Their efforts support those of TIP and O‑RAN Alliance projects, and European Union goals on security, supply chain diversity, security and data protection
Deutsche Telekom, Orange, Telefonica, TIM and Vodafone publish updates on the tech behind the Open RAN movement.
The five publicly threw their considerable combined weight behind the RAN disaggregation movement in early 2021 with an MoU followed by technical specifications.
Since then they have been working with the wider industry, including through TIP and the O-RAN Alliance to further the cause, and have now published a security white paper which proposes an open architecture that draws on IT security protocols and built on zero-trust methodology.
The paper also outlines requirements for energy efficiency that they say should be considered in new open RAN solutions to support the operators’ sustainability goals and those of the European Union (EU).
The aim is to keep up momentum for the commercialisation of open RAN, develop standards and foster European leadership in this tech that is foundational to the success of 5G Standalone and future generations of cellular tech.
Who does the work?
The O‑RAN Alliance Security Focus Group (SFG) will research the requirements outlined in the white paper with support from the European operators.
However, the global stakeholder group founded by AT&T, China Mobile, Deutsche Telekom, NTT DOCOMO, and Orange, is the driving force behind security specifications in the O‑RAN Alliance with more than 300 members.
Risk analysis for Open RAN is under development within the framework of creating a zero-trust architecture to secure the access network to a degree equal to or better than their traditional counterparts.
The disaggregated nature of Open RAN present, in the jargon, a bigger attack surface that the tightly integrated alternative but the white paper suggests that, done right, transparent, open interfaces allow greater oversight of vulnerabilities and failures.
They also argue that the infrastructure will be able to isolate risks more easily by supporting continuous integration and continuous deployment (CI/CD) for service updates and upgrades. Only segments of services are addressed at any one time, not the whole network.
The paper reasons that if the currently widespread, integrated proprietary network elements were looked at in the same way as open alternatives, their attack surface would be akin to that of the proposed open architecture.
Attacks aside, the paper also says that vendor-neutral architecture lessens the risk of operators having to rely on a very few vendors, giving them the flexibility to chose exactly what they need rather than what is available.
The white paper points out that the on-going development of open, secure RANs also supports the EU’s 5G Toolbox Programme, which is all about creating a wider ecosystem of vendors, and its 5G Cybersecurity Framework as well as enshrines data privacy laws.
Sustainability to sustain Open RAN
In its Focus on Energy Efficiency report, the MoU partners highlight: the market impact of operators choosing energy-efficient hardware; metrics for monitoring energy usage and efficiency by hardware and software; and aspects of Open RAN that have the potential to increase energy efficiency.
It also looks at the roles of intelligence and orchestration to automate energy efficiency in the network and suggest energy efficiency targets for each of the network components.
An interesting, overarching feature of the MoU partners’ approach is its flexibility. Yes, some tech specs are given more priority than others but accommodates each member’s own commercial approaches and unanimous agreement does not appear to be the goal, beyond presenting a united front politically to the region’s regulators and legislators.