The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published a report that details some of the security concerns of Open Radio Access Network (Open RAN), as well as some of the ways to mitigate such concerns.
The assessment, published through the Enduring Security Framework (ESF), details some key concerns of Open RAN as well as how open adoption of this technology will yield in closing security gaps.
“Open RAN is an exciting concept, one that opens up several doors to innovation, improved network performance, and a more diverse and competitive cyber ecosystem,” said CISA Acting Assistant Director Mona Harrington. “However, with those benefits come the potential for additional security concerns. As a community, we must work together to not only identify these concerns but also develop the practices and architecture to mitigate them.”
Some of the concerns that the assessment looked at include the following:
- Multi-vendor management;
- Open Fronthaul connecting radios to base station equipment;
- A new RAN application framework comprising rApps and xApps that uses AI/ML for RAN optimization;
- General network considerations including open source software; and
- A cloud-based 5G core network.
The assessment continues and ends with a positive note in which all of these security concerns can be overcome by adopting these new technologies and giving security and IT experts time to meet these challenges.
“Security considerations always emerge in new open systems aiming for improved cost, performance, and supply chain benefits,” said Jorge Laurel, ESF project director. “Open RAN shares these security considerations too, and, with continuing efforts by the Open RAN ecosystem, they can be overcome.”