Summer School on 5G Network SecurityNIS2 Article 21: maturity self-assessment
Score the ten minimum security measures for the scenario below, and note your reasoning. Three events unfold during NordTel's launch week; revisit the affected measures as each one lands. Nothing is sent anywhere, and you download your own report at the end.
The scenario: NordTel private-5G slice (port + hospital)
NordTel, a regional electronic-communications operator. About 120 staff, ~EUR 40M turnover, an 8-person IT team, no dedicated security team yet.
- Customers: a private 5G slice for the regional port (automated cranes, logistics, CCTV) and the county hospital (clinical telemetry, private medical network), both latency-sensitive and safety-relevant.
- 5G Core: containerised network functions running in a public cloud region.
- RAN: radio units from two vendors, one established, one new and not yet security-assessed.
- Transport: leased fibre from a third party.
- MANO / orchestration: open-source OSM on Kubernetes, run by the IT team.
- Under OUG 155/2024, NordTel is an essential entity in electronic communications; the port and hospital are essential entities in their own sectors.
Score each measure as it stands for NordTel as described, not for an ideal operator and not for your own organisation.
Maturity scale (0–3)
0 NoneNot in place. The topic has not been addressed.
1 InitialAd hoc. One person does it by habit, nothing written down.
2 DefinedDocumented and applied consistently across the team.
3 ManagedMeasured, reviewed and improved; audited regularly.
NIS2 Article 21 maturity self-assessment . 5G-TACTIC Summer School
TLP:GREEN
Indicative self-assessment for training. Not a formal audit or a compliance determination.
TLP:GREEN
Indicative self-assessment for training. Not a formal audit or a compliance determination.