When will people learn - 'secure the connections, not the network'. You don't trust the internet, and you shouldn't trust your internal network either.
Every connection between devices should be encrypted as if it's going over the internet. That's the basis of BeyondCorp, and many companies are going that way.
It's far more sensible to secure just two endpoints than it is to also secure all the wireless links, routers, and cables between them.
Now, when the adversary gets control of your routers, it doesn't matter - they can't steal anything of value. The worst they can do is cause a brief outage, for which they'll be immediately detected.
Sure, that’s a great idea. But your transport security is going to show vulnerability sooner or later (see: regular issues in TLS), and it’s worth having a slightly less compromised network fabric.
But they can slow down the traffic or disconnect it completely. If an entire countries 5G infrastructure is built by a single company that can push updates to the infrastructure, then it can completely disable it.
Every connection between devices should be encrypted as if it's going over the internet. That's the basis of BeyondCorp, and many companies are going that way.
It's far more sensible to secure just two endpoints than it is to also secure all the wireless links, routers, and cables between them.
Now, when the adversary gets control of your routers, it doesn't matter - they can't steal anything of value. The worst they can do is cause a brief outage, for which they'll be immediately detected.