As industries adopt 5G technology for automation, remote operations, and IoT applications, ensuring network security becomes a critical priority. Industrial 5G, referring to the integration of 5G into operational technology (OT) networks, introduces unique security requirements due to the safety-critical nature of industrial environments and the complexity and long lifecycles of industrial processes.

This topic has been extensively addressed through 3GPP standards, which ensure consistency across telecommunications networks. 5G introduces new security mechanisms such as advanced authentication methods and network slicing. The security toolbox defined by 3GPP provides operational flexibility while maintaining a standardized approach to threat mitigation, delivering a robust and unified security framework.

Industrial operators design private communication infrastructures tailored to their specific operational needs. Network architectures and security requirements in these contexts differ significantly from those in other OT industries (such as consumer IoT, or traditional IT). OT networks can adopt 5G security features while preserving legacy systems and maintaining operational flexibility. In addition to 3GPP, the IEC 62443 series of standards provides a framework for addressing security requirements, establishing a baseline for secure practices in industrial automation and control systems (IACS).

OT Network Security:

• Industrial operators build private networks with security configurations tailored to their specific industrial processes.
• Network architectures and security measures can differ significantly across industries.
• IEC 62443 defines both functional and procedural requirements to meet the unique security needs of industrial automation.

 Key Differences Between OT Networks and PLMN Networks:

• Isolation and Protection:
  • OT networks are traditionally physically isolated and protected by perimeter defenses to safeguard data, users, and equipment.
  • Standalone Non-Public Networks (SNPN) are operated under the full control of the OT operator.
  • In contrast, Public Network Integrated NPNs (PNI-NPNs) rely on logical, rather than physical, isolation.
  • Isolated standalone 5G deployments (SNPNs), which remain operationally controlled by the OT operator, are particularly relevant for industrial 5G in OT networks.
• Trust Domain:
  • OT networks may operate across multiple trust domains (also known as security zones), with strict access control and limited third-party access, typically restricted to specific remote maintenance tasks.
  • In 5G OT environments, additional encryption and data isolation mechanisms are required to maintain adequate security. Many OT systems will require over-the-top security protections, as the communication-level security provided by 5G only partially address OT-specific security requirements.
• Authentication and Credential Storage:
  • OT devices that need access to PLMNs must comply with the device security requirements defined for user equipment for PLMN access, such as support for USIM/UICC.

 OT vs. ICT Security Priorities:

• OT Security Priorities:
  • OT networks prioritize availability, integrity, and performance (including low latency) to ensure operational reliability and continuity.
  • While reliability, availability, and integrity are essential, confidentiality and privacy also play a significant role.
• ICT Security Priorities:
  • ICT networks typically prioritize confidentiality first, followed by integrity and availability.

These differing security priorities must be carefully considered when integrating 5G into OT networks. OT security objectives often require tailored solutions.

 3GPP-Defined 5G Security Features:

• Authentication:
  • 5G-AKA Authentication (3GPP TS 33.501): Secure subscriber authentication using a shared key between the user equipment (UE) and the network, enabled through a USIM/UICC on the UE.
  • Authentication Options (3GPP TS 33.501): For example, EAP-TLS supports certificate-based authentication for SNPNs, enabling seamless integration with OT and enterprise security infrastructures. Other EAP methods that generate cryptographic keys can also be used for primary authentication.
• Network Slicing (3GPP Rel-15/16):
  • Network slicing enables the creation of isolated and optimized sub-networks on a shared physical infrastructure.
  • This is essential for OT networks, as it supports secure and efficient 5G usage across a variety of industrial applications.
  • Network slice security, including slice-specific authentication and authorization, is critical for maintaining access control and isolation.
• IoT Security: 5G is designed to support massive IoT device connectivity. Many industrial IoT devices have limited computing power, making traditional security mechanisms impractical. 5G introduces lightweight security protocols (e.g., eSIMs, secure hardware modules) to enable efficient authentication, even for resource-constrained IoT devices. EAP-based authentication further simplifies the integration of 5G devices into OT systems by leveraging existing OT security infrastructures.
• Interference Protection: 5G includes built-in interference protection at the radio layer, ensuring reliable communication even in hostile or noisy environments. An SNPN can operate in dedicated private spectrum, helping to avoid interference from external sources.

•  Non-Public Networks (NPNs):
  •  SNPNs are operated under the full control of the OT operator.
  • PNI-NPNs rely on logical, rather than physical, isolation.

For more information, please refer to the white paper “Security Aspects of 5G for Industrial Networks,”  which provides the foundation for this topic.