5G & Massive IoT Business5G SecurityOpen RAN

Open RAN May Be the Future of 5G, but Can We Keep It Secure?

It’s been a year of contradictions for the telecommunications industry.

Like most sectors, it has been heavily impacted by the consequences of the Covid-19 pandemic, with a slowdown in global 5G roll-outs being a notable result. Geopolitical conflicts have continued to muddy the market, with governments playing a more active role than ever in setting telecoms-centred policy.

At the same time, however, the air is thick with promise and opportunity. Over the last nine months, entire organizations have transitioned to remote working and high-bandwidth video communication. Corporations have accelerated digital transformation initiatives. Online shopping has soared. The appetite for autonomous manufacturing and other aspects of Industry 4.0 has grown.

The telecoms industry has proven resilient and cemented its status as critical national infrastructure. This recognition has raised the already-elevated stakes for governments who see mobile networks as key to national security. And it has made even more urgent the debate about the fastest and safest way to evolve the telecoms ecosystem.

Over the last few years, much of the focus has been on the emergence of 5G, but as this process has evolved a fierce debate has developed around the best way for network operators to implement 5G while remaining sustainable and relevant in a rapidly shifting landscape. Open RAN has been central to these disputes, receiving massive attention from vendors, operators, and policymakers.

This is understandable, the potential benefits of open radio access networks certainly are alluring. But, as with 5G itself, the security of open RAN configurations will need to be considered carefully if we are to harness the technology’s full potential.

Virtual or open?

Virtualized radio access networks (vRAN) and open RAN are both hot topics in the mobile industry for different, but complementary, reasons. Though the two approaches often work in unison, they serve different purposes.

vRAN has its origins in network functions virtualization (NFV) which shifts network architecture from hardware-based to software-based. Similarly, in virtualized radio access networks software is decoupled from hardware and radio access network functions are run on commercial off-the-shelf (COTS) servers.

In both cases, service providers are principally trying to save time and money, firstly by speeding up the deployment of new network services, and secondly by reducing operating costs and capital expenses.

Though vRAN offers rewards in greater efficiency and lower costs, it does not necessarily alter the current infrastructure supply chain. Almost all existing vendors are working on virtualizing their existing products.

Open RAN, on the other hand, represents a dramatic departure from a restricted vendor base. Advocates maintain that it offers telcos a cost-cutting alternative to traditional management of the radio access network, one of the costliest parts of the infrastructure.

Conventional network interfaces do not support interoperability between different suppliers, with the result that operators are locked into closed arrangements with single vendors. Proprietary hardware and software are tightly coupled and closed to adaptation.

Open RAN sees a relaxation of these restrictions. Though such networks generally include virtualization, they are defined by their goal of opening up interfaces within and between the different elements in the radio access network: radio unit (RU), distributed unit (DU), and centralized unit (CU).

An example of the challenges that open RAN is trying to solve can be found in the interface linking radios and signal-processing equipment. Open RAN proponents regard this fronthaul interface, known as CPRI (common public radio interface), as incomplete. Currently, the only way for an operator to deal with this issue is to buy radios and signal-processing technology from the same vendor, usually one of the monolithic RAN suppliers.

In a more open system built on interoperability, that service provider would not be restricted in their choice of hardware or software supplier. They would have greater freedom in how they resolved technical concerns, being able to use one supplier’s radios with another’s processors.

The O-RAN Alliance, a specification group defining next-generation RAN infrastructures, has defined 11 interfaces for open RAN, covering the fronthaul (RU to DU), the midhaul (DU to CU), and the backhaul (connecting the RAN to the core).

These give operators the freedom to mix and match components from a growing number of suppliers, thereby inviting more diversity, competition and innovation into the supply chain.

Why open RAN?

In short, open RAN should offer telcos a more cost-effective and adaptable solution than traditional radio access networks. That’s the commercial reason. However, as trade wars have dragged on and the US-led campaign against Huawei and ZTE has gained momentum, open RAN has taken on political importance.

In the US, for example, it has been identified as a way to circumvent the need for Chinese network hardware, ostensibly eliminating much-publicized backdoor threats. However, a move to open RAN would also buy freedom from reliance on other international suppliers, notably Finnish Nokia and Swedish Ericsson. It is here that political and commercial motives meet.

Conventional radio access network arrangements see operators locked into agreements with a few big vendors who maintain ownership of RAN processes through proprietary equipment and services. It’s what’s been called an “oligopolistic vendor landscape” in which operators have little control, limited insight into RAN security and operations, and a paucity of choice.

While this has always been frustrating for telcos, the crises of the last year have laid bare the risks of persisting with a closed supply chain. Disruptions caused by Covid-19 have exposed a clear need to build supply chain resilience and security through greater supplier diversity. And, in trying times, it has become especially clear how much innovation is limited by restrictions on the telecoms supply chain.

These points underlie a growing wave of open RAN advocacy that envisages a brave new world of greater RAN efficiency, intelligence and versatility. According to the O-RAN Alliance, the radio access networks industry is moving towards “open, intelligent, virtualized and fully interoperable RAN.”

Industry groups like the O-RAN Alliance, the Facebook-initiated Telecom Infra Project (TIP), and the recently-formed Open RAN Policy Coalition are supported by a broad spectrum of stakeholders, including major vendors like Nokia and Ericsson. This appears to spell an acceleration in open RAN adoption.

ABI Research estimates that open RAN will outstrip traditional RAN within the decade, reaching a total market of approximately $30 billion in 2030, compared to $20 billion in the traditional RAN market.

These are not wild projections. Instead, they seem predicated on an already high level of open RAN activity. In Japan, Rakuten Mobile has launched open RAN-based 4G commercial services in urban areas and is currently building its 5G network to O-RAN specifications. Another greenfield operator, DISH, is preparing a significant open RAN network build in the US.

Meanwhile, suggestions that open RAN is only fit for new developments are being put to the test by a growing number of established operators. Telefónica, Deutsche Telekom, Vodafone, Orange, and Turkcell are all working on open RAN deployments.

There are a number of anticipated benefits driving these shifts.

The most obvious is that open RAN widens the supply chain, which is music to free market ears. More suppliers mean more competition at different layers in the hardware and software supply chains, translating into lower OpEx and CapEx for telecom operators.

Interoperability means telcos can ensure that they are making use of best-of-breed components with a reduced chance of vendor lock-in. This flexibility also ensures more progressive network updates and faster ecosystem evolution.

Virtualization and disaggregating hardware from software create a more agile network with lower deployment times and a better ability to scale at pace. New features can be added more quickly for specific use cases, while operators can provide enterprise-level services to support industry 4.0.

Open vRAN also permits edge-centric network architecture. The only site installation setup required is a radio plus power which, when coupled with mini data centres built closer to subscribers, translates into a flexible and scalable footprint that can support low latency applications – just one example of the potency of connection between open RAN and 5G.

Open RAN and 5G

Virtualized RAN may prove critical if 5G networks are to realize their projected performance standards. Cloud-based network functions will not be sufficient – all aspects of the 5G architecture will need to be virtualized in order to fully access 5G’s potential.

In vRAN, functions of the baseband unit (BBU) are enabled virtually through virtual machines (VMs) on centralized servers, while controller functions can be moved closer to the edge of the network. With these expanded options, operators can exercise greater (and more cost-efficient) control over their radio resources.

By separating network functions from the underlying hardware, vRAN enables an agile and dynamic RAN ecosystem characterized by streamlined resource utilization and more responsive deployment of new network services. This will be crucial to the operation of a smooth 5G network.

The O-RAN Alliance paints the picture of a RAN ecosystem based on interoperability and intelligence. It is the second principle, intelligence, that is especially pertinent to 5G networks, which will traffic massive amounts of data created by the internet of things (IoT), high-definition video, AR and VR.

5G will also see the deployment and management of countless virtual applications and their relationships. This will be beyond human capacities; the network will need to be intelligent. Though this kind of intelligence may be satisfied through virtualized networks, it is possibly through the accelerated innovation of open radio access networks that the 5G network will be able to evolve fastest.

For operators deploying 5G on legacy networks, open RAN is a burning question. As shown by Rakuten and DISH, the decision is relatively simple for greenfield deployments – open RAN supports a future-ready, scalable and upgradable software-driven network.

But for brownfield deployments, the considerations are more complex. Should open RAN only be initiated for 5G networks, or across all legacy Gs? What will be the long term impacts on CapEx and OpEx, as well as the operator’s total cost of operation? For many service providers the commitment to 5G may provide an incentive to consider open RAN across all network generations.

Security

Though cost is the primary driver of the open RAN proposition, the debate has also rested on security. And rightly so. With such a strong potential for alignment between 5G and open RAN, the security of more open radio access networks is critical to national security.

This argument has featured strongly in political rhetoric and statements from pro-open RAN organisations. In the US, filings to the National Telecommunications and Information Administration (NTIA) by the Open RAN Policy Coalition and open RAN vendor, Mavenir, have suggested that open RAN is imperative to securing 5G.

Skeptics say such players are motivated by the enormous commercial opportunities that would become available in the widespread adoption of open radio access networks. But the security argument is a strong one.

In closed RAN, operators rely on vendors to maintain security and manage threats like back doors. The ability to respond to these threats is also determined by the efficacy of the vendor’s proprietary technology. The inflexibility of the supply chain limits telcos’ level of RAN insight and responsiveness.

Theoretically, the vendor diversity of a more open RAN could create the conditions for more responsive and dynamic network security. If threats or vulnerabilities are identified, the operator can move quickly to swap out the offending component without having to undertake a costly and extensive rip and replace, of the kind currently being applied to Huawei hardware in the US.

Ericsson has publicly questioned this line of thinking, arguing that “The introduction of new and additional touch points in O-RAN architecture, along with the decoupling of hardware and software, has the potential to expand the threat and attack surface of the network in numerous ways.” The vendor also maintains that the virtualization of network services could contribute to security challenges.

These claims have been rejected by CTOs for Rakuten and Telefónica, for example, who’ve reiterated the belief that open, non-proprietary networks will provide greater network security options. From the operators’ point of view, having 100% end-to-end visibility of the network is advantageous in monitoring security and pre-empting breaches.

Conclusion

Ironically, the greater freedom that defines open RAN could offer a route to tighter operator control, improved accountability and stronger security. The success of this approach will rest on strong standards supported by rigorous 3rd party testing – having the option to swap or upgrade components from multiple vendors is useless if those components aren’t safe.

However, as with 5G, the reality of an expanded attack surface in open RAN is a real concern. Operators appear confident that they will be able to take this challenge on, but their bullish mood remains to be tested.

The spirit of the open RAN movement is a positive one that should lead to a more democratized, innovative, lower cost and, hopefully, safer 5G-driven ecosystem. But the stakes are high and the path is new. We need to balance pioneering zeal with healthy caution if we are to create secure networks that will usher in a new age of global connectivity.

Avatar of Marin Ivezic
Marin Ivezic
Website | Other articles

For over 30 years, Marin Ivezic has been protecting critical infrastructure and financial services against cyber, financial crime and regulatory risks posed by complex and emerging technologies.

He held multiple interim CISO and technology leadership roles in Global 2000 companies.

Related Articles

Back to top button
Share via
Copy link
Powered by Social Snap