3GPP Study on Modernization of Specification Format and Procedures for 6G (6GSM)

The development of each new mobile generation is not only about new technologies and capabilities. It also requires evolution in the way standards themselves are created, maintained and consumed. As work on 6G gradually begins to take shape, the 3rd Generation Partnership Project (3GPP) has started examining whether the tools and processes used to write its specifications are still fit for purpose.

One of the first steps in this direction is the study titled Study on Modernization of Specification Format and Procedures for 6G (6GSM), documented in TR 21.802. The study looks at how the current approach to specification development works, the limitations that are becoming more visible as specifications grow larger and more complex, and the possible directions for modernising the process as the industry prepares for the 6G era.

3GPP specifications form the backbone of the mobile industry. They define how networks, devices and services interoperate across the globe. However, the way these specifications are produced has largely remained unchanged for many years. Today, most specifications are created and maintained using document based workflows centred around Microsoft Word and DOCX files. Delegates submit Change Requests that modify the text of these documents, and editors manually merge the approved changes into updated specification versions. This approach has served the industry well for decades because it is familiar, widely supported and easy for participants to understand.

The study recognises that the current workflow has several strengths. The document format provides a consistent structure across thousands of specifications. Contributors can edit content directly using familiar WYSIWYG tools, review tracked changes, include diagrams and tables, and collaborate during meetings by editing documents in real time on shared screens. These capabilities have helped large groups of experts work together efficiently during standardisation meetings.

At the same time, as specifications grow larger and more complex, the limitations of the current approach are becoming more visible. One of the most obvious challenges is the heavy reliance on manual processes. Change Requests must be merged into specifications by editors, which can introduce delays before updated versions are published. When multiple Change Requests modify the same sections of a document, identifying conflicts or inconsistencies can be difficult.

Scale is another factor. Many technical specifications now run into hundreds or even thousands of pages. Opening, searching or editing such large DOCX files can become slow and occasionally unstable. Large tables, embedded diagrams and complex formatting further increase file sizes and processing overhead.

Understanding how a feature evolves across specification versions can also be difficult for readers and implementers. Engineers often need to trace how a particular capability has changed between releases, but linking the final specification text back to the relevant Change Requests or understanding the context behind changes is not always straightforward.

The document format itself also presents challenges for automated processing. Extracting structured information from DOCX files requires significant preprocessing because textual content is mixed with binary elements such as images and embedded objects. This makes it harder for tools to analyse specifications or automate parts of the development workflow.

Navigation across specifications is another area where improvements could help. Many features are defined across multiple technical specifications produced by different working groups. Following references between documents or understanding how procedures interact across specifications can take time and effort, especially for engineers who are new to the standards.

To address these challenges, the study explores a number of alternative specification formats that could be considered for future work. Options such as OpenDocument, AsciiDoc, Markdown and LaTeX are discussed, along with more structured or restricted DOCX based approaches. Some proposals also consider hybrid models where different formats could coexist while maintaining a single authoritative source.

Text based markup formats such as Markdown or AsciiDoc are particularly interesting because they separate content from presentation. This structure can make version control and automated processing easier. These formats are widely used in software development environments and integrate well with modern collaboration tools that track changes and manage contributions from multiple participants.

LaTeX is another potential option, particularly for documents that require complex technical formatting or mathematical expressions. Meanwhile, restricted DOCX approaches attempt to preserve compatibility with existing workflows while enforcing stricter formatting rules to reduce complexity and improve consistency.

Beyond the document format itself, the study also looks at broader improvements to the way specifications are developed and maintained. One important idea is the use of modern version control systems such as Git. These systems are widely used in software development and allow contributors to track changes in detail, manage parallel development branches and merge updates in a more controlled manner. Applying similar workflows to standards development could improve traceability and help identify conflicts earlier.

The study also highlights the potential for automated validation tools that could check Change Requests for formatting errors, missing references or structural inconsistencies before they are submitted. Such tools could reduce the editorial workload while improving the overall quality and consistency of specifications.

Another possible direction is the use of machine readable formats for structured elements within specifications. Interfaces, protocol definitions or data models could be stored separately in structured files and then referenced or generated automatically within the main specification. This approach could reduce duplication and make it easier for implementers to reuse information directly in development environments.

The modernisation study does not recommend a single solution at this stage. Instead, it provides a detailed analysis of the current situation and explores possible directions for future work. Any transition will need to balance the benefits of new tools and formats with the practical realities of the existing ecosystem. The 3GPP community relies on a large set of established workflows, tools and expertise, and maintaining accessibility for all participants will be important.

As the industry moves towards 6G, the scale and complexity of specifications will continue to grow. Ensuring that the processes used to create and manage these specifications evolve alongside the technologies themselves will be essential. In that sense, modernising specification formats and procedures may become an important step in preparing the standards ecosystem for the next generation of mobile innovation.

If you want to learn more about this, check out:

• 6G Specification Modernization discussions from Nokia & Ericsson here.
• Ongoing 6GSM Workshop discussions here.
• 3GPP TR 21.802: Study on modernization of specification format and procedures for 6G here.

Related Posts: 

• The 3G4G Blog - Tutorial: A Quick Introduction to 3GPP
• The 3G4G Blog: 3GPP Release 18 Description and Summary of Work Items 

Strengthening Critical Infrastructure Security with OSINT

Cybersecurity conversations in telecoms often focus on IT systems, cloud platforms and enterprise networks. Yet beyond the data centres and mobile cores lies another domain that is arguably even more critical to society. Industrial Control Systems (ICS) and Operational Technology (OT) environments underpin the power plants, water treatment facilities, railways, petrochemical sites and manufacturing plants that keep daily life running. These environments are increasingly in the crosshairs of cyber attackers.

A comprehensive YouTube course titled OSINT for ICS and OT brings much needed attention to this area. Created by Mike Holcomb, the 10 plus hour course explores how Open Source Intelligence (OSINT) can be used to better understand, assess and protect ICS and OT environments. For anyone working in telecoms infrastructure, utilities, transport or industrial sectors, this is highly relevant material.

Mike focuses on the practical reality that there are still relatively few accessible and high quality resources dedicated to OT and ICS cybersecurity. While IT security has matured with abundant training paths, certifications and community support, the world of control systems security remains comparatively underserved. That gap is particularly concerning given the importance of critical infrastructure to national resilience and economic stability.

Nice picture explaining the convergence of IT & OT - "While IT focuses on data and business processes, OT is dedicated to the control and monitoring of physical operations... Convergence of IT/OT generally means that the OT network is now accessible from the outside world via..." pic.twitter.com/i9RrWrr1hb

— Private Networks (@PrivNetTech) May 5, 2025

In his channel overview, Mike explains that his work is aimed at a broad audience. It includes IT cybersecurity professionals looking to pivot into OT security, engineers already working in industrial environments who want to strengthen their defensive posture, and owners or operators who are building or refining a cybersecurity programme for their facilities. This inclusive approach reflects the multidisciplinary nature of OT security, where engineering, networking and cybersecurity disciplines intersect.

The turning point for many in this field was the discovery of Stuxnet, the first widely known cyber weapon designed to disrupt industrial processes. The malware specifically targeted centrifuges in a uranium enrichment facility, manipulating physical processes while masking its actions from operators. For Mike, learning about Stuxnet sparked a deeper curiosity about how control systems function inside power plants and other facilities, and how they can be secured. That same question remains highly relevant today.

For readers of The 3G4G Blog, there is a natural connection. As telecom networks evolve towards 5G, private networks and future 6G systems, connectivity is extending deeper into industrial domains. Smart grids, connected factories and digitalised transport systems rely on robust communications as well as secure control environments. The boundary between IT and OT continues to blur. Understanding how adversaries might gather intelligence about exposed assets, misconfigurations or vulnerable systems using open sources is therefore a critical skill.

The OSINT for ICS and OT course aims to demystify that process. It looks at how publicly available information can reveal insights about industrial environments and how defenders can use the same techniques proactively. Rather than waiting for an incident, organisations can identify potential weaknesses and exposure before an attacker does. This proactive mindset aligns closely with modern security best practice across both telecom and industrial sectors.

Another important aspect is accessibility. The course is freely available on YouTube, lowering the barrier to entry for those who may be curious about OT security but unsure where to start. In a domain where specialist training can be expensive and difficult to find, open educational content plays a valuable role in building community knowledge and capability.

Critical infrastructure protection is not a niche concern. It affects the electricity that powers base stations, the water that cools data centres and the transport systems that support supply chains. As cyber threats continue to evolve, the need for professionals who understand both networking and industrial control environments will only grow.

For those interested in expanding their horizons beyond traditional telecom security and into the protection of the systems that underpin modern society, this course is well worth exploring. It is encouraging to see experienced practitioners sharing knowledge openly and helping to strengthen resilience across critical infrastructure sectors.

Related Posts: 

• The 3G4G Blog: Telecom Security Realities from 2025 and Lessons for 2026
• Private Networks Technology Blog - IT and OT Convergence: Opportunities and Security Risks for Private Networks
• The 3G4G Blog: 3GPP Release 18 Signal level Enhanced Network Selection (SENSE) for Smarter Network Selection in Stationary IoT
• Private Networks Technology Blog: Understanding the Realities of OT Cybersecurity
• The 3G4G Blog: Key enablers for mass IoT adoption 

Seven AI Concepts Shaping Network Intelligence

AI has become so deeply embedded in our everyday working lives that it is no longer limited to data science teams or research labs. In telecoms, AI now plays a central role in network planning, optimisation, assurance and automation. As a result, the industry is rapidly absorbing a growing set of AI-related terms and concepts, many of which are directly relevant to how networks are evolving towards higher levels of autonomy.

I recently came across the video embedded below, which provides clear explanations of seven AI terms that are becoming increasingly important in the context of network intelligence and autonomous networks. Some of these concepts are already being applied in operational networks today, while others point clearly towards the direction of travel for AI-native 5G Advanced and 6G systems.

The video begins with Agentic AI, a concept that aligns closely with the telecom industry’s vision for autonomous networks as defined in 3GPP. Unlike traditional AI models that respond to a single prompt, AI agents can perceive their environment, reason about next steps, take action and observe the outcome in a continuous loop. In practical terms, this maps well to closed-loop automation use cases such as self-healing, energy optimisation, dynamic resource allocation and intent-driven network management.

Closely related are Large Reasoning Models, which are designed to work through problems step by step rather than producing an immediate response. This capability is particularly relevant for telecom networks, where decisions often span multiple domains, layers and vendors. As AI systems take on greater responsibility for operational decisions, reasoning-based models become essential for safe and explainable automation.

The video then moves to more foundational enablers, starting with Vector Databases. Telecom networks generate vast volumes of unstructured data, including logs, alarms, performance metrics, configuration data and documentation. Vector databases allow this information to be searched and correlated based on semantic meaning rather than simple keywords, enabling more context-aware and intelligent AI systems.

This naturally leads to Retrieval-Augmented Generation (RAG), which is already gaining traction in telecom operations. By combining large language models with operator-specific data sources such as standards, network documentation or operational procedures, RAG helps ground AI outputs in trusted information. This is particularly important in network operations, where accuracy and reliability are critical.

Another important concept discussed is the Model Context Protocol (MCP), which addresses how AI models interact with external tools and systems. For telecom operators, standardised mechanisms for AI access to network management systems, data platforms and orchestration tools could significantly simplify integration and accelerate the deployment of AI-driven automation across the network lifecycle.

The video also touches on Mixture of Experts (MoE) models, which provide a more efficient way to scale AI by activating only the parts of a model needed for a specific task. This approach is especially relevant for telecom use cases where compute efficiency, latency and energy consumption are key constraints, particularly as AI capabilities move closer to the edge of the network.

Finally, the video briefly discusses Artificial Superintelligence (ASI). While ASI remains theoretical, it is often referenced in long-term discussions around AI evolution. For the telecom industry, it serves as a reminder of the rapid pace of change and the importance of governance, trust and control as networks become increasingly autonomous and software-driven.

Overall, this video offers a useful technical refresher on AI concepts that are already shaping the development of network intelligence, autonomous operations and AI-native architectures. For anyone working on 5G Advanced, autonomous networks or early 6G thinking, these are terms that are quickly becoming part of the industry’s everyday vocabulary.

Related Posts and Articles:

• Cambridge Wireless - Agentic AI Security: Navigating Trust, Autonomy and Resilience
• The 3G4G Blog - AI/ML in 3GPP: Progress, Challenges, and the Road to 6G
• Operator Watch Blog: Automation and Data Driven Network Optimization in Swisscom’s Mobile Strategy
• Operator Watch Blog: Telefonica’s Journey Towards End-to-End Autonomous Networks
• Operator Watch Blog: The Power of AI in NTT Docomo’s 5G Journey
• Operator Watch Blog: Building and Scaling AI the Cloud Native Way at Singtel
• Operator Watch Blog: How AI Is Reshaping Network Operations at Deutsche Telekom
• Free 6G Training: Agentic AI and the Path to Hyper-Personalised 6G Networks
• Free 6G Training - Pioneering 6G with AI: Reflections on NVIDIA’s Keynote at the Brooklyn 6G Summit 2025
• Free 6G Training - AI for Wireless: Evaluating Neural Receivers with Test and Measurement and Digital Twins
• The 3G4G Blog: AIoT and A-IoT 

Telecom Security Realities from 2025 and Lessons for 2026

Telecom security rarely stands still. Each year brings new technologies, new attack paths, and new operational realities. Yet 2025 was not defined by dramatic new exploits or spectacular network failures. Instead, it became a year that highlighted how persistent, patient and methodical modern telecom attackers have become.

The recent SecurityGen Year-End Telecom Security Webinar offered a detailed look back at what the industry experienced during 2025. The session pulled together research findings, real world incidents and practical lessons from across multiple domains, including legacy signalling, eSIM ecosystems, VoLTE vulnerabilities and the emerging world of satellite-based mobile connectivity.

For anyone working in mobile networks, the message was clear. The threats are evolving, but many of the core problems remain stubbornly familiar.

A Year of Stealth Rather Than Spectacle

One of the most important themes from the webinar was that 2025 did not bring a wave of highly visible disruptive telecom attacks. Instead, it was characterised by quiet, low profile intrusions that often went undetected for long periods.

Operators around the world reported that attackers increasingly favoured living-off-the-land techniques. Rather than deploying noisy malware, intruders looked for ways to gain legitimate access to core systems and remain hidden. Lawful interception platforms, subscriber databases such as HLR and HSS, and internal management platforms were all targeted.

The primary objective in many cases was intelligence collection. Attackers were interested in call data, subscriber information and network topology rather than immediate disruption. This shift in motivation makes detection far more difficult, as there are often few obvious signs of compromise.

At the same time, automation has become a defining feature on both sides of the security battle. Operators are investing heavily in AI and machine learning to identify abnormal behaviour. Attackers are doing exactly the same, using automation to scale phishing campaigns and to accelerate exploit development.

Despite all this technology, basic security discipline continues to be a major challenge. A significant proportion of incidents still originate from human error, poor operational practices or simple failure to apply patches. The industry continues to invest billions in cybersecurity, but much of that effort is consumed by reporting and compliance activities rather than direct threat mitigation.

eSIM Security Comes into Sharp Focus

The transition from physical SIM cards to eSIM and remote provisioning is one of the most significant structural changes in the mobile industry. It offers clear benefits in terms of flexibility and user experience. However, the webinar highlighted that it also introduces entirely new security concerns.

Traditional SIM security models relied heavily on physical control. Fraudsters needed access to large numbers of real SIM cards to operate at scale. With eSIM, many of those physical constraints disappear. Remote provisioning expands the number of parties involved in the connectivity chain, including resellers and intermediaries who may not always operate under strict regulatory oversight.

During 2025 several major SIM farm operations were dismantled by law enforcement. These infrastructures contained tens of thousands of active SIM cards and were used for large scale fraud, smishing campaigns and automated account creation. While such operations existed long before eSIM, the technology has the potential to make them even easier to deploy and manage.

Research discussed in the session pointed to additional concerns. Analysis of travel eSIM services revealed issues such as cross-border routing of management traffic, excessive levels of control granted to resellers, and lifecycle management weaknesses that could potentially be abused by attackers. In some cases, resellers were found to have capabilities similar to full mobile operators, but without equivalent governance or transparency.

The conclusion was not that eSIM is inherently insecure. The technology itself uses strong encryption and robust mechanisms. The problem lies in the wider ecosystem of trust boundaries, partners and processes that surround it. Securing eSIM therefore requires cooperation between operators, vendors, regulators and service providers.

SS7 Remains a Persistent Weak Point

Few topics in telecom security generate as much ongoing concern as SS7. Despite being a technology from a previous era, it remains deeply embedded in global mobile infrastructure. The webinar dedicated significant attention to why SS7 continues to be exploited in 2025 and why it is likely to remain a problem for many years to come.

Throughout the year, media reports and research papers continued to demonstrate practical abuses of SS7 signalling. Attackers probed networks, attempted to bypass signalling firewalls and looked for new ways to manipulate protocol behaviour. Techniques such as parameter manipulation and protocol parsing tricks were highlighted as methods that can sometimes evade existing protections.

One particularly interesting demonstration showed how SS7 messages could be used as a covert channel for data exfiltration. By embedding information inside otherwise legitimate signalling transactions, attackers can potentially move data across networks without triggering traditional security alarms.

Perhaps the most striking point raised was how little progress has been made in eliminating SS7 dependencies. Analysis of global network deployments showed that only a handful of countries operate mobile networks entirely without SS7. Everywhere else, the protocol remains a foundational element of roaming and interconnect.

As a result, even operators that have invested heavily in 4G and 5G security can still be undermined by weaknesses in this legacy layer. The uncomfortable reality is that SS7 vulnerabilities will continue to be exploited well into 2026 and beyond.

VoLTE and Modern Core Network Risks

While legacy protocols remain a problem, modern technologies are not immune. VoLTE infrastructure in particular was identified as an increasingly attractive target.

VoLTE relies on complex interactions between signalling systems, IP multimedia subsystems and subscriber databases. Weaknesses in configuration or interconnection can open the door to call interception, fraud or denial of service. Several real world incidents during 2025 demonstrated that attackers are actively exploring these paths.

The move toward fully virtualised and cloud-native mobile cores also introduces new operational challenges. Telecom networks now resemble large IT environments, complete with the same risks around misconfiguration, insecure APIs and exposed management interfaces.

The Emerging Security Challenge of 5G Satellites

One of the most forward-looking parts of the webinar focused on non-terrestrial networks and direct-to-device satellite connectivity. What was once a concept for the distant future is rapidly becoming a commercial reality.

Satellite integration promises to extend 5G coverage to remote areas, oceans and disaster zones. However, it also changes the security model in fundamental ways. Satellites can act either as simple relay systems or as active components of the mobile radio access network. In both cases, new threat vectors emerge.

Potential issues discussed included the risk of denial of service against shared satellite resources, difficulties in applying traditional radio security controls in space-based equipment, and the possibility of more precise user tracking due to the way satellite systems handle location information.

Experts from the space cybersecurity community explained how vulnerabilities in mission control software and ground segment infrastructure could be exploited. Much of this software was originally designed for isolated environments and is only now being connected to wider networks and the internet.

As telecom networks expand beyond the boundaries of the Earth, security responsibilities extend with them. Operators will need to think not only about terrestrial threats but also about risks originating from space-based components.

The Human Factor and the Skills Gap

Technology was only part of the story. Another recurring theme was the global shortage of skilled telecom cybersecurity professionals.

Studies referenced in the session suggested that millions of additional specialists are needed worldwide, yet only a fraction of that demand can currently be filled. Many security teams are overwhelmed by the sheer volume of alerts and data they must process.

This shortage has real consequences. When teams are stretched thin, patching is delayed, anomalies are missed and complex investigations become difficult to sustain. The panel emphasised that throwing more tools at the problem is not enough. Organisations must focus on training, automation and smarter operational processes.

Automation and AI-driven analysis were presented as essential enablers. Given the scale of modern mobile networks, it is simply not feasible for human analysts to monitor every signalling protocol, every core interface and every emerging technology manually.

Preparing for 2026

Looking ahead, the experts agreed on several broad trends. Attacks on legacy systems such as SS7 will continue. Fraudsters will increasingly target eSIM provisioning processes. VoLTE and 5G core components will face growing scrutiny. Satellite-based connectivity will introduce new and unfamiliar security questions.

Perhaps most importantly, the line between traditional telecom security and general cybersecurity will continue to blur. Mobile networks are now large, distributed IT platforms, and they inherit all the complexities that come with that transformation.

Operators, regulators and vendors must therefore adopt a holistic view. Investment must go beyond compliance reporting and focus on practical defences, real time monitoring and collaborative intelligence sharing.

Final Reflections

The SecurityGen webinar provided a valuable snapshot of an industry at a crossroads. Telecom networks are becoming more advanced and more capable, but also more complex and interconnected than ever before.

2025 demonstrated that attackers do not always need new vulnerabilities. Often they succeed simply by exploiting old weaknesses in smarter ways. The challenge for 2026 is to close those gaps while also preparing for the technologies that are only just beginning to emerge.

For those involved in telecom security, the full discussion is well worth watching. The complete webinar recording can be viewed below:

Related Posts:

• The 3G4G Blog: Evolving Communication Security Towards 6G at the ETSI Security Conference 2025
• The 3G4G Blog: Detection of Real-world Fake Base Station (FBS) Attacks in Thailand
• The 3G4G Blog: Attack Surfaces for Different Generations of Mobile Technologies
• The 3G4G Blog: Presentations from ETSI Security Conference 2023
• The 3G4G Blog: Top 10 New (2022) Security Standards That You Need to Know About!
• The 3G4G Blog: Authentication and Key Management for Applications (AKMA) based on 3GPP credentials in the 5G System (5GS)
• The 3G4G Blog: 5G and Cyber Security
• The 3G4G Blog: Everything you need to know about 5G Security
• 3G4G: Security in 2G, 3G, 4G & 5G Mobile Networks