The Missing Layer: PCNs Fail Without Device-Centric Security

Earlier this month, CISA warned enterprises of an actively exploited, six-year-old vulnerability in Sierra Wireless AirLink routers that enables remote code execution (RCE). When exploited, attackers can take full control of the router, monitor traffic, move laterally into internal networks, deploy malware, and disrupt critical industrial operations.

 

It isn’t a bug – It’s a Breach in Waiting

The flaw impacts Sierra Wireless AirLink industrial routers widely used in industrial, utility, transportation, and OT environments. It allows attackers to upload a malicious file that overwrites a legitimate system file, causing the compromised code to execute on the router.

Because RCE vulnerabilities provide complete device takeover, they are among the most severe security risks—especially when exploited at the network edge. In response, U.S. federal agencies have been instructed to patch or remove affected devices by January 2, 2026.

Why Device Centric Security Matters in Private Cellular Networks

Private Cellular Networks exist because of Devices

Enterprises deploy private cellular networks to connect devices—sensors, PLCs, robots, AGVs, meters, cameras, wearables, and legacy OT equipment. These devices are often unmanaged, headless, unpatchable, and long-lived, yet they are expected to operate securely over many years. If enterprises are not securing the devices themselves, they are not securing the very reason the network exists.

 

Traditional Network Security Assumptions Break Immediately

Traditional network security was designed for stable enterprise environments with known users, managed endpoints, and static networks, where IP addresses reliably represent identity and behavior. Private cellular environments are the opposite: they support large numbers of heterogeneous, roaming devices from multiple vendors, with changing configurations and no stable IP-based identity. This makes IP-centric security controls quickly become ineffective.

 

SIM Authentication ≠ Device Trust

When a SIM is authenticated, the SIM is allowed on the network, making SIM-based access dangerous because there isn’t a way to verify and validate a device’s identity or behavior. To ensure that the network is secure, enterprises must confidently determine that the expected device is connected to the network, it’s behaving as it was intended, and it has access to the right services. In the worst-case scenario, they must be able to quickly determine if any anomalies are indicators that the device may have been replaced, spoofed, cloned, or compromised. With SIM-based access, enterprises can’t answer any of these questions, leaving the integrity of the network dangerously vulnerable.

 

Device Risk Is the Dominant Threat Vector

Private cellular network risk is device-driven. Without device-level monitoring, enterprises lack visibility into any misconfigurations, unauthorized or swapped equipment, shadow OT, lateral movement by compromised devices, and the compounded risk of vendor-controlled firmware in a perimeter-less, radio-based environment. To properly mitigate these risks, every device must be continuously assessed as a potential actor, not a trusted endpoint.

 

Visibility Must Start at the Device Layer

When device-centric context is prioritized, the visibility for operators and enterprises improves dramatically. It enables them to answer crucial baseline questions: which devices are connected, their vendor, model, and firmware, which devices are critical versus expendable, and whether any anomalies exist within each device type. Without starting at the device layer, IP flows and generic traffic analytics provide limited insight. Once device visibility is established, network-level analytics become truly meaningful and actionable.

 

Zero Trust Only Works if “Identity” Means Device Identity

Traditional ZTNA assumes users log in, but in PCNs, devices are the primary actors, and they don’t log in. In private cellular networks, when devices are treated as the primary actors, it enables continuous device verification, least-privilege access by device type, and micro segmentation based on device intent—making Zero Trust truly device-first.

 

Life Cycle Reality: Security Must Survive Network Evolution

Private cellular networks evolve rapidly, with new vendors, spectrum options, and core architectures—hybrid, on-prem, and cloud. MNO involvement can also change over time, and enterprises often add new devices long after the initial rollout. A device-centric security model provides consistent protection throughout the network’s entire lifecycle, from pilot to full-scale deployment.

Why OneLayer’s Approach is Structurally Different

OneLayer aligns with how private cellular networks actually work, providing security built for the device-driven, cellular-based, industrial reality. Identity and trust are anchored in each device, and continuous fingerprinting ensures enterprises always know what’s on their network, leaving no room for static assumptions. Security is intentionally woven into network operations from the start, not added as an afterthought, making it the right approach for enterprise-scale environments. Designed to support utilities and other verticals with varying deployment timelines, OneLayer guides enterprises through every step of their private cellular security journey—whether from the initial rollout or later in the adoption process.

In the world of private cellular networks, devices are the users, the workload, and the attack surface; security must start and stay device-centric.