A report from the European Union (EU) indicates that Open RAN technology has the potential to improve the continent’s cybersecurity arrangements, but warns that certain conditions must be met for this promise to be fulfilled.
The Radio Access Network (RAN) market has traditionally been dominated by a few major players that offer highly integrated cell sites comprising radio, hardware and software.
This approach has made it difficult for operators to mix and match innovations and has proven to be a significant barrier to entry for smaller vendors.
Adoption of open RAN
OpenRAN is a vendor-neutral approach with standardized designs that allow various companies to provide hardware and software. Operators believe this can increase innovation, reduce costs and reduce reliance on the “big three” Ericsson, Huawei and Nokia.
Several major European mobile operator groups, including Deutsche Telekom, Orange, Telefonica, TIM and Vodafone, are excited about the technology, as are many governments who want to avoid overreliance on a single provider.
The EU report says greater component interoperability would ensure greater vendor diversity and allow operators to pursue a multi-vendor strategy. By purchasing radio equipment from many different vendors, operators are protected against potential vulnerabilities in one vendor’s equipment, helping to protect data and reduce disruption to critical infrastructure.
Meanwhile, the use of open interfaces and standards in Open RAN would increase network visibility and automation would reduce the risk of human error introducing potential weak points.
However, the report indicates that the Open RAN concept is still immature and this is a short-term risk. He said the increased complexity of networks would introduce more attack surfaces for malicious actors to stage attacks and also increase the risk of misconfiguration. He also argued that specifications and standards were not yet mature or inherently secure by design.
To mitigate risk, the report recommended regulatory powers capable of reviewing large-scale deployments and assessing the risk of vendors, integrators and service providers. He also wanted any potential shortcomings to be addressed at the standards level and for Open RAN to be included in any future EU 5G cybersecurity program as soon as possible.
“Our joint priority and responsibility is to ensure the rapid deployment of 5G networks in Europe, while ensuring their security,” said Margrethe Vestager, Executive Vice President for a Europe Fit for the Digital Age.
“Open RAN architectures create new market opportunities, but this report shows that they also raise significant security challenges, especially in the near term. It will be important that all participants devote sufficient time and attention to mitigating these challenges, so that the promises of Open RAN can be realized.
Open radio technologies are expected to account for up to 15% of the radio access network (RAN) market by 2026, according to a report by Dell’Oro Group. The pace of adoption has impressed analysts who believe that Open RAN will not only play an important role in rolling out 5G, but also future generations such as 6G.
Vodafone activated the first OpenRAN mobile site in the UK which will carry live 5G customer traffic to Bath earlier this year and plans to roll out 2,700 in Wales and South West England from by 2027. Meanwhile, Telefonica is targeting 800 sites in four markets, including the UK, by 2022 and BT is testing Open RAN in Hull.