YOU ARE AT:Open RANCISA, NSA publish report on O-RAN security considerations

CISA, NSA publish report on O-RAN security considerations

The two agencies noted that the deployment of O-RAN introduces new security considerations for mobile network operators

The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), through the Enduring Security Framework (ESF), have published a paper about the security considerations in regards to the implementation of Open RAN (O-RAN) architecture.

The ESF’s Open RAN Working Panel focused on security considerations for multiple technical aspects of O-RAN: Multi-vendor management, open fronthaul that connects radios to base stations, a new RAN application framework comprising rApps and xApps, the use of artificial intelligence/machine learning (AI/ML) for RAN optimization, and other general network considerations including open-source software, virtualization and a cloud-based 5G core network. 

“Security considerations always emerge in new open systems aiming for improved cost, performance, and supply chain benefits,” said Jorge Laurel, ESF project director. “Open RAN shares these security considerations too, and, with continuing efforts by the Open RAN ecosystem, they can be overcome.”

“Open RAN is an exciting concept, one that opens up several doors to innovation, improved network performance, and a more diverse and competitive cyber ecosystem,” said CISA Acting Assistant Director Mona Harrington. “However, with those benefits come the potential for additional security concerns. As a community, we must work together to not only identify these concerns but also develop the practices and architecture to mitigate them,” she added.

CISA and NSA also noted that some of the security considerations identified in the paper are not unique to Open RAN and exist in current closed RAN deployments, while others are exclusive to Open RAN architecture. 

“The deployment of Open RAN introduces new security considerations for mobile network operators. By nature, an open ecosystem that involves a disaggregated multi-vendor environment requires specific focus on changes to the threat surface area at the interfaces between technologies integrated via the architecture. In addition to addressing security considerations related to integrating components from multiple vendors, service providers will continue to deal with other considerations related to use of open source applications and new 5G network functions and interfaces whose standards are still under development,” the document reads. “Additionally, MNOs will need to address security considerations related, but not unique to Open RAN, such as cloud infrastructure, virtualization, containerization and distributed denial of service (DDoS) attacks.

“The identified security considerations in this assessment are ones present at this point in time, as Open RAN standards are being developed by standards bodies. As standards are developed and adopted by equipment manufacturers, software developers, integrators, and mobile network operators, these security considerations may be mitigated through the adoption of standards and industry best practices,” the paper adds.

The two agencies also noted that security considerations always emerge in new open systems aiming for improved cost, performance, and supply chain benefits.

“Open RAN shares these security considerations too, and, with continuing efforts by the Open RAN ecosystem, they can be overcome,” the report says.

ABOUT AUTHOR

Juan Pedro Tomás
Juan Pedro Tomás
Juan Pedro covers Global Carriers and Global Enterprise IoT. Prior to RCR, Juan Pedro worked for Business News Americas, covering telecoms and IT news in the Latin American markets. He also worked for Telecompaper as their Regional Editor for Latin America and Asia/Pacific. Juan Pedro has also contributed to Latin Trade magazine as the publication's correspondent in Argentina and with political risk consultancy firm Exclusive Analysis, writing reports and providing political and economic information from certain Latin American markets. He has a degree in International Relations and a master in Journalism and is married with two kids.
This Channel is Sponsored By Intel®