Case Study: Building trust in 5G. Securing cloud-native and OpenRAN environments

Situation

In order to deliver higher performance, lower latency and greater connectivity to their customers a major UK mobile operator wanted to expand its 5G standalone (SA) network.

The project would be introducing:

• Cloud-native 5G Core
• Virtualised and containerised network functions (VNFs/CNFs)
• Distributed edge computing
• OpenRAN components
• Large-scale IoT and enterprise connectivity

While 5G delivers higher throughput, ultra-low latency, and massive device density, it also represents a fundamental architectural shift. Unlike legacy generations, 5G networks are:

• Software-defined
• API-driven
• Cloud-orchestrated
• Highly distributed

The operator recognised that traditional telecom security approaches alone were insufficient. The convergence of telecom, cloud, and IT security domains created a broader, more complex attack surface,
requiring specialist 5G-focused security testing.

At a glance

Organisation:  UK mobile network operator

Sector Telecommunications

Situation A major UK operator was rolling out a 5G standalone network, built on cloud‑native core, virtualised functions, edge computing and OpenRAN.

Challenge A shift to software‑defined, API‑driven 5G expanded the attack surface, introducing risks across cloud platforms, identity, orchestration and multi‑vendor ecosystems.

Solution NCC Group delivered a 5G security testing programme spanning the 5G core, Kubernetes and containers, NFVI, OpenRAN and edge infrastructure.

Outcomes Improved end‑to‑end 5G risk visibility, reduced exposure across APIs and management layers, stronger segmentation and identity controls, and greater resilience against systemic 5G compromise.

Domain

Cloud-native core

APIs & service-based architecture (SBA)

Virtualisation (NFVI)

Edge computing

OpenRAN ecosystems

Supply chain

Critical sector reliance

Emerging Risk

Container, orchestration, and hypervisor threats

API abuse, authentication flaws, lateral movement

Shared infrastructure risk between network functions

Physically distributed, harder-to-monitor nodes

Multi-vendor integration and trust boundaries

Software dependencies and third-party components

Healthcare, energy, and transport services over 5G

Solution

NCC Group's specialist telecom and cloud cyber security team delivered a comprehensive '5G SecurityTesting Programme' covering core, edge, and supporting platforms.

Security testing of the 5G Core focused on the Service-Based Architecture (SBA), in which network functions communicate via APIs rather than fixed interfaces. This model increases flexibility but also introduces application-style attack surfaces.

Our testing assessed how network functions expose services, how trust is established between them, and whether authentication and authorisation controls correctly restrict access. Particular attention was given to HTTP2 SBI API security posture, including input validation, rate limiting, service discovery mechanisms, and protection against abuse of control-plane functions. The assessment combined deep knowledge of telecom signalling and 5G procedures with modern cloud application security techniques to identify weaknesses that could enable service impersonation, lateral movement between functions, or disruption of core network services.

The 5G Core relies on a virtualised infrastructure layer where telecom workloads run alongside shared compute, storage, and networking resources. The assessment evaluated the full NFVI stack, from the physical layer through virtual networking and hypervisors to management and orchestration components. Security of management Graphical User Interfaces (GUIs) and exposed APIs was a key focus, as compromise at this level could provide control over multiple network functions.

Our review examined tenant isolation and workloads, virtual network segmentation, and protection of east–west traffic within our client's data centre. This work identified areas where a cloud-layer weakness could cascade into telecom services, enabling an attacker to pivot from infrastructure compromise into core network control.

As many 5G Core functions are deployed as containerised network functions (CNFs), the security of the Kubernetes environment is critical. Our review focused on cluster configuration and hardening, ensuring that default settings did not expose unnecessary services or privileges. Role-Based Access Control (RBAC) and identity mechanisms were assessed to confirm that only authorised services and administrators could interact with cluster resources. Image integrity and supply chain risks were analysed, including how container images are sourced, verified, and updated. Network segmentation between CNFs was also examined to prevent lateral movement if a single function were compromised. This ensured that the cloud-native foundation of the 5G core aligned with secure-by-design principles rather than inheriting enterprise cloud misconfiguration risks.

OpenRAN introduces a disaggregated, multi-vendor model in which radio, software, and cloud components are tightly integrated. Security testing, therefore, examined not only traditional radio interfaces and protocols, such as F1AP, but also the broader ecosystem, including OSS/BSS integrations and the cloud infrastructure supporting RAN functions. Trust boundaries between vendors were reviewed to ensure that one component could not unduly influence or compromise another.

Our assessment also considered how management traffic, software updates, and orchestration processes were protected. By evaluating both telecom protocol behaviour and underlying cloud dependencies, our testing reduced the risks introduced by the software-driven, highly interconnected nature of modern RAN deployments.

5G edge deployments extend core capabilities closer to users and devices, often in physically distributed or lightly controlled environments. NCC Group's security testing addressed the unique risks of these locations, where physical exposure is greater and monitoring capabilities may be more limited than in central data centres. Our review examined secure boot and platform integrity controls, remote management security, and resilience of connectivity back to central systems. Moreover, because edge nodes frequently support latency-sensitive and mission-critical workloads, our programme evaluated how denial-of-service conditions, resource exhaustion, or configuration weaknesses could affect service continuity. This key phase of our programme ensured that the benefits of distributed 5G performance did not come at the cost of increased systemic risk.

“What this programme made clear is that 5G security is no longer just a telecom issue — it’s fundamentally a cloud, software and supplychain challenge. By taking a specialist, 5G focused approach to testing, the operator strengthened the resilience of its nextgeneration infrastructure, reduced systemic risk across its cloudnative environment, and significantly improved its readiness for advanced telecom threats. Most importantly, it helped them maintain trust with enterprise and publicsector customers who rely on 5G for critical services.”

Philip Marsden | Telecommunications Security Consultant - NCC Group