As society becomes increasingly immersed in the internet, the lines between physical and virtual worlds are ever more blurry. The evolution of this new borderless world is driving greater complexity — not just in society, but also in our networks.
With networks evolving to be more intelligent, virtualized and open, it’s an exciting era for mobile radio access network (RAN) deployments. Yet, should mobile network operators (MNOs) be concerned about threats to Open RAN security in this cloudified environment?
Open to change
Architectural decomposition and disaggregation pave the way for networks to become more modular and virtualized, creating a multi-vendor ecosystem that avoids proprietary vendor lock-in and frees up MNOs to choose best of breed solutions. This network transformation enables new levels of innovation, driving business growth and profitability.
These new architectural components, however, do tend to increase the attack surface, raising some questions about network security. That’s because cyber criminals could potentially exploit aspects of open networks, including AI training data, microservices, multi-vendor modularity and open application programming interfaces (APIs). Plus, with telecommunications cybercrime, attacks can be self-monetizing for a wide range of bad actors; unlike those IT cyber-attacks that rely on ransomware.
But despite these apparent vulnerabilities, MNOs can rest assured that 5G networks based on Open RAN standards are actually quite secure. This is due to a broad ecosystem of companies and associations collaborating across numerous industry initiatives and supply chains to combat these risks.
Open RAN security
Established industry partnerships and open standards, such as O-RAN ALLIANCE, OpenROADM and Open Line System (OLS), enable transparency and rigorous standardization that builds trust and cooperation. Increased interest in Open RAN technology has brought together a range of associations, government agencies, service providers, research organizations, and network technology innovators such as Fujitsu and our industry partners — all working together to strengthen network security.
At Fujitsu, we are actively advancing network security by offering network security services, contributing to O-RAN standards, bolstering the DevSecOps lifecycle, and investing in advanced research programs like the Fujitsu Cybersecurity Center of Excellence in Israel.
Moreover, industry alliances like the O-RAN ALLIANCE security working group are directly addressing network security through modeling and specifications that adopt security principles based on Zero Trust Architectures. This work builds on existing security standards outlined in 3GPP standards and the Cloud-Native-Computing Forum, and is supported by best practices DevSecOps methodologies.
With promising new mobile and IoT applications emerging that will increasingly affect our daily lives, how can we ensure trusted solutions for a safe and sustainable society? To learn how to securely connect the cyber world and physical world through intelligent, sustainable and secure Open RAN networks, watch this insightful panel discussion presented by Fujitsu during Mobile World Congress 2023 in Barcelona: “Network Trust: How to securely connect cyber world to physical world”.