Securing Private 5G Networks in Manufacturing Using Penetration Testing- A Case Study (14 May 2025)
While 5G offers enhanced system capacity, data rates, reduced latency (under 10 milliseconds), massive device connectivity, and improved security, its inherent complexity introduces new attack vectors. Unlike 4G LTE, 5G leverages cloud computing technologies, including software-defined networking (SDN), network function virtualization (NFV), virtualization, and multi-access edge computing (MEC). Furthermore, the 5G ecosystem leverages several standards and protocols (e.g., NAS, DIAMETER, SIP, HTTP/2/TLS) to support a variety of use cases for both consumers and enterprise organizations (e.g., Industry 4.0/M2M, Telemedicine, AV/VR, smart cities).
The diverse technologies used to support 5G, the multitude of interactions, and interdependencies between the various architectural elements (e.g., radio access, core network elements, network functions, and protocols) increase the level of complexity and consequently introduce new attack vectors. This mandates rigorous security assessments, drawing on expertise and guidance from organizations such as 3GPP, NIST, ISASecure, GSMA, IEEE, CISA, and ENISA.
This presentation captures insights from conducting a penetration testing exercise of a private 5G Standalone (SA) network designed to support industrial automation. The presentation includes areas of focus (e.g., 5G core, signaling protocols, OAM&P interfaces, services, and device hardware) and will highlight vulnerabilities in each area to illustrate potential risks and provide recommendations to help improve the network’s security posture including the effectiveness of leveraging ISA 62443 standards to mitigate these vulnerabilities.
KEY TAKEAWAYS:
• Approach for effective penetration testing of private 5G networks, Vulnerabilities and recommendations
• Vulnerabilities and recommendations
• Top 10 Security considerations for private 5G deployments
Webinar Details
Date: Wednesday, May 14, 2025
Time: 11 a.m.–12:00 a.m. EDT U.S.
Price: Free
Format: presentation followed by time for attendee Q&A.
Peter Thermos, Palindrome Technologies
Peter has over 25+ years of experience in consulting and research in several areas of Information Security and Assurance and has held senior technical and management positions with Telcordia Technologies (previously known as Bellcore). During his career Peter conducted security research and provided cyber security advisory support for various commercial and government organizations including the Laboratory for Telecommunication Sciences, NIST, Federal Reserve Bank, Department of Labor, Verizon Wireless, Sprint, among others, and cyber preparedness for the Athens 2004 Olympics. As founder of Palindrome Technologies and subject matter expert he is assisting customers with securing emerging technologies and networks including 5G, MEC, IoT and V2X. Peter is the primary author of the book “Securing VoIP Networks” by Addison-Wesley and has been a speaker at various industry conferences (i.e. IEEE, ICIW, SANS, Blackhat, MIS InfoSec, ISSE), NATO NMIOTC Cybersecurity conference, and has published research papers in academic and industry journals (i.e., IEEE, ACM, ISSA, IEC) and articles in trade magazines such as Information Security, ZDNET, Forbes, TechTarget and Wired. Furthermore, he has been the Co-Chair for IEEE CQR Workshop, IEEE World Forum IoT and committee member of ICCWS. Peter is a contributor to the FCC CSRIC VII Report on Risk to 5G from Legacy Vulnerabilities and Best Practices for Mitigation (June 10, 2020) and currently a working member with the CSRIC IX WG3 on 6G Security. Peter holds a Master’s degree in Computer Science from Columbia University, NY and he is a senior member of IEEE and ISSA.