CBRS Comes of Age as a Shared Spectrum Success Story

The Citizens Broadband Radio Service, better known as CBRS, has often been described as an experiment in spectrum sharing. Based on the latest OnGo Alliance webinar on the state of CBRS, that description no longer feels accurate. CBRS is now a sizeable and maturing wireless ecosystem in the United States, supporting mobile operators, cable companies, wireless internet service providers, private network deployments, neutral host systems and a growing range of enterprise use cases.

For those less familiar with CBRS, it operates in the 3.5 GHz band in the United States and uses a shared spectrum framework. Rather than relying only on traditional exclusive licensing or completely unlicensed access, CBRS introduced a three-tier model, coordinated through a Spectrum Access System, or SAS. This software-based coordination layer allows different users to access spectrum while protecting incumbent users, including government and defence systems.

The model has taken more than a decade to develop. The discussion began around 2012, when US policymakers and defence stakeholders started exploring whether mid-band spectrum could be shared more efficiently between government and commercial users. The first FCC rule and order arrived in 2015, followed by the creation of the OnGo Alliance in 2016. The role of the Alliance was to bring together government, industry, technology providers and users to translate the regulatory framework into a workable commercial ecosystem.

A key point from the webinar was that CBRS has not developed as a single-sector technology. It is not just for mobile operators, and it is not just for private wireless. It brings together mobile network operators, cable companies, WISPs, system integrators, RAN vendors, device manufacturers, SAS administrators, enterprises, airports, campuses, healthcare facilities, utilities and many others. This diversity is one of the main reasons CBRS has become interesting from a broader telecoms perspective.

The scale of deployment is now significant. The webinar highlighted more than 437,000 CBRS devices deployed across the United States, more than 1,000 CBRS operators and networks, around 1,100 certified end-user devices supporting Band 48, and more than 1,800 private network deployments. The total ecosystem investment was described as being more than 14 billion US dollars, including spectrum, equipment, standardisation, technology development, SAS infrastructure and sensing networks.

The Priority Access Licence, or PAL, auction also played an important role. Auction 105 raised close to 5 billion US dollars and created around 22,000 PAL licences. Unlike some traditional spectrum auctions, the county-based licence areas allowed smaller and regional players to participate, particularly in rural and suburban markets. This is important because CBRS has become a practical tool not only for national-scale operators but also for smaller service providers addressing local connectivity needs.

One of the most useful ways to understand CBRS is to place it between two familiar models. On one side there is unlicensed spectrum, mainly associated with Wi-Fi, which is easy to access but can suffer from congestion and unpredictability. On the other side there is exclusive licensed spectrum, which provides stronger control but is expensive, complex and usually held by major operators. CBRS sits between these models. General Authorised Access, or GAA, provides licence-by-rule access, while PAL provides a higher-priority licensed layer. The SAS coordinates access and helps manage coexistence.

This software-managed spectrum access model is one of the most important aspects of CBRS. In a traditional licensing model, gaining access to spectrum can be slow and expensive. In CBRS, the SAS can authorise spectrum use in minutes. The network operator interacts with the SAS, while the end user does not need to know that this process is happening. In many deployments, even the radio does not need to communicate directly with the SAS because a domain proxy or network management system can handle that interaction.

The webinar also made clear that CBRS is evolving. CBRS 2.0, introduced in 2024, expanded availability by refining the way incumbent protection is handled. This opened the band to an additional 72 million Americans, mainly through software and regulatory improvements rather than any major change in physical infrastructure. That is a powerful example of how shared spectrum systems can improve over time as data, models and operational experience mature.

Fixed Wireless Access is one of the most visible CBRS use cases. WISPs and FWA providers are using CBRS to serve suburban, rural and ultra-rural communities, often in places where connectivity options are limited. The webinar suggested that CBRS-based WISPs and FWA providers are serving more than 10 million residential customers in the United States, with many of these customers located in areas that have fewer than two viable internet options.

This is a useful reminder that wireless and fibre should not always be seen as competing technologies. In many rural deployments, CBRS is used as part of a hybrid model, with fibre providing backhaul and fixed wireless covering the final stretch. This can be faster and cheaper than extending fibre everywhere, particularly in difficult terrain or sparsely populated areas. It can also be more resilient in emergencies, as wireless networks can often be restored more quickly after fires, floods or other disasters.

The discussion also touched on competition from low Earth orbit satellite systems such as Starlink and future Amazon Kuiper services. The speakers framed satellite and CBRS-based FWA more as complementary technologies than direct competitors. This is a sensible view. Rural broadband is not a single-problem market. Some locations will be better served by terrestrial fixed wireless, some by fibre, some by satellite, and many by a combination of these approaches. The real value comes from having multiple options.

Private networks are another major part of the CBRS story. Enterprises can use CBRS spectrum for their own dedicated cellular networks, with applications tailored to their operational needs. These networks can sit inside the enterprise firewall and support predictable performance, mobility and security. Typical applications include point-of-sale terminals, push-to-talk communications, video surveillance, automated guided vehicles, warehouse systems, robotics, utilities, airports, ports, rail yards and industrial facilities.

The mobility angle is especially important. Wi-Fi is excellent for many indoor and enterprise use cases, but private cellular can provide more predictable mobility, coverage and quality of service in large sites, outdoor environments and industrial locations. As physical AI, robotics and autonomous systems become more widely deployed, reliable wireless connectivity will become more important. CBRS gives enterprises in the United States a practical route to deploy private cellular without needing to own exclusive nationwide spectrum.

Neutral host networks were also highlighted as a major growth area. In this model, an enterprise, venue or building owner deploys CBRS-based infrastructure to improve indoor mobile coverage for users of public mobile networks. This can help solve the common problem of poor indoor mobile signal, dropped calls and dead zones, especially in buildings where a traditional distributed antenna system is too expensive or too difficult to justify.

The safety aspect of neutral host coverage deserves more attention. Buildings often have public safety communications requirements for first responders, but the ability of occupants to call emergency services from inside the building is just as important. A neutral host system integrated with mobile operators can support emergency calling and wireless emergency alerts. This makes indoor cellular coverage not just a convenience issue but a safety and resilience issue.

The webinar suggested that around 80% of buildings in the United States lack adequate mobile coverage. While this figure may vary depending on building type and methodology, the underlying point is easy to recognise. Many offices, schools, hospitals, hotels, warehouses and public buildings still have patchy indoor mobile coverage. CBRS-based neutral host systems could lower the barrier for improving this, especially in mid-sized buildings that would not previously have justified a traditional operator-led solution.

Several verticals were identified as having strong growth potential. Airports are already emerging as a good example, with CBRS supporting operational communications, asset tracking, baggage handling and other behind-the-scenes functions. Ports, shipyards, utilities, factories, schools, campuses, hospitals, tribal communities, hospitality venues, stadiums and public sector facilities were also mentioned as areas where CBRS can support either private networks, neutral host networks or both.

Smart agriculture is another interesting opportunity. Farms often have poor mobile coverage but growing connectivity needs, from precision agriculture and sensors to equipment monitoring and automation. CBRS could provide localised, high-quality coverage where traditional mobile networks are weak or unavailable. Healthcare was also mentioned as a sector with significant potential, particularly as hospitals still rely on a mix of legacy communications tools while demanding more reliable mobile and telemetry connectivity.

One of the more forward-looking points came near the end of the webinar, where CBRS was positioned as a good candidate for AI-enhanced spectrum management. Because CBRS relies heavily on software, propagation models, measurements, databases and SAS-based decision-making, it creates an environment where AI could potentially improve spectrum availability and interference management. This will require careful regulatory support, but the idea is important. Spectrum sharing should not be static. It should improve as better data and better models become available.

The broader lesson from CBRS is that shared spectrum can work when the technical, regulatory and commercial models are aligned. It has created a middle ground between unlicensed and exclusive licensed spectrum. It has enabled smaller operators and enterprises to access mid-band spectrum. It has supported rural broadband, private networks and neutral host systems. It has also shown that incumbent protection and commercial deployment do not have to be mutually exclusive.

There are still challenges. Regulatory uncertainty remains a concern, especially if potential investors or deployers worry that the rules could change. Further refinements will be needed around incumbent protection, antenna heights, fixed satellite protection, indoor systems, distributed antenna systems and future enhancements. However, the direction of travel is positive. CBRS is no longer just a policy experiment or a niche wireless band. It is becoming an important part of the US connectivity landscape.

For markets outside the United States, CBRS is worth watching because it offers a real-world example of dynamic spectrum sharing at scale. Not every country will copy the CBRS model directly, and spectrum availability, incumbent use and regulatory priorities will differ. Even so, the principles are relevant. As demand for mid-band spectrum grows, governments and regulators will need more flexible ways to balance public, private, commercial and national security needs. CBRS shows one way this can be done.

The video of the webinar is embedded below:

Related Posts:

• 3G4G: Radio Frequency, Band and Spectrum
• 3G4G: Fixed Wireless Access (FWA)
• 3G4G: Private Networks & 5G Non-Public Networks 

Telecom Security Realities from 2025 and Lessons for 2026

Telecom security rarely stands still. Each year brings new technologies, new attack paths, and new operational realities. Yet 2025 was not defined by dramatic new exploits or spectacular network failures. Instead, it became a year that highlighted how persistent, patient and methodical modern telecom attackers have become.

The recent SecurityGen Year-End Telecom Security Webinar offered a detailed look back at what the industry experienced during 2025. The session pulled together research findings, real world incidents and practical lessons from across multiple domains, including legacy signalling, eSIM ecosystems, VoLTE vulnerabilities and the emerging world of satellite-based mobile connectivity.

For anyone working in mobile networks, the message was clear. The threats are evolving, but many of the core problems remain stubbornly familiar.

A Year of Stealth Rather Than Spectacle

One of the most important themes from the webinar was that 2025 did not bring a wave of highly visible disruptive telecom attacks. Instead, it was characterised by quiet, low profile intrusions that often went undetected for long periods.

Operators around the world reported that attackers increasingly favoured living-off-the-land techniques. Rather than deploying noisy malware, intruders looked for ways to gain legitimate access to core systems and remain hidden. Lawful interception platforms, subscriber databases such as HLR and HSS, and internal management platforms were all targeted.

The primary objective in many cases was intelligence collection. Attackers were interested in call data, subscriber information and network topology rather than immediate disruption. This shift in motivation makes detection far more difficult, as there are often few obvious signs of compromise.

At the same time, automation has become a defining feature on both sides of the security battle. Operators are investing heavily in AI and machine learning to identify abnormal behaviour. Attackers are doing exactly the same, using automation to scale phishing campaigns and to accelerate exploit development.

Despite all this technology, basic security discipline continues to be a major challenge. A significant proportion of incidents still originate from human error, poor operational practices or simple failure to apply patches. The industry continues to invest billions in cybersecurity, but much of that effort is consumed by reporting and compliance activities rather than direct threat mitigation.

eSIM Security Comes into Sharp Focus

The transition from physical SIM cards to eSIM and remote provisioning is one of the most significant structural changes in the mobile industry. It offers clear benefits in terms of flexibility and user experience. However, the webinar highlighted that it also introduces entirely new security concerns.

Traditional SIM security models relied heavily on physical control. Fraudsters needed access to large numbers of real SIM cards to operate at scale. With eSIM, many of those physical constraints disappear. Remote provisioning expands the number of parties involved in the connectivity chain, including resellers and intermediaries who may not always operate under strict regulatory oversight.

During 2025 several major SIM farm operations were dismantled by law enforcement. These infrastructures contained tens of thousands of active SIM cards and were used for large scale fraud, smishing campaigns and automated account creation. While such operations existed long before eSIM, the technology has the potential to make them even easier to deploy and manage.

Research discussed in the session pointed to additional concerns. Analysis of travel eSIM services revealed issues such as cross-border routing of management traffic, excessive levels of control granted to resellers, and lifecycle management weaknesses that could potentially be abused by attackers. In some cases, resellers were found to have capabilities similar to full mobile operators, but without equivalent governance or transparency.

The conclusion was not that eSIM is inherently insecure. The technology itself uses strong encryption and robust mechanisms. The problem lies in the wider ecosystem of trust boundaries, partners and processes that surround it. Securing eSIM therefore requires cooperation between operators, vendors, regulators and service providers.

SS7 Remains a Persistent Weak Point

Few topics in telecom security generate as much ongoing concern as SS7. Despite being a technology from a previous era, it remains deeply embedded in global mobile infrastructure. The webinar dedicated significant attention to why SS7 continues to be exploited in 2025 and why it is likely to remain a problem for many years to come.

Throughout the year, media reports and research papers continued to demonstrate practical abuses of SS7 signalling. Attackers probed networks, attempted to bypass signalling firewalls and looked for new ways to manipulate protocol behaviour. Techniques such as parameter manipulation and protocol parsing tricks were highlighted as methods that can sometimes evade existing protections.

One particularly interesting demonstration showed how SS7 messages could be used as a covert channel for data exfiltration. By embedding information inside otherwise legitimate signalling transactions, attackers can potentially move data across networks without triggering traditional security alarms.

Perhaps the most striking point raised was how little progress has been made in eliminating SS7 dependencies. Analysis of global network deployments showed that only a handful of countries operate mobile networks entirely without SS7. Everywhere else, the protocol remains a foundational element of roaming and interconnect.

As a result, even operators that have invested heavily in 4G and 5G security can still be undermined by weaknesses in this legacy layer. The uncomfortable reality is that SS7 vulnerabilities will continue to be exploited well into 2026 and beyond.

VoLTE and Modern Core Network Risks

While legacy protocols remain a problem, modern technologies are not immune. VoLTE infrastructure in particular was identified as an increasingly attractive target.

VoLTE relies on complex interactions between signalling systems, IP multimedia subsystems and subscriber databases. Weaknesses in configuration or interconnection can open the door to call interception, fraud or denial of service. Several real world incidents during 2025 demonstrated that attackers are actively exploring these paths.

The move toward fully virtualised and cloud-native mobile cores also introduces new operational challenges. Telecom networks now resemble large IT environments, complete with the same risks around misconfiguration, insecure APIs and exposed management interfaces.

The Emerging Security Challenge of 5G Satellites

One of the most forward-looking parts of the webinar focused on non-terrestrial networks and direct-to-device satellite connectivity. What was once a concept for the distant future is rapidly becoming a commercial reality.

Satellite integration promises to extend 5G coverage to remote areas, oceans and disaster zones. However, it also changes the security model in fundamental ways. Satellites can act either as simple relay systems or as active components of the mobile radio access network. In both cases, new threat vectors emerge.

Potential issues discussed included the risk of denial of service against shared satellite resources, difficulties in applying traditional radio security controls in space-based equipment, and the possibility of more precise user tracking due to the way satellite systems handle location information.

Experts from the space cybersecurity community explained how vulnerabilities in mission control software and ground segment infrastructure could be exploited. Much of this software was originally designed for isolated environments and is only now being connected to wider networks and the internet.

As telecom networks expand beyond the boundaries of the Earth, security responsibilities extend with them. Operators will need to think not only about terrestrial threats but also about risks originating from space-based components.

The Human Factor and the Skills Gap

Technology was only part of the story. Another recurring theme was the global shortage of skilled telecom cybersecurity professionals.

Studies referenced in the session suggested that millions of additional specialists are needed worldwide, yet only a fraction of that demand can currently be filled. Many security teams are overwhelmed by the sheer volume of alerts and data they must process.

This shortage has real consequences. When teams are stretched thin, patching is delayed, anomalies are missed and complex investigations become difficult to sustain. The panel emphasised that throwing more tools at the problem is not enough. Organisations must focus on training, automation and smarter operational processes.

Automation and AI-driven analysis were presented as essential enablers. Given the scale of modern mobile networks, it is simply not feasible for human analysts to monitor every signalling protocol, every core interface and every emerging technology manually.

Preparing for 2026

Looking ahead, the experts agreed on several broad trends. Attacks on legacy systems such as SS7 will continue. Fraudsters will increasingly target eSIM provisioning processes. VoLTE and 5G core components will face growing scrutiny. Satellite-based connectivity will introduce new and unfamiliar security questions.

Perhaps most importantly, the line between traditional telecom security and general cybersecurity will continue to blur. Mobile networks are now large, distributed IT platforms, and they inherit all the complexities that come with that transformation.

Operators, regulators and vendors must therefore adopt a holistic view. Investment must go beyond compliance reporting and focus on practical defences, real time monitoring and collaborative intelligence sharing.

Final Reflections

The SecurityGen webinar provided a valuable snapshot of an industry at a crossroads. Telecom networks are becoming more advanced and more capable, but also more complex and interconnected than ever before.

2025 demonstrated that attackers do not always need new vulnerabilities. Often they succeed simply by exploiting old weaknesses in smarter ways. The challenge for 2026 is to close those gaps while also preparing for the technologies that are only just beginning to emerge.

For those involved in telecom security, the full discussion is well worth watching. The complete webinar recording can be viewed below:

Related Posts:

• The 3G4G Blog: Evolving Communication Security Towards 6G at the ETSI Security Conference 2025
• The 3G4G Blog: Detection of Real-world Fake Base Station (FBS) Attacks in Thailand
• The 3G4G Blog: Attack Surfaces for Different Generations of Mobile Technologies
• The 3G4G Blog: Presentations from ETSI Security Conference 2023
• The 3G4G Blog: Top 10 New (2022) Security Standards That You Need to Know About!
• The 3G4G Blog: Authentication and Key Management for Applications (AKMA) based on 3GPP credentials in the 5G System (5GS)
• The 3G4G Blog: 5G and Cyber Security
• The 3G4G Blog: Everything you need to know about 5G Security
• 3G4G: Security in 2G, 3G, 4G & 5G Mobile Networks 

Quantum Internet: Evolutionary and Revolutionary Perspectives – Key Insights from the Webinar

theNetworkingChannel hosted another interesting webinar recently exploring the topic of how Quantum Internet is emerging and has many open directions, from disruptive and long-term ideas to concrete applications that can be explored with real devices today.

The panel consists of distinguished experts, including: 

• Bernardo Huberman – Fellow and Vice President of Next – Gen Systems – CableLabs – USA
• Marcello Caleffi – Professor – University of Naples “Federico II” – Italy
• Stephan Ritter – Director of Applications of Quantum Technologies – TOPTICA Photonics AG – Germany
• Stefano Pirandola – Founder and CEO – nodeQ – Professor – University of York – UK

The webinar description stated:

As Quantum Key Distribution (QKD) technology approaches maturity, the scientific community is now turning its attention to more advanced applications of quantum networks at metropolitan and international scales, such as distributed/delegated quantum computing and quantum sensor networks, requiring end-to-end entanglement of qubits, quantum memories, and varying degrees of fault tolerance. To make a leapfrogging advance, the co-existence of upcoming quantum networks with classical networks is also becoming more focal, with a significant impact at the physical level (i.e., the sharing of a telco fiber or rack space in an exchange point) and from a logical perspective (i.e., the integration with control/management planes of an Internet Service Provider or the interplay with classical jobs to be executed in a High-Performance Computing infrastructure). In this panel, we will discuss the research and development trends currently occupying the top positions of the priority list to make the Quantum Internet a real thing, with a tangible impact on industry, science, and society.

Key Takeaways:

The webinar looked at Quantum physics principles, such as superposition and entanglement, underlie the technology and have led to exciting developments, including the potential for quantum computers to solve complex problems and enable secure communication. Quantum entanglement can be used to coordinate parties without communication, enabling secure auctions and frequency hopping spread spectrum technology, which has been around since the 1950s. 

Early Applications and Challenges:

• Frequency hopping, used for secure communications since the 1950s, faces issues with machine learning-based attacks due to predictable sequences.
• QKD offers a solution by enabling Alice and Bob to coordinate using truly random, provably secure sequences.
• Despite its potential, building a quantum internet faces practical hurdles, including high implementation costs.

Quantum Internet Architecture: Revolution Over Evolution:

• The panel debated whether the Quantum Internet should evolve from classical networks or be a complete revolution. The consensus leaned toward a full redesign, requiring a new protocol stack rather than incremental updates.
• Entanglement is the core resource, unlike classical information, as it requires coordinated multi-node operations.

Technologies and Prototypes: 

• Quantum memories rely on specific lasers to manipulate qubits, and wavelength conversion techniques are being developed for compatibility.
• A prototype network is under construction, aiming to demonstrate teleportation and blind quantum computation by the decade’s end.
• The Quantum Internet Alliance (QIA) launched the QIA Technology Forum (QIATF) to foster collaboration among academia, industry, and ecosystem partners.

Quantum Teleportation and Distributed Computing:

• Quantum teleportation enables remote quantum computers to exchange qubits by sharing entangled states.
• This is fundamental for distributed quantum computing, where multiple machines collaborate remotely.
• Achieving a hybrid Quantum Internet will require interfaces (e.g., electro-optical converters) to connect diverse quantum systems like photonic, superconducting, and solid-state qubits.

Commercialisation and Future Outlook

• Quantum-secured communications for military use could emerge in 10–15 years.
• A full-fledged Quantum Internet could take 25 years, comparable in scale to the classical internet.
• Gradual progress is expected, with significant quantum computing milestones in 5–10 years.

While the slides have not been shared, the video of the webinar is embedded below: