The momentum for Open RAN is growing as operators anticipate mobile traffic increases, and with it, the need for networks to become more agile, flexible, intelligent, scalable, and energy-efficient. According to Dell’Oro Group, the global open RAN revenue is predicted to reach $15 billion by 2025, to account for more than 10% of the overall RAN market. Underpinning this strong momentum is growing interest in the Asia Pacific (APAC) region.
As Open RAN is founded on open hardware and cloud to solve interoperability issues through industry standards established, it allows operators to scale capacity on-demand for 5G architectures. The ability to support artificial intelligence and machine learning is a critical part of 5G services as operators pave the way for future-ready networks to drive 5G applications including IoT and autonomous driving.
Open RAN security challenges
The interoperability nature of Open RAN adds complexity to its deployment. As operators work towards an open, intelligent, virtualized, and fully interoperable RAN, it must first and foremost be stable and secure.
A common concern around Open RAN is security as it works on open source codes. While some are also concerned that disaggregation of RAN increases the number discrete elements and connections, and hence the risk to greater surface attacks, others believe that Open RAN offers greater security as it is built upon advanced end-to-end security features of 5G. The Open RAN Policy Coalition, comprising 60 global technology companies, advocates the latter.
Compared to traditional network architecture, a zero-trust Open RAN architecture adopts a “never trust, always verify” stance on user access control. It is capable of performing security controls on interfaces across all components, deploying cloud security, enabling customized security control via network slicing, and utilizing layers of authentication to deliver enhanced security. As such, operators are also able to tap on these features to fully control network security, even leveraging analytics on the edge to perform real-time detection and remediation of attacks and vulnerabilities close to malicious sources. Avoiding vendor lock-in is also perceived to create a more secure network, as the network gains more visibility from various independent parties.
Having said that, a study recently released by a German government agency cited “medium and high security risks emanate from a multiplicity of the interfaces and components specified in O-RAN”. The study recommended incorporating security improvements into Open RAN specification to ensure resilient and secure networks. Nevertheless, this has not impacted Germany’s EUR300 million plan to develop and test open RAN technology, focused on developing industrial 5G networks. This month, Japan, a strong advocate of Open RAN, has also announced that wide-area 5G Open RAN experimentation will be conducted as early as 2022. Clearly, these countries are not overly concerned that Open RAN poses greater security threats.
In this regard, it is also worth mentioning that Open RAN is also becoming increasingly politicized, as countries consider national security in Open RAN strategies. In April, US President Joe Biden Japan's Prime Minister Yoshihide Suga agreed to collaborate on advancing secure and open 5G, covering Open RAN. To keep China in check, US is also cooperating with South Korea to develop Open RAN. Nokia, one of the founding members of O-RAN Alliance, recently halted its participation in Open RAN for over a month before eventually resuming after assuring that its work is compliant with US legislation.
Central to Open RAN standardization efforts, encompassing security requirements, are organizations including the 3GPP, GSMA, O-RAN Alliance and Telecom Infrastructure Project (TIP). Policymakers also have a hand in funding Open RAN frameworks. Essentially, standardization and security policies must be aligned globally.
Last month, the GSMA called on policymakers to support an open RAN evolution by “launching testbeds, funding research and development, providing security assurance and certification, and promoting and recognizing specifications that enable interoperability.”
As Open RAN is still in the early stages, joint effort between governments, operators and vendors to establish an ecosystem committed toward establishing an Open RAN standard to support resilient and secure networks of tomorrow.