Open RAN News

CISA and NSA Publish Open Radio Access Network Security Considerations

CISA and the National Security Agency (NSA) have published Open Radio Access Network Security Considerations. This product—generated by the Enduring Security Framework (ESF) Open Radio Access Network (RAN) Working Panel, a subgroup within the cross-sector working group—assessed the benefits and security considerations associated with implementing an Open RAN architecture. Focusing on current designs and specification standards, the ESF Open RAN Working Panel examined how security compares with, and is distinct from, traditional, proprietary RANs.

The Enduring Security Framework (ESF) Open RAN Working Panel conducted an assessment of the security implications of implementing Open RAN as defined by the O-RAN Alliance. This evaluation focused on current designs and how they compare or differ from traditional proprietary RANs. Key areas of focus included multi-vendor management, the Open Fronthaul (connecting radios to base station equipment), a new RAN application framework (rApps and xApps), Artificial Intelligence/Machine Learning (AI/ML) in the RAN, and other general network considerations like open source software, virtualization/cloudification, and distributed denial-of-service.

The panel found that Open RAN shares many security concerns with the Information and Communications Technology (ICT) industrial sector, particularly in areas like applications, open source software, supply chain, and zero trust. To address these, it recommends adopting ICT best practices. Since Open RAN incorporates technologies from 5G core networks, such as multi-vendor core network functions and 5G cloud infrastructures, it would benefit from adhering to established 5G security practices.

The Open Fronthaul network, a key component of Open RAN, is built on IT infrastructure but must operate like a real-time system. This creates challenges in balancing high-speed performance with cryptographic security, while also maintaining cost-effectiveness. Security considerations for Open Fronthaul will vary based on deployment scenarios, including consumer, enterprise, and military applications.

The summary concludes that new open systems like Open RAN, which aim to improve cost, performance, and supply chain benefits, inherently come with security considerations. However, with ongoing efforts and collaboration within the Open RAN ecosystem, these challenges can be effectively managed and overcome.

Full report is available here [PDF]: Open Radio Access Network Security Considerations

Avatar of Marin Ivezic
Marin Ivezic
Website | Other articles

For over 30 years, Marin Ivezic has been protecting critical infrastructure and financial services against cyber, financial crime and regulatory risks posed by complex and emerging technologies.

He held multiple interim CISO and technology leadership roles in Global 2000 companies.

Back to top button
Share via
Copy link
Powered by Social Snap