Study finds Open RAN is not specifically ‘security by design’
Developers of Open Radio Access Networks (Open RAN) might need to ask some more questions and conduct further stress testing if they are to guarantee safety for clients.
According to a study commissioned by Germany’s Federal Office for Information Security (BSI), Open RANs could be a significant security risk in the current incarnation based on the standards of the O-RAN Alliance.
Using a best case-worst case scenario analysis, the German study demonstrated that the Open RAN standards have not yet been sufficiently specified. It is not a good example of ‘security by design’ according to German analysis.
No answer to worst case scenario
In some cases these oversights will create security risks. The BSI called for the study’s findings to be taken into account before further developments of the Open RAN ‘ecosystem’ proceed. Open RAN’s foundations must be secure if they are to be the launch pad for a potentially rocketing rate of growth, said the report.
The testing for BSI’s analysis was carried out by the Barkhausen Institute, an independent research institution, in cooperation with the Dresden-based Advancing Individual Networks group and Secunet Security Networks.
Who would want to bring down Open Ran?
Open RAN standards were drafts by the O-RAN Alliance according to the 5G-RAN specifications developed by the 3GPP.
The Open RAN project is supported by the top three mobile operators in Germany, Deutsche Telekom, Vodafone and Telefonica. A challenger to this oligopoly, 1&1, is building a fourth network using Open RAN.
The German government’s Federal Ministry of Transport and Digital Infrastructure (BMVI) recently awarded €32 million in subsidies to major manufacturers, operators testing firms and systems integrators in order to expedite Germany’s development of open RAN technology and 5G inventions.