Protecting Open Radio Access Networks with a Common Platform

The size of the radio access network is expanding significantly with the shift toward 5G. With 5G, the RAN becomes an even larger, denser, and more geographically distributed network with systems from a multitude of vendors. As the number of base stations and antennae increases, so does the number of interfaces, attack vectors, and risks. At the risk of stating the obvious, security for the 5G RAN is paramount.  

New use cases only heighten the need to improve security. Customized on-demand services, enhanced mobile broadband (eMBB), massive machine-type communications (mMTC), and ultra-reliable low-latency communications (URLLC) all call for new or expanded security capabilities.  

These changes in size, access, use cases, and a shift in the distribution of responsibilities contribute to a litany of security challenges facing radio access networks for 5G.  

Open RAN, the charge to disaggregate and open the RAN led by the O-RAN Alliance, also further shifts the responsibility for security to CSPs, which will likely spread security responsibilities more widely across vendors and segments. As a result, the number of technicians, contractors, and system administrators who need access, either remotely or onsite or both, is likely to increase correspondingly with the growth of the RAN, though improvements in automation and centralized management might carry a counterbalancing effect.  

An Open RAN architecture, for example, includes a real-time RAN intelligent controller. The RIC is a new component that accesses user context and data about user usage — sensitive data that requires extra protection. The RIC exposes this sensitive data to xApps developed by various vendors. 

Don’t Know, Can’t Fix 

For security, closed vertical stacks are a towering problem for CSPs and, ultimately, consumers. CSPs have no visibility into the vulnerabilities and risks of a closed system. They must take it on faith that the whole vertical stack is patched, up to date, locked down, and free of vulnerabilities. When something goes wrong, though, it is the CSP that bears the burden of bad press, fines, lawsuits, and the erosion of trust. When it comes to security, closed telecom systems, often touted as plug and play, are often more of a case of plug and pray.  

Open systems can, of course, contain vulnerabilities and expose attack vectors. But if you know what the systems you are running are composed of, you can better protect them, and you are in a better place to have them quickly patched when a vulnerability surfaces.  

The Multiplier Effect of the Multi-Vendor RAN 

Emerging 5G security standards like the telecom security requirements, or TSRs, from the U.K.’s Center for Cyber Security (NCSC) require the use of multiple vendors. With dense 5G RAN, there is bound to be an extensive list of administrators, contractors, and vendors requiring remote or on-site access. 

Access to the RAN management plane, however, needs special attention. First, it must be segmented and isolated. Second, it requires a secure access solution that not only scales to support a 5G-sized RAN but also is easy to configure.  

Privileged Access Management 

The workstations and devices used to gain access to the management system for the RAN also need to be secured. For simplicity, a single access solution is vastly preferably; multiple systems that do, in effect, the same thing but for different vendors are difficult to manage and lock down, harder to learn, more complex to host, and tend to result in too many error-prone manual processes. With 5G comes a RAN that must be both dense and fast. Managerial simplicity will be key to preventing problems stemming from size and speed.  

Lock Box 

The sheer size of the RAN for 5G brings another challenge: physical security. Not for a room or a building, though. The physical security is for a box behind or below an antenna, typically on a tower.  

With the additional RAN locations for 5G, the move to open RAN, and the need for multiple vendors, the attack surface for these boxes increases, conceivably making it easier to attack a physical access point and insert another box or device or tamper with it in some way. The box might be part of the RAN management system. If there is a hack, how do you respond quickly, with automation, at the point of these remote boxes, especially when there will be so many of them?  

RAN sharing poses another concern that will have to be tackled at scale. With RAN sharing, providers can share neutral hosts to help overcome the CapEx of 5G, but at the same time RAN sharing necessitates stricter security requirements. It also potentially complicates the definition and distribution of security responsibilities. 

Deriving Comprehensive Security from a Logical Horizontal Platform 

With a horizontal platform, you can integrate management and security access systems for some physical security systems, so you can manage them from the same location and create automated responses to alarms.  

With the new open ran physical structure, wherein you have two small boxes that become accessible because they are out in the open on the back of the antennae, you must start using chassis sensors from doors on the boxes. Traditional solutions are typically vendor-specific and less understood.  

With a horizontal platform, the security for these boxes can be integrated with the greater RAN system. If alarms are triggered, they can be reported by the VMware hypervisor; the alarms can also be reported by the server inside the box. In response, automation can be put in place to alert the server to terminate its communications. Likewise, if someone cuts a cable, the system can throw an alarm and take action to address it. 

The Protective Power of a Common Platform 

Indeed, there is a great deal of power in having a single point of security control.  

In contrast to a vertical architecture, a horizontal architecture shares a common platform using the same hypervisor and, typically, the same storage and networking solutions. With this commonality, the same tools can be used for operational tasks like monitoring, alarm handling, fault handling, and troubleshooting. With a common platform and common operational tools, automation and orchestration become easier, especially at scale. 

And all this makes the whole stack substantially easier to secure. With a common platform that uses the same operational tools and the same automation tools, a common security solution and a holistic security posture becomes possible. The whole platform can then simultaneously implement new security features through software at the same time.  

When the same security policies can be configured for the systems of a multi-vendor open RAN environment, security is easier to apply, manage, and modify at scale. For more information on protecting an open, multi-vendor radio access network, check out this white paper:

Security for Open RAN Architectures in 5G Telco Clouds: Protecting Open Radio Access Networks with Automation and Zero-Trust Architectures 


Leave a Reply

Your email address will not be published.