New title

Fujitsu Blog

Solutions for Network Digital Transformation

Strengthening Open RAN security through Service Management and Orchestration

RIC security

Open RAN security sets a new bar for telecom

As the telecommunications industry evolves, the Open Radio Access Network (RAN) framework is being adopted as an innovative alternative to traditional, closed RAN systems. Open RAN promises enhanced flexibility, vendor-agnostic innovation, and lower costs. Yet one of the most critical considerations for any network architecture, open or closed, is security. Contrary to the perception that openness inherently means increased vulnerability, Open RAN, and particularly its Service Management and Orchestration (SMO) platform, is proving it can be just as secure, if not more secure, than traditional RAN deployments. By embracing best-in-class security technologies, strict adherence to industry standards, and adopting a zero-trust mindset, Open RAN security is setting a new bar for telecom.

This blog delves into how Open RAN’s Service Management and Orchestration (SMO) platform fortifies network security, analyzes recent cyber threats that highlight the importance of advanced safeguards, and explores the future of Open RAN security as new standards and technologies emerge. The journey of securing Open RAN underscores a broader truth: in telecom, staying ahead of security challenges is not just a necessity, it’s an opportunity to innovate and strengthen networks for the future.

The role of SMO in the Open RAN ecosystem

At the core of Open RAN architecture is the SMO platform. This “command center” manages the lifecycle of virtualized network functions, oversees resource orchestration, and interacts with the non-real-time and near-real-time RAN Intelligent Controllers (non-RT RIC and near-RT RIC). By coordinating both long-term strategies and time-sensitive operations, the SMO ensures that Open RAN networks run efficiently, reliably, and securely.

However, this comprehensive oversight positions the SMO as a critical and high-value target for potential cyberattacks. While the SMO platform is already equipped with robust security measures, ensuring the integrity of the entire O-RAN environment demands ongoing enhancements. Open RAN’s foundational principles and architecture enable defense-in-depth strategies that currently surpass many traditional RAN security frameworks. Yet, as cyber threats evolve, implementing additional advanced safeguards will be essential to proactively address future challenges and maintain Open RAN’s leading-edge security posture.

Why Open RAN security is becoming stronger than traditional RAN

  1. Openness with security in mind
    While openness may seem like a double-edged sword, Open RAN’s transparent and interoperable structure actually enhances security. The open ecosystem encourages multiple vendors to adhere to standardized security protocols, facilitating widespread implementation of strong encryption, mutual TLS (mTLS), and token-based authentication mechanisms (e.g., OAuth 2.0). This results in a unified, best-practice-driven security posture that is often lacking in traditional, proprietary RAN systems.
  2. Distributed, disaggregated components
    Traditional RAN architectures tend to be monolithic, making it harder to isolate and contain breaches. Open RAN disaggregates the network into Radio Units (RUs), Distributed Units (DUs), and Central Units (CUs), each potentially sourced from different vendors. This segmentation allows for more targeted and granular security controls with features like open fronthaul security, shared O-RU security, and O-RU centralized user management that reduce the risk of a single compromise spreading across the entire network.
  3. Centralized oversight with the SMO
    The SMO platform’s comprehensive network view allows it to apply security policies consistently across all components. This centralized management ensures that no element is overlooked, enabling robust authentication, authorization, and real-time security analytics. By handling both real-time and non-real-time tasks, the SMO can deploy advanced security protocols without undermining network performance. This is an equilibrium that traditional RANs often struggle to achieve.
  4. Enhanced visibility and community vetting
    In a closed RAN environment, security vulnerabilities may remain undiscovered for extended periods due to limited visibility and reliance on a single vendor’s proprietary solutions. Open RAN encourages collaboration and “white hat” scrutiny. Ethical hackers, independent researchers, and multiple vendors can inspect interfaces and code to identify and address weaknesses faster. This collective vigilance leads to quicker remediation cycles and more resilient networks.

Security strategies strengthening Open RAN

Zero-Trust Architecture (ZTA)
Adopting a zero-trust framework ensures that no entity, internal or external, is inherently trusted. Every request undergoes continuous authentication and authorization checks. Each component is treated as a micro-perimeter, enforcing strict controls at every layer and thwarting lateral movement by attackers.

Robust authentication and authorization
OAuth 2.0, MFA, and the NETCONF Access Control Model (NACM) ensure only legitimate users and devices access network resources. Fine-grained access tokens and strong identity checks protect Open RAN interfaces (R1, O1, O2, A1, Y1) to prevent unauthorized configuration changes and provisioning attempts.

Advanced data encryption and integrity checks
Industry-standard encryption (AES-256-GCM) and modern protocols (TLS 1.2/1.3) secure data in transit. SHA-256 ensures data integrity, while ECDSA (P-256) provides authenticity. These measures safeguard sensitive metadata, configuration details, and user information from interception and tampering.

Continuous monitoring and rapid response
Real-time security monitoring, logging, and alerting (often integrated via SIEM solutions) enable quick identification of anomalies. Continuous oversight helps operators detect threats early, enabling proactive rather than reactive defense strategies.

Compliance with O-RAN and industry standards
Adherence to O-RAN Alliance guidelines, proper certificate management, and mTLS-secured O1 interfaces ensure a consistent security baseline. Regular audits, interoperability testing, and aligning with frameworks like NIST SP 800-207 further fortify the network’s trustworthiness.

Lifecycle security for applications
End-to-end security spans from application deployment to decommissioning. Signed packages, verified updates, and rigorous code integrity checks ensure that no malicious or outdated software infiltrates critical RAN components.

Adopting secure networks is more urgent than ever before

Recent cyber-attacks on major telecom providers underscore the urgency of adopting secure architectures. Sophisticated threats—from sabotage of long-distance cables to breaches of cloud workspaces—have disrupted services, stolen data, and compromised national infrastructure. Incidents across France, the United States, Ukraine, and Spain demonstrate that no region is immune, and that legacy, closed RAN systems can be just as vulnerable as their open counterparts.

In an era where telecom networks form the backbone of digital connectivity, robust security measures are essential. Governments and regulatory bodies increasingly mandate compliance with data protection standards, while customers demand reliability and confidentiality.

Core security challenges in telecom

  • Insecure software development
    Vulnerabilities introduced during development can be exploited by attackers. Better DevSecOps practices, rigorous testing, and secure coding standards mitigate these risks.
  • Open interfaces and APIs
    While open interfaces foster innovation, they must be secured properly. Strict API security, encryption, and role-based controls are non-negotiable to prevent unauthorized access.
  • MFA fatigue and user resistance
    Excessive authentication requests can lead to user fatigue. Balancing usability with security is vital to maintain strong protection without eroding user compliance.
  • Complex ecosystems and legacy systems
    The multivendor Open RAN ecosystem demands consistent security protocols. Migrating from legacy networks, ensuring interoperability, and managing supply chain integrity remain ongoing challenges.

AI, ML, and the future of Open RAN security

As the industry moves toward 6G, the SMO’s role in managing Artificial Intelligence (AI) and Machine Learning (ML) powered network functions grows. While AI-driven analytics, anomaly detection, and threat prediction offer advanced defenses, they introduce new attack surfaces. Data poisoning, model evasion, and inference attacks are genuine risks. Open RAN’s open architecture enables operators to apply best-in-class AI security practices with robust data validation, secure-by-design development, and continuous monitoring of AI models to safeguard future networks.

Standards bodies like the O-RAN Alliance and 3GPP, along with global cybersecurity agencies, are aligning on zero-trust principles for emerging technologies. These efforts ensure that the Open RAN environment remains adaptable, secure, and ready to address future threats.

Open RAN is a secure and adaptable foundation for tomorrow

Telecommunications providers are transforming from network companies into cloud service providers, handling immense data flows that traverse submarine cables, manholes, and fiber entry points. Each of these access points demands vigilant security oversight. By embracing zero-trust approaches, multiparty code reviews, and recognized security standards, Open RAN not only equals but can surpass the security posture of traditional RAN architectures.

The disaggregated, open nature of Open RAN fosters constant improvement, transparency, and community-driven innovation. By leveraging advanced security measures including zero-trust policies, robust authentication and authorization, strong encryption, continuous monitoring, as well as AI-driven threat detection, Mobile Network Operators (MNOs) can build an infrastructure that resists current threats and adapts to the future.

Get the benefits of Open RAN security

Open RAN stands as a dynamic and secure alternative to traditional RAN systems. It combines openness, interoperability, and flexibility with a forward-leaning security framework capable of confronting today’s complex threat landscape. By uniting best-in-class security standards, embracing zero-trust architectures, ensuring rigorous application lifecycle protection, and preparing for AI-era risks, Open RAN proves that openness does not equal vulnerability. Instead, it enables a community-oriented environment where vulnerabilities are identified and resolved more swiftly than ever before.

As MNOs and operators prepare for the 6G era, building on Open RAN’s secure foundation will be essential. With the right strategies, controls, and best practices in place, Open RAN is poised to deliver networks that are open, efficient, cost-effective, and robustly protected, which ensures the resilience of critical telecom infrastructure in an era of evolving cyber threats.

By embracing the Open RAN approach and its advanced security features, operators can confidently move beyond traditional RAN constraints to ensure their networks remain both cutting-edge and secure in an increasingly connected world.

Unlock the Future of Secure, Next-Gen Networks with Open RAN

Embrace Open RAN today and stay ahead with enhanced security and limitless possibilities for your network’s growth

Learn more
mm

Nishant Tiwari

As a Product Manager at Fujitsu, Nishant brings over 16 years of expertise in product strategy, system architecture, and hands-on proficiency in an extensive range of technologies spanning 5G, 4G, 3G, 2G, CDMA, ORAN-RIC, SON, MEC, slicing, Native Cloud, rApp and xApp development, and vertical industrial use cases.

Before joining Fujitsu, Nishant garnered valuable experience working with wireless equipment providers like Ericsson, Nokia, Huawei, Motorola, Cisco, Intel, and Tejas, as well as stints with major global mobile network operators like AT&T, Sprint, Vodafone (Germany-Netherlands), KPN (Netherlands), DTAC (Thailand), True Move (Thailand), various India MNOs, and software service giants TCS and Wipro. Nishant's background is as diverse as it is extensive.

In addition to his role at Fujitsu, Nishant is a member of Standards Development Organizations (SDOs) including 3GPP, ORAN Alliance, Telecom Infra Project, Data Security Council of India, and IEEE.