The launch of 5G wireless technology—with vastly greater bandwidth and higher download speeds—is opening new frontiers in areas ranging from the Internet of Things (IoT) to augmented reality (AR). Communications and technology industry professionals like me are excited about 5G, and with good reason: every day I see examples of how 5G is fueling business transformation in different sectors of the economy by enabling digital innovation. Accenture expects 5G deployment to have profound impact on consumers and businesses by revolutionizing wireless communications and transforming existing market sectors and industries to create new business models and unlock new sources of revenue.

Successful deployment of 5G networks depends upon a complex ecosystem of multiple players, operating in a new environment called Open RAN (Radio Access Network). Open RAN disaggregates software applications from underlying hardware infrastructure, allowing Communication Service Providers (CSPs) to use software to push out network functions and intelligent automation in a virtualized environment. Open RAN can lower upfront capital deployment costs and operating expenses through automation; it can drive and encourages innovation, and can allow many different vendors, CSPs and system integrators to interface and communicate.

Investments in 5G, cloud and networks modernization are becoming a priority of governments worldwide. Different policymakers and industry trade organizations are collaborating to define the Open RAN framework, including security. The U.S. House of Representatives has unanimously passed a bill to financially support a domestic 5G equipment market and Open Radio Access Network development with an influx of $750 million in funding over the next 10 years. 5G is one of the seven flagship areas in the European Commission’s EU recovery plan: a significant share of its targeted €150 billion digital budget is allocated to finance 5G network infrastructure.

<<< Start >>>



<<< End >>>

At the same time, CSPs often have security concerns when it comes to user privacy and trusted parties, including:

  • New interfaces that may allow criminals to move through the Open RAN environment, unless such interfaces are secured according to industry best practices and tested continuously for loopholes.
  • Unexpected vulnerabilities, i.e., a vendor’s security flaws may expose another vendor’s security or technology flaws.
  • Governance, risk, and compliance issues as CSPs, providers and governments all seek to align not only with each other but with regulatory, legal, and statutory obligations.

5G networks are based upon new protocols, low-cost hardware, and open-source software. This creates network exposure and vulnerability to Denial-of-Service (DOS) attacks. The 5G framework needs to address end-to-end security concerns relating to data protection, user security and the synchronization of complex, interrelated elements.

This is a major undertaking, but like any other large project it can be broken down into component parts.  Involved parties should address Open RAN security concerns by looking at five key elements: 

  1. Core security. Sharing of virtual resources lets multiple network users share the same physical network resources.
  2. Network security. An end-to-end strategy addresses application programming interface (API) security, including authentication of APIs and segregation of duties, and the use of hardware-secured asset tags and other methodologies.
  3. Data protection. Data protection should be enabled in real time using modern vulnerability assessment and threat management technologies such as advanced infrastructure security protection and threat analysis.   
  4. User security and privacy. Network participants need protocols for proper authentication and authorization, including user identity verification for roaming and cloud services, security identification for users themselves, and identification of network usage behavior and mobility patterns via machine learning technology.
  5. Governance. Security policies and procedures should be standardized at the global level. Participants also need standardized polices for data storage, management and for fraud detection and response. Another important concern is ensuring the safety of the physical supply chain, which can be accomplished by holding vendors responsible for the security of the products and services delivered.

Essentially, CSPs and other key participants need shared playbooks outlining categories of risks, mitigation actions, and teams responsible for carrying out remediations. Time is a critical factor in responding to attacks and the playbook reduces uncertainty and shortens response time.  

Source: Accenture 2020

<<< Start >>>

The Open RAN framework needs to address end-to-end security concerns relating to data protection, user security and the synchronization of complex, interrelated elements. 

<<< End >>>

The complexity of the Open RAN multi-vendor environment means that systems integration plays a particularly important role in maintaining security. Ideally, integrators have insight into new security strategies and models that may not be available to smaller vendors. Integrators can also leverage both traditional and innovative security technologies, methodologies, and techniques to help CSPs mitigate risks. And integrators can also help deliver these projects at scale so that daily operations teams can function effectively.

The O-RAN Alliance and Open RAN communities have assigned teams and tools for testing and verification, but 5G CSPs, system integrators and vendors will need to work together to resolve security challenges. All involved parties need to agree on security principles, identify and conform with industry best practices, and comply with regulatory obligations.

The 5G revolution will connect billions of devices and generate enormous quantities of new data. Open RAN is essential to making 5G work, but Open RAN, poses significant security concerns. Successful deployment of Open RAN requires teamwork, coordination, and a well-thought-out transformation strategy. I am convinced that with these elements in place, Open RAN can help 5G deliver on its huge potential.

See more IT Strategy insights

 

 

Aurelio Nocerino

Managing Director – Technology Strategy & Advisory, Global 5G Delivery and Capability Lead

Subscription Center
Subscribe to Business Functions Blog Subscribe to Business Functions Blog