5G Private Networks

Mansfeld-Südharz, Germany - November 17, 2025

A county-wide blueprint for turning 3.7 GHz spectrum into a cyber-resilient production mesh

When the Federal Network Agency opened the 3.7–3.8 GHz band for local private 5G networks four years ago, most headlines focused on latency: the promise of one-millisecond round-trips that could turn every sensor into a real-time actuator. What received less attention was the quiet shift in the threat surface: a plant that once needed a single firewall at the WAN boundary now hosts dozens of radio heads, each broadcasting IP frames straight into the control network. In Anhalt-Bitterfeld we have no intention of repeating the municipal Wi-Fi mistakes of the 2000s—open radios, default creds, firmware that ages like milk. Instead we are building a campus-grade 5G mesh where the spectrum licence itself functions as a root-of-trust, and where every Layer-2 PDU is authenticated before it ever reaches a PLC. The goal is not faster cat videos; it is a production backbone that treats safety-instrumented traffic and video analytics as mutually suspicious tenants, even if they share the same antenna.

The first design choice was architectural: do we overlay or underlay? An overlay would plant a commercial operator’s macro cell at the gate and carve out network slices for each factory. That model scales nationally but fails the county on three counts: it keeps sensitive payload on a carrier’s core, it subjects local traffic to national roaming hubs, and it forces us to negotiate lawful-intercept interfaces we would rather not host. We therefore chose the underlay route: a stand-alone non-public network (SNPN) that owns the 3.7 GHz block outright, runs its own 5G core inside the Alliance’s sovereign cloud, and peers with the public internet only through a single DMZ that we control. The licence footprint is 10 MHz paired—modest by carrier standards but sufficient for 2 Gbps aggregate across the 14 km² industrial park, with enough guard band to coexist peacefully with the neighbouring chemical plant’s existing TETRA system. Because the county is the licensee, the network becomes critical infrastructure by definition, triggering NIS2 oversight and obliging us to log every management-plane transaction for seven years. That sounds bureaucratic until you realise it also obliges every vendor to deliver code that can survive audit—no more black-box radios.

Radio hardening starts with supply-chain provenance. Each gNodeB is sourced through a dual-vendor model: radios from a European OEM, software stack from an open-source consortium anchored in Prague. The fronthaul runs over fibre that we own, so even if a baseband card were compromised in transit, the attacker would still need physical access to county ducts to reach the packet core. Over-the-air updates are signed twice—once by the vendor, once by the Alliance’s own code-signing root—and are delivered through a segregated management VPN that terminates on a HSM sitting in the same vault that stores the county’s election keys. Downgrade attacks are neutered by a release-policy file baked into the bootloader: the radio simply refuses to boot firmware older than the last known-good hash, a mechanism borrowed from automotive ECU practice and adapted to telecoms. The result is a base station that behaves more like a fixed sensor than a consumer router: it boots, it beacons, it refuses to flirt with any configuration that has not been pre-approved by a quorum of three out of five steering-committee signatures.

Core security is where the private network becomes interesting. Instead of a monolithic 5G core we deploy a micro-services mesh that runs on the same Kubernetes stack already hosting the Alliance’s SOC tooling. Each network function—AMF, SMF, UPF, AUSF—is containerised and coupled to a sidecar that enforces the Alliance’s policy-as-code rules. A signalling request that would normally be handled by the AMF first passes through a Rego evaluator checking whether the IMSI belongs to a device profile that is allowed to reach the safety-instrumented subnet at that hour of the day. If the policy engine denies the request, the AMF never sees it; the radio simply counts a rejected attach and logs a JSON blob to the shared SIEM. Because the policy is code, we can version it through the same Git workflow that governs firewall rules, complete with merge-request reviews and automated unit tests that spin up a miniature 5G core inside KIND. That means every policy change carries the same rigour as a PLC code update in a chemical plant: no diff, no deploy.

"Spectrum is radio real estate; sovereignty is the architecture that refuses to move when the landlord changes."

Slice isolation is enforced cryptographically rather than by VLAN hoping. Each tenant receives a dedicated 5G-STN-SR slice identifier that is bound to an X.509 credential stored in a TPM on the device. The credential is minted by the Alliance’s private CA and contains attributes such as site role, escalation window and maximum data rate. When the device requests a PDU session, the SMF validates the certificate against a Certificate Revocation List that is published every fifteen minutes and cached at the edge. If the device presents a revoked or expired credential, the SMF instructs the UPF to drop the traffic at the first hop, long before it reaches the tenant’s application server. The elegance is that revocation travels faster than reconfiguration: we can quarantine a compromised engineering workstation simply by publishing one hash to the CRL distribution point, a process that takes less than forty seconds end-to-end. During our last purple-team exercise the red team gained root on a camera drone but still could not move laterally into the process network because the certificate bound to the drone’s ICCID had been revoked the moment anomalous BGP updates were spotted. The attackers were left holding a perfectly functional 5G modem that could no longer forward a single byte.

Operational oversight follows the same federation model that governs the wider Alliance. A 24×7 network operations centre staffed by county employees sits beside the cyber SOC; both share the same Kafka bus, so a radio alarm that shows “gNodeB 3 RF power anomaly” appears on the same glass wall as a malware alert. Because the 5G core speaks YAML, we can treat basestation telemetry as simply another log source: signal-to-noise ratios are correlated with weather feeds to predict icing, while GPS time-offset anomalies are compared against known spoofing signatures. The result is that physical-layer faults are indistinguishable from security events in the analytical layer, forcing the NOC engineer to think like a defender and the SOC analyst to understand RF propagation. That cross-pollination is exactly the cultural shift NIS2 demands: safety, security and reliability merged into a single risk language spoken by people who share the same parking lot.

We are still cautious enough to keep the blast radius small. The first production traffic will be non-critical telemetry—cooling-fan currents, tank-level ultrasonics, fork-lift tracking—data that can tolerate a four-hour outage without economic consequence. Only after three incident-free quarters will we migrate safety-instrumented functions such as emergency-shutdown valves, and even then each function is dual-homed: a copper cable carrying 4-20 mA still exists, but it now shares authority with a wireless actuator that only fires if both the hardwired signal and the 5G packet agree. The philosophy is borrowed from aviation: fly-by-wire only after the pilots have watched the software fly the passengers for a while. By 2028 the goal is to retire half the copper runs, freeing tonnes of scrap metal and, more importantly, proving that a wireless mesh can meet SIL-2 requirements under real weather, real vibration and real attackers.

The licence expires in 2030, yet the architecture is designed to outlive it. All cryptographic anchors are algorithm-agile: the SIM cards already carry composite public keys that can be re-programmed to post-quantum algorithms over the air, and the core’s policy engine evaluates algorithms by URI rather than by hard-coded OID, so we can phase in CRYSTALS-DILITHIUM without touching the control plane. If the federal agency decides to extend the spectrum regime, we will simply re-sign the certificates; if they revoke it, the containers can be forklifted into a CBRS band or even into a fibre-only private 5G core running on Wi-Fi 7. The county will still own the data path, still enforce the same policies, still publish the same CRLs. Spectrum is just radio real estate; sovereignty is the architecture that refuses to move even when the landlord changes.

The Cyber Resilience Alliance is a public-private partnership established 2025, led by CypSec, Validato and the County of Mansfeld-Südharz. The Alliance operates a sovereign private-cloud security stack, a shared SOC and an cyber academy, aiming to make Mansfeld-Südharz the reference site for rural cyber resilience by 2030.

Media Contact: Daria Fediay, Chief Executive Officer at CypSec - daria.fediay@cypsec.de.