* [Blog](https://www.paloaltonetworks.com.au/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com.au/blog/corporate/)
* [Points of View](https://www.paloaltonetworks.com.au/blog/category/points-of-view/)
* 5G Security --- A Shared Re...

# 5G Security --- A Shared Responsibility

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2023%2F04%2F5g-security-a-shared-responsibility%2F)  
[](https://twitter.com/share?text=5G+Security+%E2%80%94+A+Shared+Responsibility&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2023%2F04%2F5g-security-a-shared-responsibility%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2023%2F04%2F5g-security-a-shared-responsibility%2F&title=5G+Security+%E2%80%94+A+Shared+Responsibility&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com.au/blog/2023/04/5g-security-a-shared-responsibility/&ts=markdown)  
\[\](mailto:?subject=5G Security — A Shared Responsibility)  
Link copied  
By [Mitch Rappard](https://www.paloaltonetworks.com/blog/author/mitch-rappard/?ts=markdown "Posts by Mitch Rappard")  
Apr 11, 2023  
6 minutes  
[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[5G Networks](https://www.paloaltonetworks.com/blog/tag/5g-networks/?ts=markdown)  
[5G Security](https://www.paloaltonetworks.com/blog/tag/5g-security/?ts=markdown)

As 5G continues to gain market momentum and more and more enterprises embrace it for their wireless transport, an important question arises which must not be ignored. Who is responsible for making 5G secure? Security for 5G networks does not fall solely in the lap of the 5G radio and packet core vendors, nor does it fall solely in the lap of the enterprises embracing 5G. Rather, 5G security is a shared responsibility, much like the one [AWS](https://aws.amazon.com/compliance/shared-responsibility-model/) has made famous for its cloud services.

There are many facets of a 5G deployment that must be secured. So, it's not surprising that there isn't a single tool that will solve all the security challenges of a 5G deployment. Before we can understand which tools we ought to use to secure 5G networks, perhaps we should start by looking at the components that already exist and who has the responsibility for securing them. There are many ways to group the security responsibilities. We will group them by the responsibilities outlined by 3GPP and by the customers who use the network functions defined by 3GPP.

Let's start by defining some of the security features 3GPP has built into 5G. The following are some of the features 3GPP offers in a 5G standalone network:

* User Traffic Integrity Protection
* Subscriber Privacy
* Subscriber Identity Concealment
* Roaming Interface and Payload Security
* Mutual Authentication and Encryption

Many of these features did not exist in 4G networks. So, it's worth noting that numerous important steps have been taken towards improved security for 5G wireless networks. However, there is more work that must be done. Below is a list of additional security considerations for 5G networks that go beyond what 3GPP has defined and fall squarely on the shoulders of the service providers and enterprises deploying 5G networks:

* Network Microsegmentation
* User Plane Visibility and Security
* Kubernetes / Container Security
* API Security
* Secure SOC (Automation, Orchestration, etc.)

These topics are important, so I will say a bit more on what each one entails, and some of the related threats.

#### **Network Microsegmentation**

This is a well understood [security principle](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation), which enables Zero Trust security and allows for the enforcement of least privilege access. It also reduces the "blast radius" if there is a breach in the network.

Suppose a network operator leaves an exposed endpoint, or one with a known vulnerability, access to the internet. Once that endpoint or server is compromised, Zero Trust security policies, if properly implemented, will prevent the attacker from pivoting to other critical hosts, such as Active Directory servers or source code repositories.

#### **User Plane Visibility and Security**

At Palo Alto Networks, we often say that you can't secure what you can't see. It's important to know all the applications and services running on your 5G network. Beyond that, it is important to ensure there are no threats present: Is the DNS query benign or malicious? Does the URL direct traffic to a phishing website? And, is that file being downloaded malware? If you see any threats or strange activity, it is important to identify the subscriber (SUPI) or equipment (PEI), so effective and timely action can be taken.

Imagine a warehouse with smart devices on the factory floor. In the event one of them is compromised via local access, any threat-related activity from that device, such as command and control query, will allow the enterprise or MSSP to rapidly detect which specific device is infected. This can only be done if the equipment ID (e.g. IMEI) is present in the threat log. With this high fidelity information, the SOC can act quickly and the mean time to remediation (MTTR) is greatly reduced.

#### **Kubernetes / Container Security**

Containers and virtualization are going to be a significant form factor for 5G networks. So, making sure they are secure before and while they are deployed is crucial. The ability to understand existing [vulnerabilities](https://www.paloaltonetworks.com/blog/prisma-cloud/seo-5g-sba-vulnerability/) in the libraries used in container images, as well as detecting anomalies as the [container is running,](https://www.paloaltonetworks.com/blog/prisma-cloud/seo-5g-sba-runtime-defense/) are just a couple of the many features needed for Kubernetes/Container security.

Operators and enterprises who receive updated container images for their 4G and 5G core networks must ensure that there are no critical vulnerabilities in them before they are deployed. Since operators aren't typically involved in the CI/CD pipeline of the companies building the network core software, they are often unable to "shift left" very far. The good news is they can still catch risky software images before they are deployed. Prisma Cloud can scan the images in the container registry and provide visibility into all the vulnerabilities per image. Using this feature, operators and enterprises can stop the deployment of a risky container before it happens.

#### **API Security**

The 5G Service Based Architecture will use numerous APIs for communication, both internally and externally, with elements, such as the Network Exposure Function. Additional APIs, such as those used for MEC and IOT, also need to be secured. [Visibility and protection for APIs](https://www.paloaltonetworks.com/blog/prisma-cloud/seo-5g-sba-api/) against DoS attacks, malformed requests and other attack vectors are a must for mobile networks.

5G will see an explosion of APIs, both internally and externally. The [Camara Project](https://camaraproject.org/) is one such project that promises further use of APIs. Operators who implement these APIs will open up exciting new ways for their customers to interact with the network, such as getting device location information, request network quality, discover MEC platforms, etc. The APIs defined by the Camara Project will also open up numerous new attack vectors, which must be secured with API security, to prevent exploit attempts of those APIs, DoS attacks and other malicious API traffic.

#### **Secure SOC**

As threats are detected in a network, events are typically sent to a SOC for analysis. It's not uncommon for millions of events to hit a SOC each day. Prioritizing incoming incidents, removing false positives and allowing for rapid remediation are not easy tasks. Fortunately, tools like machine learning are perfect for helping here, along with [automation](https://www.paloaltonetworks.com/cortex/cortex-xsoar), to leverage machines to reduce the noise, eliminate labor intensive repetitive tasks and speed remediation actions.

In 5G networks, the mean time to remediation (MTTR) can be critical, especially in networks supporting critical infrastructure. When alerts are triggered, numerous events should happen quickly to ensure a timely response. Tickets must be open, emails sent, API calls made, possibly even security policies updated, and all at machine speed. Humans will often just slow down the process and increase the MTTR, which is why automation and orchestration are so important.
![Model 5G security shared responsibility, showing network owners and the standards body.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/04/word-image-182940-1.png)
5G Security Shared Responsibility Model

The list of responsibilities above is certainly not comprehensive. Hopefully, this tally begins to highlight the different areas of security that enterprises and service providers will need to focus on as they deploy 5G. The standards have come a long way, and security is definitely better in 5G, but that is just the beginning, not the end of the journey.

The good news is that you do not have to take that journey alone. For more information on how to address the network owner's security responsibilities discussed above, visit our [5G network security page](https://www.paloaltonetworks.com/network-security/5g-security) for more insights.

*** ** * ** ***

## Related Blogs

### [Partner Integrations](https://www.paloaltonetworks.com/blog/sase/category/partner-integrations/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Platformization Maximizes Security Efficacy \& IT Operations Efficiency](https://www.paloaltonetworks.com.au/blog/2025/04/platformization-maximizes-security-efficacy-it-operations-efficiency/)

### [IoT](https://www.paloaltonetworks.com/blog/category/iot/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Enhance Private 5G Security for Industrial Deployments](https://www.paloaltonetworks.com.au/blog/2025/03/enhance-private-5g-security/)

### [Event](https://www.paloaltonetworks.com/blog/category/event/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Secure Your 5G Business Transformation](https://www.paloaltonetworks.com.au/blog/2025/03/secure-5g-business-transformation/)

### [Data Security](https://www.paloaltonetworks.com/blog/network-security/category/data-security/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### How Network Security Platformization Paid Off with 174% ROI](https://www.paloaltonetworks.com.au/blog/2024/10/how-network-security-platformization-paid-off/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### AI in Cyber Is Here to Stay --- How to Weather This Sea Change](https://www.paloaltonetworks.com.au/blog/2024/05/ai-in-cyber-is-here-to-stay/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### The Dark Side of AI in Cybersecurity --- AI-Generated Malware](https://www.paloaltonetworks.com.au/blog/2024/05/ai-generated-malware/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com.au/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language