Search for a command to run...
With the increasing deployment of 5G private networks in smart manufacturing, transportation, and IoT environments, the high performance of these networks has also introduced new cybersecurity challenges. The convergence of Information Technology (IT), Operational Technology (OT), and Communication Technology (CT) significantly expands the attack surface and exposes systems to cross-domain threats such as rogue base station infiltration, distributed denial-of-service (DDoS) attacks, and lateral movement. These attacks threaten data integrity, service continuity, and user privacy. To address these issues, this study applies the MITRE FiGHT threat model to depict representative attack stages—including reconnaissance, intrusion, lateral propagation, and service disruption—and integrates CVSS 3.1 scoring with corresponding mitigation strategies. Based on these components, we construct an analytical workflow capable of quantifying risks, identifying governance deficiencies, and guiding targeted improvements. A prototype Cybersecurity Governance Maturity Model (CSGMM) tailored for 5G private networks is subsequently proposed. The proposed framework incorporates six governance domains—policy, asset management, risk defense, incident response, control practices, and supply chain management—and formalizes a three-tier structure covering strategic, tactical, and operational layers. It also defines twenty-five practice objectives aligned with international standards such as ISO/IEC 27002 and NIST CSF 2.0, improving both applicability and interoperability. Experimental validation was conducted using a Free5GC and UERANSIM testbed to simulate practical attack scenarios, including traffic-based DDoS and endpoint-level exploitation. The results show that the implementation of the governance framework, together with FiGHT-based mitigation strategies, leads to a measurable reduction in CVSS risk scores and attack success probability. These findings demonstrate that integrating governance mechanisms with technical defense measures enhances incident response, strengthens network resilience, and supports continuous security management throughout the lifecycle of 5G private network deployment. The proposed model provides a structured reference for both industry and government seeking to advance 5G cybersecurity strategies. It offers practical value for smart manufacturing and other mission-critical applications, supporting organizations in addressing increasingly complex cyber threats in the era of digital transformation.