"If agencies and military organizations fail to adopt a zero-trust security posture on their private 5G networks, and adversaries do get in, they will effectively have unfettered access to do whatever they want."
How the DoW and agencies build private 5G networks
Private 5G networks differ from commercial public 5G in one fundamental way: ownership and control. As Mitch Rappard, Director of Wireless Solutions at Palo Alto Networks, explains, end‑to‑end private 5G networks are "built, owned, and operated by an organization or agency," allowing that organization to control radio access networks (RANs), radio placement, network architecture, vendor selection, and data flows. For government bodies such as the U.S. Department of War (DoW) and other agencies, that control extends to restricting access to "only select individuals, equipment, and organizations of their choosing."
Operational advantages that drive rapid adoption
Rappard lays out why public‑sector organizations are pressing forward with private 5G. The technology delivers increased bandwidth and lower latency compared with older alternatives, making it suitable for mission‑critical and highly sensitive data. Private networks permit tailored scheduling of upgrades and maintenance so availability can align with operational needs, and they remove dependence on commercial carriers for local connectivity. 5G also offers a high‑speed alternative to extending wired infrastructure — especially where fiber or copper are "time‑consuming and costly" or simply impractical — enabling scalable connectivity at the tactical edge in remote locations, national parks, border areas, or "distant battlefields" where commercial networks are unreliable or untrusted.
Where 5G improves security — and where it falls short
There are real security gains in 5G versus predecessors: improvements in identity concealment and mutual authentication, among others. But Rappard warns those gains are not a cure‑all. He argues that the 5G standard's capabilities are "not enough to ensure zero‑trust security," and that network teams sometimes give 5G "too much credit" and assume security will follow automatically. Because agencies operating private networks must handle maintenance themselves — choosing when and how to deploy upgrades and patches — the burden of secure operation rests heavily on the owning organization.
Rappard urges a shift from "network‑led security," where infrastructure is built first and security is assumed to arrive with it, to "security‑led networking," which places security closer to the edge and layers zero‑trust controls atop 5G. He specifies the need for "total traffic visibility, threat prevention capabilities and robust segmentation" to prevent an initial intrusion from becoming an all‑access compromise of mission data.
What this means for network engineers, the DoW, and adversaries
- Network engineers: Engineers designing private 5G must assume responsibility for patching, upgrades, and integrating zero‑trust controls rather than relying on intrinsic 5G protections; the source warns many builders "aren’t always aware of what 5G brings to the table, and what it doesn’t."
- The DoW and government agencies: Agencies gain operational flexibility and control over sensitive data flows, but they also inherit full responsibility for maintenance and security posture. The DoW's choices about vendor equipment, radio placement, and update cadence will materially shape risk.
- Adversaries: Rappard cautions that failing to apply zero‑trust makes private 5G an attractive target: "If adversaries do get in, they will effectively have unfettered access," putting mission‑critical information at risk.
Recent breaches and the warning of APT activity
Rappard notes there are "very recent, very real, and very frightening examples" of 5G networks being attacked and compromised. He signals that Advanced Persistent Threat (APT) groups have breached 5G networks and leading telecom companies, and says he will examine two such APT groups and their methods in a follow‑up article. The implication is clear: compromise of commercial 5G infrastructure has already happened, and private government networks face comparable risks unless they adopt layered, zero‑trust defenses.
Private 5G presents a stark tradeoff: it gives agencies unrivaled control and operational reach, but it concentrates responsibility for security and maintenance squarely on those same agencies. The question Rappard leaves for practitioners and policymakers alike is concrete — will those building private 5G treat its improved baseline protections as sufficient, or will they design networks assuming compromise and build zero‑trust everywhere the radios reach?




