Just as the Telecom Infra Project (TIP) OpenRAN Project Group opened its FYUZ event in Madrid and published an OpenRAN Release 2 roadmap to show the detailed technical requirements of the communications standard, operator Rakuten Symphony has released its own documentation addressing one of the key issues that could stand in the way of the comms software’s success: security.
TIP member Rakuten Symphony has been at the forefront of OpenRAN development, as well as part of a partnership with Virgin Media O2 to drive OpenRAN services in the UK.
In August 2022, the partners announced that their joint multi-supplier OpenRAN deployment was entering the field phase, commencing with the activation of the first live sites in Virgin Media O2’s commercial network.
The multi-supplier OpenRAN system deployment on macro-sites in the UK is said to be notable for being in a brownfield network and baselined on the existing Telco Cloud supply chain to maximise future synergies.
The company’s new publication, A definitive guide to OpenRAN security, has been released in the wake of what the company said is sustained industry dialogue questioning the security of OpenRAN networks.
The guide details the potential planes of attack and recommended strategies to mitigate risk from a total software system, configuration and operational perspective. It is based on Rakuten Mobile’s Open RAN implementation in Japan, which is said to be the largest such deployment in the world.
The company believes that the information, strategies and principles shared in the guide can form the foundation for secure OpenRAN networks anywhere.
Read more about OpenRAN
- UK operator Vodafone continues its momentum in developing OpenRAN solutions by partnering with Mavenir to create indoor small cell OpenRAN solutions for business customers.
- Leading MENA telco Etisalat makes key move in transforming its network to software-based solution hub unveiling what it says is the MENA region’s first OpenRAN network and a collaboration suite to aid small businesses in the region with their digital transformation journey.
- Communications software and services provider Amdocs opens up 5G Experience Lab to capitalise on a diverse mobile communications partner ecosystem to unlock new applications and services.
The guide fundamentally acknowledges that while risk remains a persistent presence and always will, management, not avoidance, represents the best path forward. It also cedes that OpenRAN security isn’t as simple as relying on interoperability standards. Rakuten Symphony instead advocates for an approach that evaluates industry best practices, collaboration and innovation, and sets the best security and privacy strategies based on individual regulatory and market context.
“Is Open RAN secure? It depends on who you ask, and that is a major problem,” said Tareq Amin, CEO of Rakuten Mobile and Rakuten Symphony.
“Rather than endlessly debate misinformation meant to spread doubt about the security of next-gen networks, we are openly sharing a definitive guide any mobile operator can adopt as the foundation of a successful security strategy for OpenRAN. As these new networks are deployed en masse by new and incumbent operators alike, we want to move the industry past a conversation focused on ‘if’ to a more helpful one focused on ‘how’.”
The guide also reviews security requirements unique to OpenRAN telecom assets, including new infrastructure, network functions, interfaces and critical data. OpenRAN network vulnerabilities and how they can be exploited by attackers are covered in detail before presenting nine security principles that form the basis for Rakuten Symphony’s proposed approach.
The guide then expands into greater detail specific to establishing a secure cloud-native platform for OpenRAN network functions, trust between OpenRAN network functions, secure management of OpenRAN networks and container security.
“3GPP and the O-RAN Alliance provide base blueprints and design principles for securing telco-specific functions and interfaces through security controls which must be implemented by vendors and operators to reach a high level of hacking resistance, in particular for the IT and cloud systems underpinning modern networks,” said Nagendra Bykampadi, head of security architecture and standards at Rakuten Symphony, co-chair of O-RAN Alliance Security Work Group (WG11) and main author of the guide.
“When implementing these controls, vendors and operators can borrow knowledge and experience from related cloud-powered industries, and we are sharing what we know today to help contribute to the global security of new networks.”