Policy experts discuss open RAN security issues: Special Report

privacy security lock
One strong validation of open-source code in telecom networks is that the U.S. Defense Advanced Research Projects Agency is using it. (Getty Images)

Open radio access network (RAN) technology has become so high-profile that the Biden administration mentioned it in its official dealings with the leaders of Japan and S. Korea.

In April when President Biden met with Japan’s Prime Minister Yoshihide Suga, the White House issued a release summarizing all the ways the two countries would collaborate. The first item on the list was to “Advance secure and open 5G networks, including open radio access networks (“open-RAN”), by fostering innovation and by promoting trustworthy vendors and diverse markets.”

In May when Biden met with S. Korea’s President Moon Jae-in, the White House issued another press release, which said the two countries would “Recognize the importance of secure 5G and 6G networks, commit to supporting diverse and resilient supply chains, including innovative network architectures such as open-RAN technology, and commit to work together on open-RAN technology development and standardization issues.”

Since when has a radio technology gotten such global attention, and not just from techies?

Some prominent policy folks, including former FCC Commissioner Michael O’Rielly, will be discussing the topic at FierceWireless’ upcoming Open RAN Summit, September 8-9.

O’Rielly, who is now a strategic advisor at MPORielly Consulting, said, “Open RAN holds a lot of promise for efficiency, security, choice and competition.”

Security

One of the main drivers of open RAN has been national security in telecommunications networks. This came to top of mind in early 2018 when the Trump administration began its crusade against the Chinese telco vendors Huawei and ZTE.

Around the same time, a group of service providers — AT&T, China Mobile, Deutsche Telekom, NTT DOCOMO and Orange — founded the O-RAN Alliance. The goal of the O-RAN Alliance is not necessarily related to security. According to its website, its mission is “to re-shape the RAN industry towards more intelligent, open, virtualized and fully interoperable mobile networks.”

RELATED: Open RAN gets real, especially in second half of 2020

However, politicians have jumped on open RAN as a solution to expunge Chinese gear from telecom networks to make them secure from the prying eyes of China’s government.

O’Rielly is a big proponent of open RAN, but he would rather have the telecom industry and government focus on open RAN as a way to quickly advance 5G, which he thinks is the top priority.

In terms of security, he said open RAN might actually create “a less secure environment” at least in the short term. “You’re introducing a number of software and hardware components from multiple vendors that may not work well together,” he said. “An end-to-end system can in some ways be more secure. In the short term you can leave yourself having some exposure.”

Others have pointed out that open RAN might not be secure because it works with open-source code, which typically takes contributions from hundreds of programmers. The O-RAN Alliance includes more than 40 Chinese member companies, including China Mobile, China Telecom and China Unicom.

RELATED: Irony Alert: What if China taps open RAN to breach networks?

Diane Rinaldo, the executive director of the Open RAN Policy Coalition, will also be participating at Fierce’s Open RAN Summit in September. When asked if she was concerned about the security of open RAN, she cited a familiar argument in open-source communities — that open-source code is more secure because there are “many eyes” looking at it.

Rinaldo also said, “Every iteration of the next generation of wireless has seen large scale advancements in security. 5G is ten times more secure than 4G.” She said open RAN will be “no less secure than the current system.”

One strong validation of open-source code in telecom networks is that the U.S. Defense Advanced Research Projects Agency (DARPA) in February signed a collaboration agreement with the Linux Foundation on innovation and security in the areas of 5G, edge and IoT, among other technologies.

The Linux Foundation is the umbrella group for the vast majority of open-source projects in telecom. In addition to working with DARPA, it also works with the O-RAN Alliance.

Arpit Joshipura, general manager for networking, edge and IoT at the Linux Foundation, said, “The open-source community is global, which is a fact.” He said DARPA believes in open source because it likes the speed of innovation that is only possible through open source.  “If the source code is open, it’s the many eyes,” said Joshipura. “You can take that code and apply your research techniques and make it even more secure.”

O’Reilly may have summed it up best, saying, “There are no guarantees in this universe going forward; we’re in a much more decentralized structure."

International interest in open RAN

The Open RAN Policy Coalition launched in May 2020 with 31 companies, and it now has 61 member companies. Rinaldo said initially its founders were “thinking domestically,” but open RAN quickly garnered international interest. Twenty-six governments have reached out to the group to obtain information. “Education is the number one thing we focus on,” she said.

One of the goals of open RAN is to break open the vendor ecosystem so that there’s more choice than just Ericsson, Nokia and (sometimes) Huawei. Rinaldi said the coalition seeks to answer the question: “If not them, then who?”

And apparently governments around the entire globe are asking this same question.