During my secondment at Vrije Universiteit Brussel (VUB), under the supervision of An Braeken, I explored how Small and Medium-Sized Enterprises (SMEs) can effectively secure their role in emerging 5G+ ecosystems. This work focused on bridging academic research, regulatory frameworks, and industrial realities, with particular attention to the challenges SMEs face in understanding and implementing cybersecurity requirements in complex and evolving environments.
A key outcome of this research was the clarification of the role of SMEs as hybrid actors within the 5G+ value chain. Depending on their activities, SMEs may deploy private networks, provide services, or develop solutions, leading to different levels of cybersecurity responsibility. Building on this, I developed a responsibility-aware cybersecurity model aligned with the principles of the NIS2 Directive, where cybersecurity is operator-grade in logic but adapted to SME constraints. This includes improved visibility through protocol-aware monitoring, understanding of 5G-specific threats, and the use of automated response and structured incident sharing mechanisms.
The proposed approach was validated through the analysis of technologies developed at Montimage, forming an integrated lifecycle from attack understanding to detection, response, and information sharing. The results were presented in a webinar organised within the SAND5G framework, highlighting the importance of translating regulatory expectations into practical solutions. Overall, this secondment contributed to advancing SME-oriented cybersecurity, strengthening collaboration between academia and industry, and supporting the resilience of critical infrastructures in Europe.
