The numbers are impressive. Private 5G investment is growing at 22% CAGR to $7.2 billion by 2028. The Public Safety LTE & 5G Market Report puts mission-critical communications alone at $6.3 billion by 2028. Nokia and Boldyn are putting private 5G underground in mines. Port operators are deploying private 5G with real results. Private 5G is a genuine improvement over Wi-Fi for harsh environments: better spectrum management, lower latency, deterministic throughput. I agree with the investment. I disagree with the assumption underneath it. Better connectivity does not equal better resilience. Connectivity is a feature. Resilience is an architecture. The industry is spending billions on the feature.

Connectivity Reliability and Operational Resilience Are Fundamentally Different Engineering Problems

The private 5G pitch follows a syllogism: Wi-Fi is unreliable in harsh environments, private 5G is more reliable than Wi-Fi, therefore private 5G solves the reliability problem for edge operations. Two true premises, one false conclusion. The syllogism breaks because it conflates connectivity reliability, meaning the pipe works when you need it, with operational resilience, meaning the operation continues even when the pipe does not. Solving the first does not touch the second.

Underground tunnels with geological interference, offshore platforms in storms, remote substations during wildfires, disaster zones where cellular towers are among the first casualties: in every one of these environments, even private 5G has gaps, dead zones, and failure modes. The failure probability is lower than Wi-Fi, sometimes much lower. It is not zero. In safety-critical operations, the difference between "very reliable" and "resilient" is the difference between "usually works" and "always works."

In over three decades of building edge networking infrastructure for environments like these, I have watched this pattern repeat with every generation of connectivity technology. Ethernet was going to solve it. Wi-Fi was going to solve it. LTE was going to solve it. Each generation improved the pipe. None of them addressed what happens when the pipe fails. When major disasters destroy terrestrial communications infrastructure, resilience comes from systems that do not need that infrastructure at all, not from systems with a better version of the infrastructure that just failed. Private 5G is the latest iteration of the same pattern: a genuine connectivity improvement that the industry is mistaking for a resilience architecture.

Many Private 5G Deployments Replicate the Cloud Dependency at the Network Layer Itself

The resilience assumption behind private 5G depends on a question most buyers never ask: where do the core network functions live? A standalone private 5G deployment can run its entire core locally: User Plane Function, Access and Mobility Management, Session Management, all on-premises. In that configuration, the 5G network operates independently of any external connection. Local devices authenticate locally, traffic routes locally, and the radio network functions even if the WAN backhaul is completely down.

Many private 5G deployments, particularly those sold as managed services, do not work this way. The radio units are local. The core functions run in the cloud or at a regional data center. In that architecture, if the backhaul drops, the radio layer may still be transmitting, but authentication, session management, and traffic routing fail. New devices cannot attach to the network. Existing sessions may persist temporarily depending on implementation, but the network cannot adapt, re-authenticate, or route new flows. The private 5G network itself becomes a partition casualty.

This means the connectivity investment that was supposed to improve reliability may actually deepen the dependency it was meant to eliminate. When the 5G core lives in the cloud, backhaul failure doesn't just take down the WAN. It takes down the local wireless network too. That's potentially worse resilience than Wi-Fi.

Before evaluating private 5G as a resilience layer, the first question should be whether the core is local. If it is not, the deployment has added a radio layer while amplifying the architectural vulnerability underneath it. Better spectrum, more dependency.

Edge Hardware Operates Independently During a Partition but Edge Software Almost Never Does

The deeper problem is not the radio layer. It is the software layer. Most edge computing stacks are designed with an assumption embedded so deeply in their architecture that nobody questions it: connectivity exists. The AI inference might run locally. But the orchestration, the model updates, the event routing, and the decision logic depend on a connection to something upstream. Pull the connection and the edge does not just lose telemetry or cloud sync. It loses the ability to make decisions. Safety alerts stop routing. Anomaly detection models cannot update their thresholds. Event processing queues stall. The node does not degrade gracefully. It goes dark.

The industry commonly describes edge computing as occurring locally without the need for internet access. That is true at the hardware level. It is almost never true at the software level. The hardware can operate independently. The software almost never can. That is the gap the industry is not discussing, and it is the gap that private 5G investment actively obscures. Private 5G reduces the frequency of connectivity interruptions. Fewer dropouts, fewer dead zones, fewer moments where the edge is on its own. Because interruptions are rarer, teams stop designing for them. The assumption of connectivity goes from "usually true" to "almost always true," and nobody tests what happens in the "almost."

Offline-first architecture inverts this assumption. Every edge node stores data locally, runs its full decision logic locally, and maintains safety-critical operations with zero network contact. Connectivity is a bonus: when you have it, sync and coordinate. When you do not, keep running. That is not an edge case to accommodate. It is the design center.

Autonomous Operation Without Governance Produces Ungoverned Decisions at Machine Speed

Keeping the edge node operational during a partition solves half the problem. The other half is whether those autonomous decisions are governed. An edge node that continues making safety-critical decisions without connectivity is only valuable if those decisions are logged with cryptographic attestation at the moment they are made, if human override capability persists locally, and if the decision record is verifiable and auditable after reconnection.

Most edge platforms that claim offline operation buffer logs locally and sync them when connectivity returns. Some implementations sign or encrypt those logs at rest. But protecting the data is not the same as attesting the governance state. A signed log proves the log was written. It does not prove that the governance system was operational at the moment of decision, that human oversight was available, or that policy was being enforced when the action was taken. The distinction between encrypted storage and attested governance state is where most edge architectures stop short.

An offline-first architecture that takes governance seriously handles this at the Authority plane. Every decision is logged with cryptographic attestation on the device, signed by a key only that device controls. Human override operates locally. When connectivity restores, the system executes attested store-and-forward: packaging the cryptographically signed local state, transmitting it through a reconciliation protocol designed for intermittent asynchronous links, and merging it with the fleet-wide governance picture while preserving the attestation chain. The reconciliation does not simply copy data from the edge to the cloud. It merges divergent states that evolved independently, verifies their integrity, and resolves conflicts through policy-driven rules. That reconciliation capability transforms an offline-capable edge node into a governed autonomous system.

Edge Software Designed Around a Single Bearer Replaces One Lock-In with Another

Network-dependent systems fail like cliffs: everything works perfectly, then everything stops. One minute the system has full telemetry. The next it has nothing. The PSNI ControlWorks failure in 2025 illustrates a related pattern: it was not a connectivity failure at all but a software failure in a centralized architecture that delayed critical information reaching investigators. The network was fine. The architecture was the single point of failure. Network-dependent edge systems reproduce that same structural vulnerability at every site, and no radio improvement fixes it.

Offline-first systems degrade like slopes. The system might lose cloud sync or remote visibility, but local operation, local governance, and local decision-making continue. The failure mode is fundamentally different, and no amount of radio improvement changes the failure mode of a cliff-architecture system. It just makes the cliff less frequent.

Transport-layer independence compounds this advantage. An edge software stack should be agnostic to whatever bearer is beneath it. Private 5G today, satellite backup in a storm, mesh networking in a disaster, LoRaWAN for sensor telemetry, Wi-Fi HaLow for longer-range device communication: the application layer should not care which bearer is active. A policy-driven Connectivity plane manages the full portfolio of available bearers, routing traffic based on operational rules enforced locally on the device. Safety alerts route over the most reliable bearer immediately. Routine telemetry batches for low-cost windows. Management traffic routes through the most secure available link. If the 5G core goes down because it is cloud-hosted, the policy engine routes through satellite or mesh without waiting for the application layer to notice the failure.

An edge deployment designed specifically around private 5G's characteristics has replaced Wi-Fi lock-in with 5G lock-in. The radio is newer. The dependency is the same. Transport-layer independence is the architectural principle that prevents the next connectivity investment from becoming the next single point of failure.

The Five Minutes When Everything Goes Dark Are the Only Five Minutes That Matter

Private 5G is solving a genuine problem. Wi-Fi is not good enough for industrial edge environments. Port of Tyne's private 5G deployment is delivering real results. The Nokia mining rollouts are impressive. These are the right investments in connectivity.

The question that should be on every CTO's whiteboard is not about the 99% when the pipe is working. It is about the five minutes when everything goes dark. A mine collapse. A hurricane. A grid failure. A cyberattack against telecom infrastructure. During those five minutes, the connectivity investment is irrelevant. What matters is whether the edge software keeps making decisions, whether those decisions are governed and attested, whether the system routes through whatever bearers survive, and whether the fleet reconciles coherently when connectivity restores.

The organizations that get this right will have both: a private 5G network delivering deterministic performance most of the time, and a three-plane edge architecture that does not flinch during the fraction of time when it does not. The Compute plane keeps making decisions. The Connectivity plane routes through surviving bearers. The Authority plane ensures every decision is governed, attested, and reconcilable. Below all three, out-of-band recovery brings back nodes that fail at the hardware level without waiting for a truck.

The resilience lives in the software. The governance lives on the device. The connectivity is an enhancement, not a dependency. In the environments where this work actually matters, the mine, the platform, the disaster zone, that is the only architecture worth building.