Home Blog

Can we afford to keep ignoring Open RAN security?

5G OpenRAN Security

I’m skeptical of ‘futurists’. Work closely enough with the development of technology solutions and you’ll know that the only certain thing about the future is that it’s constantly changing. For example, few ‘futurists’ predicted the Covid-19 outbreak that brought the world to a standstill in 2020. Many, however, had spent hours waxing on about how 5G technology was to change the trajectory of human evolution, telling tales of what would be possible with ultra-high speed, ultra-low latency connectivity. Me included.

Of course, 5G will enable many of these promised use cases, and many others we haven’t even dreamed of yet, but have the prophets been proven true? Has 5G changed the world?

The answer, of course, is not yet. We simply haven’t yet achieved the levels of scale required for 5G to realize its potential, but some aspects of the transition to 5G are going well. Despite a global pandemic, deployment has continued to move at a decent pace with 5G now available in almost 2,000 cities across more than 70 countries. This healthy and continued expansion is made possible by a solid, and constantly evolving, 5G standard.

However, other aspects have moved slower. The cybersecurity provisions of 5G standards have lagged behind in their maturity and fit for purpose, with gaps still remaining to be filled. This is not entirely surprising. Both private and public players face a significant challenge in securing 5G networks, especially with the increased complexity represented by new developments like Open RAN.

As a measure of this challenge, the European Telecommunications Standards Institute (ETSI) only released its first Open RAN standard in September of this year. Even more tellingly, it included no cybersecurity requirements. Open RAN functions are governed by the existing cybersecurity specifications in the 5G standard, but none more.

This is a major concern. Open RAN is likely to become a major part of 5G development in the future and ensuring its security needs to become a priority.

Why the noise about Open RAN?

The Radio Access Network (RAN) is a critical component of any broader mobile network setup. It includes base station equipment, cell towers and radios, which work in unison to convert wireless signals into the various data formats that end users ultimately engage with. The RAN is what connects your devices to other parts of the network, and ensures the wireless signals travelling invisibly through the aether arrive on your device in the form of text, voice or video.

A conventional RAN configuration, as is used in 3G and 4G networks, for example, is built on proprietary hardware and software resources developed by a single vendor. These components are not interoperable – that is, they cannot function in agreement with equipment built by alternative suppliers. This ‘vendor-locked’ arrangement means mobile network operators (MNOs) are limited to the supply schedules and component offerings of their contracted vendor.

Commercially, this arrangement has long favoured the supplier, with operators seeking cost efficiencies and technological agility complaining of their limited options. Security has also been positioned as a major drawback of traditional proprietary infrastructure. This reasoning gained significant traction during the Trump era and drives the Federal Communications Commission’s (FCC’s) ‘rip and replace’ program to do away with network gear from firms like Huawei and ZTE. The security argument against vendor lock-in points to the risks of being tied to suppliers, such as Chinese firms, whose products are suspected of security flaws.

The commercial argument is driving industry change. The O-RAN Alliance, whose specifications underpin ETSI’s standard released in September, is the most influential of a number of bodies campaigning for an “open” network architecture that disaggregates RAN functions, relies on interoperability of network components, and paves the way for MNOs to lower equipment costs and improve network performance through increased competition among network suppliers.

Ostensibly, this diversity of supplier base should encourage greater network security too. A more open RAN architecture should increase transparency across the network, granting operators more freedom and responsiveness in addressing vulnerabilities or incursions in real time. And, where a particular vendor’s products are shown to be compromised, the operator can quickly and easily swap them out for alternatives.

Theoretically, then, market economics should also favour suppliers who are able to deliver superior security. As declared by the DoD, “…this market-based approach represents a sustainable model for accelerating critical 5G innovation while spurring the growth of domestic supply chains based on trusted and secure vendors.”

But in most cases cybersecurity’s relevance to the bottom line is not immediately obvious and commercial motivations stand to win out against security considerations. This friction is not easily apparent when, as in the case of increasing interoperability and supplier diversity, both causes appear to be served by the same course of action.

But, the final test of this union is in the actual selection of those supplier products and services and, beneath that, the reliability and security competence of different vendors. When it comes down to it, can we confidently assume that network operators – which include many smaller local outfits lacking the capital and operational budgets of larger national players – will always choose the most secure option over the cheaper one with more favourable terms?

A key theme here is virtualization. One of the defining characteristics of the move to 5G is the virtualization of network functions previously assigned to hardware. This is not a basic technological development, it is an evolutionary leap. By unmooring network functions from physical hardware we liberate the full potential of integrated technologies like cloudification, edge computing, and AI/ML automation. But this move relies on a shift to a software-driven ecosystem which is inherently more hackable than a hardware-based system that includes software services.

I have previously discussed the significance of virtualization in relation to Open RAN in detail, including the evolution from traditional RAN architecture through centralized (C-RAN) to virtualized (vRAN) and Open RAN (oRAN). The move to a disaggregated and virtualized system offers many operational advantages, which are necessary if we are ever to see the promised benefits of 5G at scale.

But it also increase the attack surface of the network and invites greater complexity in supplier management. The more suppliers there are, the more difficult, time-consuming and expensive it becomes to vet them and their products, while many supply chains cross borders and originate in countries beyond the network operator’s own territory.

Also, the more disaggregated a network is, the more component interfaces there are to act as entry points for malicious attacks. And, when most of these products are either software or software-driven, the challenge increases exponentially, because we need to consider the DNA of the software itself. In a development environment in which so much software is based on open-source code, finding vulnerabilities and attack opportunities becomes considerably more difficult.

While Open RAN only accounts for a portion of the network, it represents a major share of capital investment. This alone should be enough to focus MNO efforts on ensuring Open RAN is a secure system. The increased agility and flexibility promised by oRAN won’t be realised if safety and reliability cannot be achieved. But the challenge is significant. Cybersecurity experts across the world are working at ensuring features like cloudification, virtualization and software supremacy do not open 5G networks to attack, but these are novel technologies and security methods are still evolving. Not only do Open RAN configurations need to contend with these same challenges, which apply to 5G networks more generally, they also have the added pressure of keeping open interfaces, which are unique to Open RAN, safe for the network and, ultimately, the end user.

Most large-scale 5G deployments globally are still likely to implement ‘traditional’ RAN architecture, with very few operators moving assertively towards oRAN in the short term. In the United States, for example, only DISH is deploying Open RAN across its entire network, and even that roll out has been repeatedly constrained by teething problems. So, it appears we still have some time to work out the best way to approach Open RAN security, but this is a new and quickly evolving concept. Development is happening at speed, and at the moment security considerations are not receiving the same amount of attention as commercial promises. The risk that security is left behind is increasing, and the potential fall out could be severe.

Securing Open RAN

By reducing supplier vendor dependency, Open RAN should also reduce cybersecurity risks compared to conventional RAN setups. However, as pointed out by the Network and Information Systems (NIS) Cooperation Group, there are a number of risks that are amplified in Open RAN.

The first issue is one of maturity. Open RAN network design and its concomitant security standards are simply not mature enough yet and rushing into deployment could invite disaster. With the increasing complexity of multiple suppliers and innumerable software sources and combinations, the potential for inadequate security provisions increases.

Furthermore, opening standards for interfaces in the RAN invites a broad diversity of new vendors, thereby increasing competition, which is one of the key commercial incentives for MNOs.  But having more vendors increases supply chain risks, while the quality and security rigour of the components created by these new suppliers is currently unknown. If Open RAN cybersecurity is not more explicitly spelled out in 5G standards, there’s nothing to ensure that new network components will be safe.

In addition to amplified risks, there are numerous potential risks that would be unique to oRAN, the first being a significantly expanded threat surface. One area of focus is the Open Fronthaul, a crucial aspect of oRAN architecture, which, as defined by the O-RAN Alliance, sees the disaggregation of the distributed unit (located in the base station) and the radio unit. Communication between these components will need to happen in real time via interoperable connections, but these real-time interfaces add an extra dimension of potential vulnerability. As suggested by the Cybersecurity and Infrastructure Security Agency (CISA), the Open Fronthaul is specifically vulnerable to DDoS attacks, and the first line of defence is network access control. So, cryptographic security mechanisms for these real-time interfaces become crucial to the integrity of the Open Fronthaul networks, but at the same time these networks “push the boundaries of high-speed performance and the ability of cryptographic security mechanisms to keep up, all while keeping unit deployment and operational costs down.” As a result, “These cryptographic security mechanisms require further industry study and consideration.”

It is in light of concerns around Open Fronthaul that the recent ETSI announcement of its first 5G standard is especially disappointing. That standard is specifically formulated for Open Fronthaul and would have been an ideal opportunity to set the bar for security of fronthaul networks, yet there were no such specifications. The concern, of course, is that this instead sets the tone for a mode of release in which commercial expediency (getting standards to market to allow for development of hardware and software components) outpaces security considerations.

Another development specific to Open RAN is in the form of network automation applications known as rApps and xApps, which further expand access by allowing different vendors to contribute to the RAN app ecosystem. The EU Open RAN security report correctly points out that these new functions will “require additional security controls and measures to be put in place between each and every function to avoid new security threats being introduced.”

These applications will initially be used to manage AI/ML operations in the network, though these AI/ML functions will themselves be new potential attack vectors. AI/ML algorithms are also susceptible to “data poisoning attacks” in which corrupted or misleading data is fed into the system, causing the algorithm to make false assumptions and move into chaotic or unpredictable behaviour. However, securing such algorithms against data poisioning is still a fairly new area of study.


With its disaggregated structure that allows for multi-vendor engagement in a more competitive landscape, Open RAN is an extremely promising area of development in 5G technology. However, by raising the number of suppliers providing an increased number of products and services in a larger number of categories, the complexity of an oRAN network will far exceed that of its predecessors.

Will MNOs be equipped to implement these new infrastructures in a way that keeps networks and their users safe? With the support of standards bodies committed to delivering robust and secure guidelines, there’s no reason this shouldn’t be possible. Until now, industry associations and authorities have been clear and confident about the need to employ best practices in making sure Open RAN networks are secure.

But we have seen little in practice.

Tremendous amounts of energy and resource are being invested in building out 5G standards for global network deployment. The time to include cybersecurity provisions in those standards is now.

RAND publishes “Securing 5G – A Way Forward in the U.S. and China Security Competition”

RAND Securing 5G

RAND Corporation just published a new research report: “Securing 5G – A Way Forward in the U.S. and China Security Competition.”

The report examines 5G security issues, the 5G supply chain, and the competitive landscape in 5G equipment. It describes where U.S. or Chinese companies have technology or market advantages in the emerging 5G security competition between the United States and China and provides recommendations for securing U.S. 5G networks.

The report correctly views the 5G competition through three intertwined dimensions: economics, technology, and security. However, it is primarily framed in terms of the 5G security competition between the United States and China; with Huawei singled out as a CCP-controlled agent. The authors outline a number of alleged instances of Huawei-led espionage and use that to highlight the risk of Chinese espionage as the main 5G security risk.

It is a bit disappointing that always excellent RAND researchers framed the issue in such a shortsighted way. My two main problems:

5G networks will eventually transport lots of of critical infrastructure traffic. More than just espionage, the key risks have to be related to malicious actors achieving cyber-kinetic impacts by abusing the 5G network access to achieve remote access to critical infrastructure and/or compromise the integrity of sensor and control data.

Those that only evaluate cybersecurity risks based on previous incidents, will always be defeated by adversaries with more imagination and patience – those that might be positioning themselves today for exploits eight years down the line.

Singling out and banning Huawei might make sense for the US from technology independence and economic points of view. However, it is a mistake to consider 5G security risks only as a “Huawei issue”. By removing Huawei we might achieve a false sense of security. This is a whole-of-hardware-and-software-supply-chain issue and we have to develop tools and processes to assess and reduce backdoor and front-door risks independent of who the supplier is.

The report is available here: https://www.rand.org/pubs/research_reports/RRA435-4.html

NIST publishes draft of 5G Cybersecurity Practice Guide

NIST 5G Cybersecurity

National Cybersecurity Center of Excellence (NCCoE) of the U.S. National Institute of Standards and Technology (NIST) just published the second portion of a preliminary draft practice guide for “5G Cybersecurity” – Special Publication SP 1800-33B 5G Cybersecurity – Volume B: Approach, Architecture, and Security Characteristics. This volume is intended for technology, security, and privacy program managers who are concerned with how to identify, understand, assess, and mitigate risk for 5G networks.

This comes 14 months after NCCoE published the first volume in the series: SP 1800-33A 5G Cybersecurity Volume A: Executive Summary.

SP 1800-33B 5G Cybersecurity – Volume B: Approach, Architecture, and Security Characteristics describes example implementations of cybersecurity practices that organizations may voluntarily adopt.

The publication describes a standalone 5G network that NIST’s National Cybersecurity Center of Excellence (NCCoE) is constructing for the purpose of demonstrating 5G cybersecurity capabilities in different situations. Described solutions contain approaches to secure 5G networks through a combination of 5G security features and third-party security controls. It describes technical security capabilities NCCoE enabled in the first phase of this project, and related threats and vulnerabilities.

In this first phase the focus is on addressing known security challenges that existed in previous-generation networks. There are additional security capabilities on the project team’s roadmap that will be incorporated in future project phases.

The public comment period is open through June 27, 2022

SP 1800-33B is available here: https://csrc.nist.gov/publications/detail/sp/1800-33/draft

Introducing Society 5.0

Securing Society 5.0
Securing Society 5.0

Self-help authors and politicians seem to agree on at least one thing: mindset matters. The shelves of bookstores worldwide are awash with motivational books by evangelical writers hoping to convert readers to their gospel of optimism. The central thesis is simple: success depends on approaching life, especially its challenges, with a positive outlook.

Politicians and leaders have always appreciated the power of mindset, though less of the positive kind, as attested to by a history of propaganda that dates back to at least 500 BC. More recently, as Covid-19 spread across the globe, language in public discourse showed itself to be carefully selected to shape national mindsets. War metaphors, specifically, became the favoured way of talking about the virus that was, despite its many negative consequences, still just a virus, not a sentient foe.

Donald Trump declared himself a “wartime president”, leading the US in a campaign against an “invisible enemy.” UK Prime Minister, Boris Johnson, also named the virus as an “enemy” that was being fought by his “wartime government.” His chancellor, Rishi Sunak, and his Health Secretary, Matt Hancock, kept to the same script, naming the “war against this virus” as the greatest fight “in peacetime” the country had ever faced. Italian Prime Minister, Giuseppe Conte, referenced the speeches of Winston Churchill, describing the pandemic as “our darkest hour.” Even António Guterres, Secretary-General of the United Nations, felt compelled to announce, “We are at war with a virus.”

There is nothing particularly new in all of this – the language of war has long been used as a tool to reliably “express an urgent, negatively valenced emotional tone that captures attention and motivates action.” Yet, in the case of the Covid-19 pandemic, it is useful to contrast popular war-themed rhetoric with a more embracing perspective.

Dr. Yuko Harayama is the Executive Director for international affairs, communication, and diversity at RIKEN, Japan’s largest research organization for basic and applied science. When asked about the impact of the coronavirus emergency, Harayama replied,

After the pandemic, we have to foresee a future where humans are not dominating everything; humans are just one part of nature. We should not be arrogant to say we’ll dominate coronavirus.”

Harayama’s measured response says a lot about the way she sees the interaction between humans and the world around them. It also says a lot about Society 5.0, behind which Harayama was the driving force during her time in the Cabinet Office of Japan, where she was an executive member of the Council for Science, Technology and Innovation.

Society 5.0 is the vision of a future in which humans and machines “co-create” the solutions to societal problems by integrating cyberspace and physical space. First proposed in Japan’s 5th Science and Technology Basic Plan as a future that the country should aspire to, Society 5.0 represents the next step towards a more successful human collective.

Rather than simply using technology to improve our means of production, this plan is intended to create a new social contract and economic model by fully integrating cutting-edge technological innovations into our social fabric. In the words of Shinzo Abe, the Japanese Prime Minister under whose administration the vision was launched, Society 5.0 sets “a new definition for machines.” Leveraging advanced robotics, AI, cloud computing, next generation connectivity, and big data, Society 5.0 is intended to liberate machines of their narrow functions in industry and society. Instead, they will become active problem solvers and evolutionary enablers.

According to researchers at Hitachi-UTokyo Laboratory, a partnership between The University of Tokyo and Hitachi, the realisation of this view will also require us to reframe two kinds of relationships: the relationship between technology and society and the technology-mediated relationship between individuals and society. This is a crucial point because it highlights the human-centric nature of Society 5.0, a quality that neatly distinguishes it from the fourth industrial revolution.

Beyond 4IR

We are in the emergent stages of the fourth industrial revolution (4IR)–a reimagining of production through the digitization of manufacturing.

The first industrial revolution employed steam and water power to improve output. The second used electricity to do the same. The third industrial revolution used computers and automation to accelerate production.

4IR, or Industry 4.0, builds on the power of computerized automation by introducing machine and systems autonomy. Through wireless networks of sensors, receivers, and processors, vast amounts of manufacturing data are collected and processed by artificial intelligence, currently of the “narrow” or “weak” kind.

These autonomous arrangements of physical and virtual computing elements are effectively capable of learning in real-time. They continuously improve production processes, making decisions based on super-fast analysis of live and historical data collected from the production environment.

The first industrial revolution reduced the need for human labour. The second increased efficiency by mechanizing large production lines. The third used computers to automate these processes even further, but still required humans to manage production.

The fourth industrial revolution goes further to make human intervention in production applications almost redundant. Smart factories, for example, are independent cyber-physical systems in which people are necessary only for specialized jobs, machine maintenance, high-level network management, and strategic guidance.

However, society 5.0 is something different from Industry 4.0. In the words of the Japanese Cabinet Office, “This is a society centered on each and every person and not a future controlled and monitored by AI and robots.” It is a human-centred proposition that seeks to use the same relationships between cyberspace and physical space to solve social problems.

The fourth industrial revolution relates specifically to commerce and manufacturing through better use of machines, but the non-commercial consequences of 4IR are often overlooked.

What, for example, will be the societal effects of 4IR?

As AI and automation make many human jobs redundant, what will be the impact on the nature of work, communities and social structures?

What will happen to economies as medical improvements lead to an aging population?

What will happen to the environment as human production and consumption continue to grow?

These are wicked problems, even though they are the result of largely positive trends towards more widespread human wellbeing. And they would not be vexing us were it not for technology.

Of course, this does not make technology bad, or even good–it is agnostic–but it does raise the question: if we used technology to get ourselves into these dilemmas, can we use it to get ourselves out?

The notion of Society 5.0 is an emphatic ‘yes’ to that question. It is a proposal for humanity’s next evolutionary step. According to the Japanese government, this would be the 5th stage of human society. Initially (Society 1.0), we organized ourselves in small groups or tribes of hunter gatherers, living off the natural output of the land. Then, through horticulture and agriculture (Society 2.0), we used tools to harness the growing potential of the earth, giving us more control over our food production. Society 3.0 saw us move into the industrial era, and Society 4.0 represents the information age we are living through now.

Society 5.0 assumes that, through a high degree of convergence between cyberspace and physical space, we can achieve a forward-looking society in which each and every person can lead an active and enjoyable life.

New solutions for new problems

The pace and extent of globalization have meant that new challenges have emerged that were either not anticipated, or at least not expected for some time to come. And, having a more integrated world means having more integrated problems that are more difficult to solve.

Sustaining economic growth while reducing income inequality and environmental degradation; improving the welfare of an aging population while ensuring opportunities for the youth; providing for more people using limited resources; slowing down, stopping, and then reversing the effects of climate change: these are wicked problems, but Society 5.0 represents an integrated approach to tackling them through multiple domains.


An increase in global life expectancy has been one of the great achievements of medical progress over the last two hundred years. According to World Bank data, average life expectancy at birth across all countries increased by more than 30 years between 1960 and 2019 alone. In the late nineteenth and early twentieth centuries, this trend was largely due to improvements in living conditions (especially sanitation), education, and advances in medical treatments like vaccines and antibiotics. These factors helped reduce early to mid-life mortality, but since the later parts of the twentieth century, rising life expectancy has been principally attributed to lower mortality later in life. Quite simply, the average human has been living longer. However, this has not necessarily been positive.

The WHO reports that, in the first two decades of this century, life expectancy around the world rose by an average of 6.6 years. Healthy life expectancy (HALE) also rose by 8% during the same period, though this was not due to reduced years living with disability. Instead, increases in HALE were attributed to declining mortality rates. People have been longer but not living longer well.

This discrepancy places a burden on societies and economies, an effect that is particularly pronounced in richer nations. In the 24 countries classified as high income by the World Bank, people aged 25 to 59 earn more than they consume, while the elderly do the opposite. Inevitably, as a population’s life expectancy increases, the cost of social support rests more heavily on working-age citizens, while pressure on government budgets grows. Quite simply, an ageing population puts economic strain on society as a whole.

It’s not surprising, then, that the original idea for Society 5.0 originated in a country like Japan, where life expectancy is higher than anywhere else on earth and a third of the population is 60 years or older.

However, as medical technology and social support structures across the world improve in quality and affordability, more and more nations will face the challenges of having an aging population. These include increasing medical and social security expenses, and the demands of caring for the elderly.

In Society 5.0, wearable medical devices will allow health and physiological data to be captured, uploaded and analyzed remotely, permitting early (AI-driven) detection and diagnosis of illness. Medication and healthcare services will be delivered by drone and autonomous vehicles, giving elderly people in rural areas equal access to quality healthcare. Robots and AI will assist in giving elderly citizens living support, even offering them the conversation and companionship that is critical to greater mental health.

In combination, these results will lessen the burden on public healthcare systems, lowering the need for hospital visits and improving the accuracy and efficacy of diagnoses and medical prescriptions.

Smart cities and mobility

In 2009, for the first time, the number of people living in urban centres globally surpassed the number living in rural areas. Though a significant moment, this was simply a milestone in a steady rise in urbanisation that saw the world’s urban population increase six-fold from from 751 million in 1950 to 4.2 billion in 2018. By 2030, that number is expected to top 5 billion. By 2050, an estimated 68% of the world’s population will live in cities.

The pressure that this urban growth is placing, and will continue to place, on infrastructure and resources is immense. Smart technologies will be critical to the success of these cities in managing the complex challenges created by having so many people in limited spaces: problems like waste management, energy management, water and power management, connectivity, public safety and security, transport and logistics.

In Society 5.0, the urban cohort of the world’s citizenry will be defined by an open embrace of cyber-physical technologies – by necessity and for pleasure. Cities will no longer be the traditional bricks and mortar environments we have been accustomed too. They will become cyber-physical realms built on data as much as concrete and glass.

This data will be collected and distributed by vast networks of sensors and processors, feeding AI-driven decision-making on the back of next-generation connectivity. In the cities of Society 5.0, no area of human activity will be left untouched by smart technologies.

While other aspects of the Society 5.0 vision still reside in the future, the evolution of smart cities is already well underway. Early adopters in Europe included Barcelona and Amsterdam, with Copenhagen, Dubai, Hamburg, Nice and Singapore quickly following suit. In North America, New York, Chicago, Miami, San Francisco, Kansas City and Montreal are also examples of cities implementing smart city initiatives.

While living in Singapore, Marin was fortunate to work on many of the city’s “Smart Nation” programs, learning first-hand how such projects incorporate technology across transport, health, home, and business to create a network of interconnected digital experiences that enhance citizen’s lives and optimize their work and play.

China has aggressively developed smart cities, which monitor and seek to address common urban challenges like pollution, traffic congestion and widespread energy consumption through connected technologies. The government’s 12th Five-Year Plan announced in 2013 included the development of 103 smart cities, districts and towns.

Less radical and more pragmatic is India’s “Smart City Mission.” Initially investing in 90 cities to develop smart capabilities, this evolving, layered system solves specific issues such as clean water while organically developing smart integrations over time.

In the US, the “Smart City Challenge“ saw more than 78 cities across the country enter the inaugural challenge focused on tackling 21st Century transport issues. Through shared innovation and intelligence the program nurtured ideas for an “integrated, first-of-its-kind smart transportation system that would use data, applications, and technology to help people and goods move more quickly, cheaply, and efficiently.”

On the opposite end of the scale, depopulated rural areas of the future will have fewer public transport options or none at all. In these regions Society 5.0 will see the provision of autonomous public services, including driverless taxis and buses for public transport, drone-based distribution and delivery services, and digital support for mental and physical wellbeing.


As with individuals’ health, social care for public infrastructure and services will become proactive in Society 5.0. This move will be the backbone of civil management in smart cities.

Installations like roads, buildings, tunnels and dams will be monitored by sensors supplying a continuous feed of data. This information will allow preemptive maintenance and efficient deployment of technicians with specialized skills.

As a result, accidents will be minimized, time and resources spent in construction and repair work will be reduced. Safety and productivity will increase.


A declining rural population worldwide is leading to a labor shortage in agriculture, This, in a sector that is under increasing pressure to raise production while working against the challenges of more extreme climate patterns.

In Society 5.0, AI analysis of big data, such as meteorological data, crop-growth data, market conditions, and food trends and needs, will lead to hyper-efficient agricultural management.

These “intelligent” data-based decisions will be carried out by autonomous farming vehicles and machinery. From soil preparation to crop collection to seed planting, robots, drones and driverless farm equipment will take over many traditional farm labor roles.

The world population is expected to reach 9 billion by 2050. Only through AI and machine-optimized agricultural management will we be able to feed so many people.

Disaster prevention and response

As we see more examples of extreme weather around the globe, the future value of predictive climatological and geological information is becoming clearer and clearer.

As Society 5.0 unfolds, data acquired from terrestrial weather radar, satellites, geological sensors, drones and public observation systems will become invaluable. Processed in real-time using AI, this information will deliver those precious minutes or hours’ warning of impending disaster that can save lives.

Widespread access to mobile networks will allow safety and prevention broadcasts to be disseminated directly to end users, while devices can be used to geolocate individuals in trouble.

To those trapped by environmental disasters, relief and rescue materials can be delivered by drones, which will also be able to feed back video footage of victims’ state of wellbeing.


In a world of 9 billion people, much of the competition for resources will effectively be a competition for energy. Optimal energy creation and management will be crucial to a harmonious society.

As energy production moves more towards green alternatives like wind and solar, weather plays a more important role. Analysis of weather data and accurate prediction of weather patterns will a key aspect of reliable electricity manufacturing.

Big data processing by AI will also optimize electricity flows across the grid to meet vacillations in demand and supply. This will be particularly important in smart cities where responsive systems in buildings and public locations will manage energy down to the minute, and most forms of transport will become electric.


Though the Japanese Government was the first to formally use the term “Society 5.0,” we envisage a broader reach than that originally defined. We have borrowed it for this book because it speaks to the inclusivity we anticipate for a world in which the cyber and physical are fully integrated.

To that end, any catalogue of potential domains to be influenced by the advances of Society 5.0 must include an “Other,” simply because there will be no aspect of human endeavour that will go untouched. We could speak here of shipping, international travel, space travel, environmental management, genetics, arts and entertainment, sports – the list is endless.

Convergence with caution

The true power of Society 5.0 will lie in its degree of integration. As Shinzo Abe said, in Society 5.0 “we must cherish connectedness, above all else.” The more the cyber and physical worlds are combined, the greater the benefits we will experience.

However, the same is true of cyber threats. The more technology is incorporated into every corner of our social being, even our physical being, the greater the risk to our personal and collective safety.

Society 5.0 is built on an intricate network of sensors, devices machines and systems–a vast internet of everything. Each of these components broadens the cyber attack surface, but also elevates the stakes in the case of fallout.

When technology is woven into the tapestry of all we do, it is not hard to see the potential dangers. Autonomous vehicles, AI-operated public transport systems, fleets of drones, critical disaster prevention processes–these can all be hacked.

That is true today, but, as we will explore in detail on Part 5 of this book, the difference in Society 5.0 is that all relationships are cyber-kinetic. Virtual events have physical results. People get hurt. Or worse.

O-RAN Alliance Announces Release 002 of O-RAN Minimum Viable Plan

Samsung 5G Core - Evolution path towards 5G NSA + SA + WiFi

The O-RAN Alliance is a relatively new standards association that’s focusing on creating open connections between various networking elements within 5G.

The alliance just announced its new “Release 002” batch of specification that includes 40 ORAN specifications published since November 2021 including:
ORAN R1 interface: General Aspects and Principles v1.0

ORAN A1 interface: Test Specification v1.0

ORAN Acceleration Abstraction Layer HighPHY Profiles v1.0

ORAN Security Tests Specifications v1.0

and another 36 technical documents that have been updated with extensions and new features.

The alliance published a lengthy post outlining all new improvements https://www.o-ran.org/blog/2022/04/06/o-ran-alliance-introduces-40-new-specifications-released-since-november-2021

US DoD offering up to $3 million to help make 5G more compatible


The United States Department of Defense (DoD), in collaboration with the National Telecommunications and Information Administration’s (NTIA) Institute for Telecommunication Sciences (ITS), announced today the launch of the 5G Challenge Preliminary Event: RAN Subsystem Interoperability. This competition aims to accelerate the development and adoption of open interfaces, interoperable components, and multi-vendor solutions toward the development of an open 5G ecosystem.

DoD has started significant investments in 5G since it wants to create data-centric weapons systems that are able to communicate with each other. Through this and other related challenges it is trying to create a vendor community that will help DoD build a true plug-and-play environment with 5G.

The contest is will award up to $3 million to participants with hardware or software solutions.

For more information see the DoD press release: Department of Defense and NTIA Launch 5G Challenge to Accelerate Development of Open 5G Ecosystem

New report: Skills gap threatens future of 5G and open RAN

GlobalData 5G Mobile Core Disruptors

New report from Eightfold AI – What Telecoms Need to Build a Future-Ready Workforce – outlines how telecoms can strengthen talent readiness to accelerate innovation and new offerings

The report contains the findings and insights from the Eightfold Talent Intelligence Platform, a deep-learning platform powered by the largest global talent dataset, to determine talent readiness for addressing innovation trends in the telecommunications industry.

For this analysis of talent in the telecommunications industry, Eightfold analyzed approximately 500,000 publicly available profiles from top telecoms.

With a constantly evolving skill mix due to automation, emerging technologies, and new business models, familiar telecom roles are undergoing a transformation of their own. The analysis by Eightfold found that:

  • Many of the most common roles and skills are not currently addressing innovation trends. When it comes to technician roles including Switch Engineers, Network Technicians, Network Administrators, and BSS Engineers, 33 percent of the top network engineering and operations roles are not yet equipped with future skills to address trending innovations.
  • However, by evaluating skills adjacencies, these common network engineering roles can follow alternative career paths to transition into rising roles such as Cyber Security Engineers, Cloud Engineers, and Performance Engineers.
  • While the industry is better positioned to build out capabilities for cloud and edge computing as well as big data, the analysis identified the industry’s lowest talent readiness is in areas such as 5G and Open RAN.
  • Telecoms have a short window of one to two years to build 5G capabilities, as providers accelerate 5G expansion and even prepare for 6G capabilities that will contribute to making emerging trends like the metaverse phenomenon a reality.

“Speed and scalability are everything in the race to deliver the next big thing. This sense of urgency is only compounded by the fact that telecoms constitute a backbone for all other emerging technologies to function and evolve,” said Kamal Ahluwalia, President of Eightfold AI. “Now is the time to upskill the existing workforce, build a skills-based employee experience, and attract the brightest minds in the industry that will accelerate this digital reinvention for telecoms.”

Eightfold Talent Insights Report is available here: What Telecoms Need to Build a Future-Ready Workforce

OIC-CERT promotes its 5G security framework as GISEC


OIC-CERT is the the Computer Emergency Response Team of The Organisation of Islamic Cooperation. I’ve been following their excellent efforts around 5G security for a while and was glad to see how seriously they are taking it.

For example, about a year ago OIC-CERT published “Achieving 5G Security through Open Standards“. The organization also recently held a 5G Security Framework Workshop

And now it has started rolling-out of the OIC-CERT 5G Security Framework Adoption at GISEC, the Middle East and Africa’s most influential and connected cybersecurity event.

The framework (in progress) is available here: https://www.oic-cert.org/members/index.php/cyber-security-landscape/feeds/10-cyber-threats/32-5g-security-wg

I will continue monitoring their efforts with interest.

For more information see the press release on Zawya: OIC-CERT 5G security framework

CSIS publishes study “The Two Technospheres”


The Center for Strategic and International Studies (CSIS), a Washington, D.C.-based think tank, published an interesting study on the cybersecurity implications of the “decoupling” of Chinese and Western technology spheres and warns of more aggressive offensive cyber operations to come.

The study, “The Two Technospheres: Western-Chinese Technology Decoupling: Implications for Cybersecurity” focuses on digital decoupling—establishment of two “technospheres”, one driven by China and the other by companies and governments in Western nations. The study finds that technology decoupling is rapidly progressing with impacts on various sectors varying depending on how heavily they intersect with national security and personal privacy concerns. This has become a central aspect of managing national and global cybersecurity, also affecting economic competition, trade, and geopolitics.

Interestingly for a Washington report, the study acknowledges that unaligned states might see Western technologies as posing equal risk as Chinese technologies and that those concerns should be addressed proactively.

On the other hand, the study fails to take into account some other core differences driving the decoupling. For example, in China the focus is relatively higher on the cognitive effects information produces. Something that is generally ignored in the West. While the Western companies and governments are prioritizing free exchange of information, Chinese model advocates stronger national controls of information space. I previously wrote about some of that here https://cyberkinetic.com/disinformation/zombification-information-security/.

The study is available here: https://www.csis.org/analysis/two-technospheres

ENISA publishes NFV Security in 5G report

ENISA NFV Security in 5G

The EU Agency for Cybersecurity (ENISA) continues its excellent effort on 5G security by issuing a report with suggested good practices for the secure deployment of Network Function Virtualisation (NFV) in 5G networks.

The report identifies some 60 security challenges for NFV, which it groups in seven categories:

  1. Virtualisation or containerisation;
  2. Orchestration and management;
  3. Administration and access control;
  4. New and legacy technologies;
  5. Adoption of open source or COTS;
  6. Supply chain;
  7. Lawful interception (LI).

It analyses the relevant security controls and recommends 55 best practices to address these challenges, across technical, policy and organisational facets.

Some of the main issues identified are ensuring the security of the virtualisation layer, to protect the rest of the network; avoiding breaches through server sharing; vulnerabilities from adopting open-source software; and increased security complexity through multi-vendor networks.

Like everything else from ENISA, the report is free. You don’t even have to enter your email address.

ENISA press release: Tackling Security Challenges in 5G Networks

ENISA NFV Security in 5G Report

Vodafone’s 5G network in Portugal hit by cyber-attack

Vodafone Portugal

The attack, discovered on Monday night, impacted the 4g/5g network, TV, voice services, and SMS services provided to more than seven million people. While the company was able to restore 3G services, others remained impacted. It even affected the ATM network of some large banks connected to the Vodafone 4g network.

Vodafone called the incident “a deliberate and malicious attack intended to cause damage.”

Mário Vaz, CEO of Vodafone Portugal, said in a statement that “our absolute priority is the restoration of our services. Our technical teams have been working non-stop from the moment this attack was found to reset the operation.”

For more information see: Cyberattack on Vodafone paralyses Portugal

US FCC asking $5.6B to replace Chinese networking equipment


The US Federal Communications Commission (FCC) Chairwoman is asking $5.6B from Congress seeks to reimburse carriers for removing and replacing insecure 5G networking equipment – those made by banned Chinese vendors Huawei and ZTE.

Congress had initially set aside $1.9B for the replacement program under The Supply Chain Reimbursement Program created by the Secure and Trusted Communications Networks Act. However, after FCC received 181 applications from carriers, the total cost has been estimated to $5.6B revealing a shortfall of $3.7B.


EU auditors issue a report on delays and security risks in the rollout of 5G networks

5G EU Report

The EU Court of Auditors issued a special report “5G rollout in the EU: delays in deployment of networks with security issues remaining unresolved” in which EU auditors are raising an alarm.

According to the report, 5G services are seen as essential for a wide range of innovative applications which have the potential to transform many sectors of our economies and improve citizens’ daily lives. 5G is therefore of strategic importance for the entire single market.

However, the majority EU member states are not on track with the deployment of their 5G networks and lack a common approach to security concerns.

Report’s key recommendations to the European Commission include:

  • promote the even and timely deployment of 5G networks within the EU;
  • foster a concerted approach to 5G security among Member States; and
  • monitor Member States’ approaches towards 5G security and assess the impact of divergences on the effective functioning of the single market.

The report is available here [PDF]: 5G rollout in the EU: delays in deployment of networks with security issues remaining unresolved”

NSA and CISA Release Part IV of Guidance on Securing 5G Cloud Infrastructures


The US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) recently released the first of a four part series titled Security Guidance for 5G Cloud Infrastructures. This series of four action-oriented documents is intended to provide guidance on how to move toward zero trust in support of securing 5G. It’s been created as a joint industry and government effort with the support of several large contributors through the NSA’s Enduring Security Framework (ESF).

This final release in the series is titled Security Guidance for 5G Cloud Infrastructures – Part IV: Ensure integrity of Cloud Infrastructure [PDF] with the focus on ensuring that 5G cloud resources (e.g.,container images, templates, configuration) are not modified without authorization.

For more information see the release on the CISA website: https://www.cisa.gov/uscert/ncas/current-activity/2021/12/16/nsa-and-cisa-release-final-part-iv-guidance-securing-5g-cloud

The guidance is available here [PDF]: Security Guidance for 5G Cloud Infrastructures – Part IV: Ensure integrity of Cloud Infrastructure

All the guidance papers and other useful information will be available at the CISA’s 5G Security and Resilience page or at the NSA’s Enduring Security Framework (ESF) page.

NSA and CISA Release Part III of Guidance on Securing 5G Cloud Infrastructures


The US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) recently released the first of a four part series titled Security Guidance for 5G Cloud Infrastructures. This series of four action-oriented documents is intended to provide guidance on how to move toward zero trust in support of securing 5G. It’s been created as a joint industry and government effort with the support of several large contributors through the NSA’s Enduring Security Framework (ESF).

This third release in the series is titled Security Guidance for 5G Cloud Infrastructures – Part III: Data Protection [PDF] with the focus on ensuring that network and customer data is secured during all phases of the data lifecycle (atrest, in transit, while being processed, upon destruction).

The guidance covers:

  • The Platform must support confidentiality and integrity of data atrest, intransit, as
    well as related metadata.
  • The Platform must support confidentiality and integrity of processes and restrict
    information sharing with only authorized parties (e.g., tenant).
  • The Platform must support confidentiality and integrity of processrelated metadata
    and restrict information sharing with only authorized parties (e.g., tenant)
  • The Platform must support confidentiality and integrity of workload resource
    utilization (RAM, CPU, Storage, Network I/O, cache, hardware offload) and restrict
    information sharing with only authorized parties.
  • The Platform must not allow memory inspection by any actor other than the
    authorized actors for the Entity to which Memory is assigned (e.g., tenants owning the
    workload), for Lawful Inspection, and by secure monitoring services

For more information see the release on the CISA website: https://www.cisa.gov/uscert/ncas/current-activity/2021/12/02/nsa-and-cisa-release-part-iii-guidance-securing-5g-cloud

The guidance is available here [PDF]: Security Guidance for 5G Cloud Infrastructures – Part III: Data Protection

All the guidance papers and other useful information will be available at the CISA’s 5G Security and Resilience page or at the NSA’s Enduring Security Framework (ESF) page.

Most popular articles this week