The security challenges created by shifting to a disaggregated or “open” environment are a common issue raised about Open RAN. In April 2021, the Open RAN Policy Coalition released a 4-page paper, “Open RAN Security in 5G,” which outlines why Open RAN is not less secure than traditional RAN and can in fact bring security advantages.
The reasons for this are two-fold: First, new capabilities and advantages enabled by 5G will improve security for traditional and Open RAN architectures. Enterprise-grade security deployed in 5G can bring key advantages to meet security challenges like malware, botnets, and other forms of attacks that are potential risks regardless of architecture. All implementations of 5G will benefit from these enhancements. These include the ability to secure the technology and application stack by securing all layers (signaling, applications, management, and data), all interfaces, and all attack surfaces in an automated manner; deploying secure cloud architecture across the entire development lifecycle, including the “build”, operations, and maintenance stages; and applying different security policies dynamically per different network “slices” to meet respective security needs.
Second, Open RAN can also build upon the security enhancements already enabled by 5G and allow the operator to fully control the security of the network, ultimately enhancing the operational security of their network. The paper describes how Open RAN brings greater visibility to security events; security analytics are distributed throughout the network, creating opportunities for edge-focused analytics that stops malicious traffic from reaching the core network; Open RAN will enhance the ability of operators to integrate new security platforms without implementing custom adaptors for vendor-proprietary protocols and interfaces; and Open RAN can facilitate the complete automation of network management. Finally, innovation and supplier diversity in an open ecosystem will bring forward additional diverse security solutions to address potential threats and mitigate risk.
Standards also play an important role in 5G security and Open RAN, including in the security concepts and activities described above. Standards development organizations, including but not limited to 3GPP, GSMA, ETSI, the O-RAN Alliance, and the Telecom Infrastructure Project (TIP) help grow the ecosystem by enabling new and existing technology providers and wireless carriers to rapidly align on security requirements. Members of the Open RAN Policy Coalition are contributing to the development of standards for the technologies that comprise several unique differentiated security concepts as described in our paper.
The Open RAN evolution has attracted a dynamic ecosystem of carriers, vendors, and suppliers that will enhance innovation, open new markets and enable digital transformation for the enterprises and industries that leverage 5G. While cyber threats continue to pose tremendous risks to carriers, enterprises, and industries, these stakeholders need the confidence that 5G networks and services – including those leveraging Open RAN–have carrier or enterprise-grade security. The Open RAN Policy Coalition is working with all collaborators to enable a secure digital transformation to 5G and unlock its potential to transform industries and give enterprises, industries, and carriers the confidence they need for business transformation.
The Open RAN Policy Coalition hosted an event on the same topic on July 13, 2021, featuring remarks about the role of Open RAN in unlocking the potential of 5G and the importance of security from Mark McLaughlin, Chairman of the Board for Qualcomm Inc. and Evelyn Remaley, Acting Assistant Secretary of Commerce for Communications and Information, along with a panel discussion featuring representatives from a number of our member companies.