to add those kinds of small things in the middle." – Manan Doshi, Senior Security Engineer, Etsy
Federated Learning (FL) offers a secure way to enhance 5G network slicing by enabling different network slices to share threat intelligence and train models collaboratively – without exposing sensitive raw data. This approach strengthens overall security while maintaining privacy. Generative AI and deep learning models further improve defences by analysing historical data to predict new vulnerabilities and evolving attack methods. Additionally, natural language processing simplifies the work for security teams by allowing them to search data and create queries using plain English instead of complex coding languages.
Integrating threat intelligence into private 5G networks requires a flexible yet robust approach to security. The challenge lies in balancing the dynamic, cloud-native nature of 5G architectures with the need for real-time, effective protection. Three key strategies stand out: adopting Zero Trust principles, utilising edge computing for localised threat handling, and employing network slicing to create specialised security zones. Together, these strategies form a solid foundation for securing 5G networks and align with real-time monitoring measures discussed later.
Zero Trust operates on a straightforward idea: trust nothing by default. In 5G environments, perimeter security alone is insufficient. Instead, every access request – whether from users, devices, or network functions – must undergo continuous verification.
This can be achieved by enabling 3GPP features like mTLS and OAuth 2.0. Continuous authentication, fine-grained authorisation, and dynamic trust scoring – based on factors like patch levels, configurations, and behaviour – further strengthen this model.
"The zero trust security model resolves this issue by never making any assumptions about trustworthiness… it mitigates both the risk of an external attacker getting a foothold in the network as well as the risk of lateral movement." – Ericsson Technology Review
This approach is especially critical when considering that 60% of attacks on mobile networks stem from IoT bots scanning for weak spots to launch DDoS attacks.
Multi-Access Edge Computing (MEC) transforms threat detection by enabling localised processing of intelligence. Instead of routing all data through centralised cloud infrastructure, MEC allows for immediate response to threats, significantly reducing latency. For instance, deploying AI models like GRU-based autoencoders on MEC servers enables anomaly detection with inference latency of under 7 milliseconds.
Enhancing MEC with federated learning takes local threat detection a step further. This method allows edge nodes to collaboratively train detection models without sharing sensitive raw data, cutting communication overhead by 50–70% compared to centralised systems. Frameworks like Edge-FLGuard+ achieve detection accuracy of 95% or more while maintaining a memory footprint under 1.2 MB.
"Multi-Access Edge Computing (MEC) and AI-driven analytics strengthen security posture by enabling real-time anomaly detection, local decision-making, and automated threat response." – Wireless Broadband Alliance
This strategy is particularly effective in IoT-heavy environments where constant cloud connectivity is impractical.
Network slicing enables the creation of isolated virtual segments within shared physical infrastructure, allowing businesses to tailor security measures to specific use cases. For example, a manufacturing facility might dedicate one slice to critical operations and another to less sensitive tasks.
5G networks can support up to 4,096 end-to-end slices, each customised based on factors like geographical area, device type, latency, mobility, coverage, and connection density. In October 2019, ZTE and China Telecom launched the first 5G Stand Alone network using a "SliceStore + Edge computing + Intelligent manufacturing" solution, integrating 5G into workflows to boost production efficiency while reducing costs.
The primary security advantage of slicing is containment. If one slice is compromised, the breach remains confined to that segment. Policy Decision Points (PDP) and Policy Enforcement Points (PEP) enforce strict access rules for each slice’s resources.
| Security Strategy | Primary Benefit | Key Enabler |
|---|---|---|
| Zero Trust Architecture | Prevents lateral movement after a breach | IAM, PAM, and X.509 Certificates |
| Network Slicing | Tailored security for sensitive operations | SDN and Micro-segmentation |
| MEC Security | Real-time response with low latency | Localised AI/ML Anomaly Detection |
"Up to 4096 different 5G end-to-end slices can be customised for different enterprises to meet different requirements for geographical area, terminal type (human, IoT), network latency, mobility, network coverage, connection density and connection costs." – Mr. Jason Tu Jiashun, Chief Scientist of Virtualisation, ZTE
Together, these strategies create a layered defence specifically designed for private 5G networks. The key lies in integrating security measures into the network architecture from the outset, ensuring they are a core component rather than an afterthought.
Firecell offers private 5G networks tailored for industrial and enterprise use, prioritising security at every level. Their approach ensures sensitive data stays isolated from public threats while giving organisations complete control over their networks. By implementing Zero Trust principles and utilising real-time analytics, Firecell applies advanced threat intelligence strategies in industries like manufacturing, logistics, and automotive.
Firecell’s platform operates as a network service, using AI-powered tools to detect anomalies and potential threats in real time. This proactive approach helps to mitigate risks before they escalate. As Zineb Gdali from Firecell highlights:
"By prioritising security, businesses can confidently embrace the future, knowing they are well-equipped to handle the evolving landscape of 5G technology".
These values form the foundation of Firecell’s comprehensive and secure solutions.
Firecell simplifies private 5G deployment with its turnkey solutions. For example, the Orion Labkit provides an open-source testing environment, while their solutions include secure device identity management through SIM or eSIM provisioning, ensuring only authorised devices access the network.
Their architecture is grounded in Zero Trust principles – operating under the mantra "never trust, always verify." This includes strict access controls and continuous monitoring. Automated tools for threat intelligence and patch management ensure vulnerabilities are addressed promptly, reducing the workload on IT teams. Built on the Open Air Interface platform, Firecell’s solutions incorporate standardised security protocols, promoting global collaboration in security advancements.
In 2024, Firecell spearheaded the GEO5G project consortium, part of France’s 5G Acceleration Plan (France 2030). Stellantis joined as a test partner, deploying a private 5G network at its test workstations. This setup enabled real-time geolocation with 1-metre accuracy to monitor industrial tools. The system flagged deviations, such as tools operating outside designated "red zones", and could even block unauthorised actions. This ensured 100% quality control, preventing costly errors on automotive assembly lines.
Firecell also ensures ongoing security through integrated real-time monitoring tools.
Firecell’s solutions provide continuous network monitoring powered by AI-driven orchestration tools. These tools automate network setup and maintain vigilance across all connected devices. The platform’s Location Management Function (LMF) delivers sub-metre accuracy for asset tracking, which is crucial for detecting physical security breaches or misplaced tools.
The system actively monitors processes, triggering alerts for any deviations from predefined sequences or zones. Firecell elaborates:
"The system developed within the framework of the GEO5G project will make it possible to measure and send alerts if the operator does not carry out all these actions in a predefined order and in a predefined zone".
Additionally, Firecell assists organisations in securing dedicated frequency allocations from local regulators, ensuring their networks remain isolated from public interference and safeguarded against cyber threats.
Integrating threat intelligence into private 5G networks is not a one-time task. It requires constant adjustments to keep pace with evolving threats. Below, we explore key practices for monitoring and collaboration that strengthen detection and response capabilities in private 5G environments.
Active monitoring forms the backbone of effective 5G security. Advanced 5G SIEM systems, capable of handling up to 3,500 single-event and 200 multi-event rules, significantly cut down investigation times by 65% and response times by 50%. With the help of AI-powered tools, security teams can sift through petabytes of telemetry data without needing to rely on complex manual queries.
For effective threat hunting, mapping adversarial tactics using the MITRE ATT&CK framework is essential. This approach helps identify vulnerabilities in SDN and NFV environments, allowing for adjustments to intrusion detection systems. Micro-segmentation adds another layer of defence by applying fine-grained filtering to quickly flag unusual activity. These measures align with the Zero Trust and MEC strategies discussed earlier. Retaining 12 months of ‘hot’ data further enhances threat hunting by enabling teams to match newly discovered indicators with historical data.
The complexity of 5G threats makes it impossible for any single organisation to manage them in isolation. While internal monitoring is crucial, external collaboration amplifies security efforts. Partnerships between network operators, vendors, and cybersecurity experts are vital, particularly since traditional signature-based tools fail to detect 70% of zero-day threats.
A notable step in this direction came on 20th January 2026, when the Wireless Broadband Alliance released a blueprint to help enterprises integrate Private 5G securely with existing IT and Wi-Fi systems. Tiago Rodrigues, President and CEO of the Wireless Broadband Alliance, highlighted the importance of unified security:
"By bringing Wi-Fi and 5G under a common security framework, the industry can accelerate digital transformation without compromising resilience or interoperability."
To protect sensitive data during collaboration, privacy-preserving methods like Federated Learning allow secure threat intelligence sharing across 5G slices. Tools such as pxGrid, REST APIs, and WebSockets facilitate efficient, two-way data exchange. Research also shows that combining blockchain with Federated Learning can improve threat classification efficiency by 28% while maintaining data confidentiality.
Lastly, adopting a unified Zero Trust framework for managing identities and access across both wireless and wired networks reduces the expanded attack surface. This is especially critical as standalone 5G deployments face a 34% annual increase in jamming attacks. Sharing external intelligence is a cornerstone of the layered defences needed for secure 5G systems.
Private 5G networks are reshaping connectivity for industrial and enterprise environments, but this innovation comes with an expanded attack surface. With the shift to software-defined networking, virtualised functions, and cloud-native architectures, traditional perimeter-based security measures are no longer adequate. To stay ahead of potential threats, integrating threat intelligence is crucial for moving from reactive responses to proactive defence strategies.
Fatema Bannat Wala, from ESnet Lawrence Berkeley National Laboratory, highlighted this potential, saying:
"5G is an opportunity for the mobile industry to enhance network and service security. New authentication capabilities, enhanced subscriber identity protection and additional security mechanisms will result in significant security improvements over legacy generations".
However, these security improvements hinge on activating critical features, enforcing Zero Trust principles, and maintaining constant monitoring across all network slices and interfaces.
The strategies discussed in this guide – such as Zero Trust Architecture, Multi-Access Edge Computing, network slicing, and AI-driven threat detection – work together to build robust, layered security measures. Threat intelligence provides the contextual data that Policy Decision Points need to calculate trust scores, while SIEM platforms collect logs from various 5G sources to identify anomalies in real time. Micro-segmentation adds another layer of defence by limiting lateral movement, and frameworks like MITRE ATT&CK offer valuable insights into adversarial tactics specifically targeting 5G systems.
No single solution can address the complexity of 5G threats. Complete isolation is not feasible, but collaboration among network operators, vendors, and cybersecurity experts – alongside privacy-preserving intelligence sharing – can fortify the ecosystem. By taking a proactive stance and treating identity as the new perimeter, organisations can secure their private 5G networks and maintain operational resilience against evolving cyber threats.
Integrating threat intelligence into private 5G networks boosts security by enabling real-time, proactive defence mechanisms. This means threats can be detected as they happen, malicious activities can be identified, and vulnerabilities can be addressed swiftly.
By using threat intelligence, organisations gain the ability to anticipate and reduce emerging cyber risks more effectively. This not only helps protect 5G networks from complex attacks but also supports thorough risk assessments. The result? A secure, dependable network environment tailored to meet the unique requirements of each business.
AI plays a crucial role in protecting 5G networks by providing real-time threat detection and implementing adaptive security measures. Using advanced methods like anomaly detection and machine learning, AI can spot unusual activity and pinpoint potential weaknesses before they turn into serious issues.
On top of that, AI streamlines threat response processes, cutting down reaction times and boosting the network’s ability to withstand attacks. This helps ensure that private 5G networks stay secure, dependable, and ready to support essential operations across various industries.
Zero Trust Architecture (ZTA) plays a crucial role in keeping private 5G networks secure. Unlike traditional security models that rely on defending a network’s perimeter, ZTA operates on a ‘never trust, always verify’ principle. This shift is especially important in 5G, where networks are more distributed and interconnected than ever before.
ZTA works by continuously verifying user and device identities, enforcing strict access controls, and monitoring network activity in real time. This approach significantly reduces the risk of cyberattacks. For 5G networks, which manage enormous amounts of data and power essential applications, this added layer of security is indispensable. Even if a breach occurs, ZTA prevents attackers from moving freely within the network, protecting sensitive data and critical services.
Incorporating ZTA strengthens the security framework of private 5G networks, helping them withstand increasingly sophisticated threats in today’s digital landscape.
