A method performed by a network node that generates a schedule of communication exchanges between the network node and a small cell of a telecommunications network. The schedule is unique for the small cell among multiple small cells and sets times for sending status signals to the small cell and receiving counterpart response signals from the small cell. When the network node detects non-compliance with the schedule, the network node can begin to monitor the small cell for anomalous activity. Upon detecting that the anomalous activity includes malicious activity, the network node can communicate with the small cell wirelessly to deauthorize the small cell.