Your browser is not supported. Please update it.

14 September 2020

Ericsson raises the spectre of security risks in O-RAN

By Wireless Watch Staff

While Nokia and Samsung have leapt to embrace open RAN architectures, and specifically the O-RAN Alliance, Ericsson has remained largely aloof. It has joined the Alliance but, unlike its two rivals, not announced compliant products, and has tended to adopt a wait-and-see approach in public comments. If Nokia and Samsung hope to use their market weight to hijack control of O-RAN’s direction and dominate the first wave of commercial sales, Ericsson seems just to be hoping O-RAN, with its implicit threat to the traditional mobile network business model, will go away.

Its latest attempt to undermine confidence in the emerging platform is focused on the controversial topic of security. Supporters of open, and even open source, platforms argue that these improve security because there are far more parties at work on enhancing the systems, which means more eyes to spot possible vulnerabilities, and more innovation and cooperation to address them.

But Ericsson is taking the opposite view, publishing a 14-page white paper that details all the ways in which it believes open RANs could be hacked. It is certainly addressing a sensitive issue for operators. With any emerging architecture, the main weapon of the incumbents it threatens is FUD (fear uncertainty and doubt).

Performance trade-offs, immature platforms, high integration costs and now security risks are all concerns that have been raised about open RAN by various parties – and none are entirely without substance, though the recent move by the Open Networking Foundation (ONF) to specify key O-RAN elements will have a confidence-boosting effect, given the body’s robust track record.

Ericsson outlined the findings of its paper in a blog post entitled: ‘Making sure that Open RAN doesn’t open the door for new risks in 5G’. It argues that the open architecture –  and particularly the transfer of key control functions from being embedded in the baseband, to a separate, software-based RAN Intelligent Controller (RIC) – could lead to security problems.

“The introduction of new and additional touch points in O-RAN architecture, along with the decoupling of hardware and software, has the potential to expand the threat and attack surface of the network in numerous ways,” wrote Jason Boswell, head of security, network product solutions, at Ericsson.

He added: “With any nascent technology, including O-RAN, security cannot be an afterthought and should be built upon a security-by-design approach. As the industry evolves towards RAN virtualization, with 3GPP or O-RAN, it is important that a risk-based approach is taken to adequately address security risk.”

Ericsson believes additional security mechanisms, and a full trusted stack encompassing both hardware and software, may be essential – and if that stack is to apply to multivendor networks, it will require cooperation between all the supporting vendors. Perhaps the Swedish company hopes that will prove to be a breaking point for O-RAN consensus, or at least a delaying factor which may put the availability of fully carrier-grade O-RAN platforms out of sync with operator deployment timetables.

Or Ericsson may think it can take a lead in defining security for vRAN and O-RAN, in order to steal Nokia’s early thunder and make its own future equipment the most trusted among operators. Boswell was certainly emphasizing Ericsson’s decision to take an active role in O-RAN security, writing: “Ericsson will continue its leadership role within the O-RAN Alliance and its Security Task Group to incorporate security best practices, ensuring that new deployments are ready to meet the level of security, resilience and performance expected by service providers and their customers.”