Avatar

Many mobile network operators are considering deployment of open, decomposed, and modular radio access networks for 5G advanced wireless networks. The business rationale for adopting this network architecture is evident in light of the current state of the supply chain for network infrastructure. The current pool of vendors for technology in the Radio Access Network (RAN) is not sufficiently diverse to provide the desired levels of competition, innovation, and resilience. Current practice is to use one of a few vendors, who bring-in their own proprietary ecosystems. This limits an operator’s ability to evolve its network in response to future demands. By contrast, the Open RAN concept allows operators to mix-and-match different vendors selecting “best of breed” to align with their goals. They can rapidly test and introduce new features—swapping out technologies as their needs change. The FCC’s virtual Forum on 5G Open Radio Access Networks made it clear that there is strong momentum behind the concept of Open RAN. At the same time, we know that for Open RAN to fulfill its potential, it must meet or exceed the security capabilities of competing approaches.

At the FCC’s forum, a broad range of U.S. government officials, including Secretary of State Mike Pompeo, FCC Chairman Ajit Pai and each FCC commissioner from both political parties that: 1) telecom infrastructure is a national security imperative; and 2) trust in telecommunications infrastructure supply chains is the foundation of security.

So, this begs the question, is an Open RAN infrastructure secure and trustworthy?

Our view is that it can be, particularly if the following criteria are followed: 1) rely on a trusted supply chain with vendors that have established security practices built into their engineering processes and that are transparent about those practices; 2) employ open and standardized interfaces from organizations such as O-RAN and 3GPP; and 3) implement security testing with published well-known test plans at trusted lab facilities.

It is worth contrasting the Open RAN position with the security posture that a “closed” RAN from a “single-ecosystem” vendor can provide. In the case of a single-ecosystem vendor, RAN is delivered monolithically (even if decomposed) as a closed box with interfaces that are not auditable. In the security community, this is called “security by obscurity” and it is most definitely not a virtue. At the FCC conference, Stephen Bye of Dish Network put it in a very direct way: “it is easier to find the cockroaches when the lights are on instead of when they are off,” and I think this is very true. Security in Open RAN is auditable meaning requirements can be tested against—and we can find those pesky bugs.

Skeptics may argue that the security posture of an Open RAN deployment is inherently less secure because “Open RAN increases the threat surface.” I do not think this argument works either. Advances in network security architecture teach us that “zero trust” connectivity attained by applying elements of an auditable software-based security toolkit results in greater scalability and flexibility. Witness the many “borderless” security solutions available today in the enterprise environment. When a network element is identified as being insecure, it is far easier to make a change in a modular inter-operable architecture as compared to a network built from a single-ecosystem vendor.

Investment in security will be driven by needs that change as threats evolve. For instance, traffic over the Internet “in the wild” is rarely trusted and almost always encrypted. But absolute principles and rules do not always exist. Traffic in the backhaul is encrypted or left in the clear depending on whether the underlying transport is trusted. This has been the practice for a long time. In a nutshell, no single security solution applies homogenously to all service providers. After meeting requirements imposed by regulators, each operator will tailor their own security solutions based on their own assessment of exposure weighed against the costs and benefits of competing solutions from trusted vendors. Open RAN implements precisely this kind of flexible tooling.

Where is the Open RAN security toolchain today? I would say it is evolving quite nicely. Fundamental splits in user plane, control plane, and OAM can be made secure following mandatory and optional specifications from O-RAN and 3GPP. These are based on well understood IPsec and TLS capabilities. 3GPP is also publishing Security Assurance Specifications for 4G and 5G (33 series) that can be foundational for test plans. IP security and cloud security tools can be used as needed. For example, trusted platform techniques permit processes to launch only if they are attested not to include any potentially malicious code injections. Attestation can be built into the solution so that trust can be traced and verified to a “root-of-trust”.

There is no doubt that Open RAN changes the threat models for end-to-end mobile networks. Standards definitions organizations such as O-RAN and 3GPP will continue advancing the 5G security toolchain. And predictably, we can continue to expect resistance to Open RAN from single-ecosystem vendors who will advocate that only they can provide “secure” deployments. From a Cisco perspective, we remain focused on advancing Open RAN networks as a secure and trusted alternative to what has been the norm thus far.

The reason this is worthwhile? Open RAN networks are significantly more valuable, cost effective, and yes, also potentially more secure.

For information on Cisco security solutions for 5G, please go to:

https://blogs.cisco.com/sp/5g_secure

https://www.cisco.com/c/en/us/solutions/collateral/service-provider/service-provider-security-solutions/white-paper-c11-742166.pdf



Authors

Eric Wenger

Senior Director, Technology Policy

Global Government Affairs