Более 30 технологических и телекоммуникационных компаний объявили этой неделе создании нового альянса, Open RAN Policy Coalition, который призывает к открытым и взаимозаменяемым системам 5G.
The Alliance promotes open and interoperable solutions for Radio Access Networks (RANs) – including 5G technologies – to create innovation, boost competition and extend the supply chain for advanced wireless technologies.
The multitude of providers offering different mobile network components makes it easier for operators to manage the network, upgrade infrastructure and combat security threats – when vulnerable network equipment needs to be replaced or protected in response to the threat.
The founders of the alliance are Airspan, Altiostar, AT&T, AWS, Cisco, CommScope, Dell, DISH Network, Facebook, Fujitsu, Google, IBM, Intel, Juniper Networks, Mavenir, Microsoft, NEC Corporation, NewEdge Signal Solutions, NTT, Oracle, Parallel Wireless, Qualcomm, Rakuten Mobile, Samsung, Telefónica, US Ignite, Verizon, VMWare, Vodafone, World Wide Technology and XCOM-Labs.
The Alliance was set up in the context of the global debate on the deployment of 5G networks, as the United States and other countries banned Huawei for fear that it would use its spy equipment for the benefit of the Chinese government.
SecurityWeek contacted several companies, including some members of the new alliance (Intel and Juniper Networks commented), to learn more about security aspects in particular. We also contacted Huawei, but the company didn’t want to comment.
And the reactions begin…
Benny Porat, co-founder and chief technologist of Claroti:
The real promise of 5G is not only that it will give us faster download speeds and better streaming services for our mobile devices, but also that it will completely change the way we use our mobile communications. For example, 5G is being expanded to support smart cities, smart factories, distribution centres, etc.
Often new technologies or even policies are introduced and implemented before the safety impact has been fully studied and assessed. Nobody wants to give attackers any more opportunities to attack, but if security becomes a secondary target, it will. This is something we should all avoid as an industry and across international borders with the wider deployment of 5G mobile systems.
Because they are limited to a single vendor for 5G, governments and organizations may be forced to choose between unlocking advanced features that many systems have never implemented and exposing these systems to increased cyber and operational security risks. In today’s environment, I think it’s an admirable initiative to create an alliance that ensures a secure supply chain and prevents one company from dominating this space. The initiative is still in its infancy and its impact needs to be considered, but one of the first questions to be asked is how the Alliance intends to ensure that the system complies with open standards for basic practices and regulations in the field of cyber safety and health at work. This means that there must be clear and unambiguous guidelines, objectives and requirements for the different technologies, so that all participants are fully aware of what is considered acceptable to achieve the minimum level of security expected from their contribution to the wireless ecosystem. Open systems are fine, but everyone has to follow the rules of an open system to make it work.
Drew Schmitt, Incident Response Consultant, Crypsis Group:
5G mobile technology promises a fast, flexible and highly available network connection for a very large number of people. In the United States, the desire for 5G connectivity is as clear as the desire for open standards that are not limited to a single manufacturer, hardware or software. The Open RAN Policy Coalition offers the possibility to focus on key concepts such as interoperability, standardisation and – perhaps most importantly – security.
So far we have limited ourselves to the implementation of wireless networks from different manufacturers and operators. We often get the critical security updates they deem necessary and have little idea how quickly vulnerabilities and other security issues are fixed. If we don’t like what we have, in most cases we have a (potentially) feasible option: changing supplier or carrier. The Open RAN Policy Coalition has a very rare opportunity to change the status quo and enable consumers and businesses to take control of security by deploying wireless technology, hardware and software that meet their needs and desires.
Standards and open bids can significantly change the wireless landscape and emphasize security considerations, which may not be the case if we limit ourselves to implementation by a single vendor or operator. With the Alliance’s proposals, safety but also performance, flexibility and compatibility can be at the top of the standard definitions. It is an opportunity to show that security is better integrated into the foundation of a standard, protocol or technology and that it does not have to be costly. Many views on how to approach the system with open standards offer the opportunity to create an environment that allows you to solve security issues creatively and quickly while ensuring maximum performance and flexibility.
Smarter people working together for technology seems like a good approach to me.
Heather Paunet, Vice President Product Management at Unt :
Open standards for new technologies have long been established in the technology industry. The most important basis of all open standards is to ensure that no company can fully monopolize the new technology. Open standards also mean the exchange of ideas and technologies, which can foster cooperation, competition and expansion within existing technology. In this case, RAN 5G is regarded as a technology operator and manufacturers are moving closer to fully operational global implementations.
The concept of the Open RAN Policy Coalition to create open and compatible interfaces between the radio, hardware and software components that mobile operators need to upgrade their masts and networks to support 5G speaks volumes compared to previous days. In the past, the idea that every technology – radio, hardware and software – should come from the same manufacturer was a reflection of time. Now, with this global reach, it makes sense to open up the next technological revolution to everyone.
When several key players work together and create an open community based on open standards for RAN, the technologies delivered by all parties to the end-user will be better. By harnessing the strength of all those who contribute to the standards of this new technology, especially the factory founders who are members of the Open Pens political coalition, the most innovative minds and engineers will contribute to the future of these standards. Security within a framework of open standards can benefit from the experience and knowledge of many vendors who, when working on new RAN technologies, also know how to implement reliable security in these technologies from many angles.
With every new technology, there are many safety challenges that need to be discussed and addressed. Although many hands (and eyes) can raise the bar, only one attacker is needed to find and exploit vulnerabilities. As part of the Open RAN Policy Coalition, the ability to use multiple hardware, radio, or software components on an interchangeable basis allows mobile operators to exchange suspicious devices, update patches on their network, and run hardware as needed.
An important aspect of open safety standards is the element of trust. For example, if an American company had all the technology for 5G networks, we might find that other countries are reluctant to implement the technology because they are curious about what happens in a closed system. Once there are open and compatible standards, multiple vendors in different geographic regions will identify the technology and can develop their own components to interact with it. The internal operating mechanisms and the interoperability of the technology have been defined together, allowing confidence to be built up once the systems are in place.
Tom Quilin, Senior Director, Security and Trust Policy, Public Procurement and Trade, Intel :
Transforming the network infrastructure from edge to core is the key to fully exploiting the value of 5G. Intel offers an unparalleled 5G infrastructure portfolio that includes ASICs, structured ASICs, FPGAs, processors, and switches. Our products support both optimized RAN workloads and virtualized RANs for different deployment scenarios. As part of our leading work on 5G, Intel is also actively participating in several 5G standardization and interoperability projects, including 3GPP, the O-RAN alliance and the Telecom Infra project.
Extending cloud computing to the RAN can bring more security, which benefits providers and network operators, and even end users. Decades of virtualization research and development has been conducted by hardware vendors such as Intel and trusted operating system and virtualization vendors to discover how to load, manage, monitor and isolate workloads in the cloud based on the root cause of hardware trust. The cloud architecture also enables the rapid and flexible deployment of critical security assets where they are needed. Depending on business needs and conditions, the sensors can be configured in an open 5G RAN implementation to dynamically and instantly provide additional IT resources for encryption or authentication. If the network operator finds a vulnerability in the 5G stack, repairing it can be as easy as installing a software patch. Finally, 5G Mobile Edge Computing (MEC) improves border surveillance, reduces the risk of Distributed Denial of Service (DDoS) and increases the ability to dynamically deploy border security.
Jan Getz, Chief Mobile Solutions Architect at Juniper Networks
There are two major technical open RAN bodies that intend to use the 3GPP specifications to create and deploy open and disaggregated RAN capabilities for mobile operators and private network systems. The ultimate goal is to be able to combine functions, but currently the company focuses on suppliers of radio units (RUs) that integrate with other suppliers specialising in distributed units (DUs) and central units (CUs). Determinants are the cost of deploying 5G networks when the additional sites required to achieve coverage and bandwidth parity for existing 4G customers are prohibitively expensive, as well as geopolitical and supplier issues that may or may not be used.
Open RAN solutions focus on UK, DU and CU, but like many other systems they need assistive technology to be operational. A VU in an open RAN needs an edge cloud in the operator’s network to work. This boundary cloud must be in a physically safe place, either in the building or in the cabin. Incoming operators who have a local exchange in their old ISDN networks have an advantage in this respect, as they have buildings on the right side of the network.
The cloud stack must be protected, as well as the links to the cloud to allow for operating system updates, B/W virtualization updates and updates to the Open RAN features themselves. The Open Radio Intelligent RAN Controller (RIC) makes it possible to run third-party RAN applications in the cloud and provides RAN optimization, etc. They also need remote access, so access control and firewall are essential.
In addition, there is the question of protecting traffic to prevent it from being intercepted illegally. The traditional RAN has an IPsec tunnel from the base station to the security gateway of the operator’s core network. In Open RAN this IPsec tunnel from the edge cloud to the security gateway is done in the usual way, but it is also possible to use IPsec on an F1 channel from CU to DU. Juniper’s vSRX virtual security platform can be used as a comprehensive security gateway for X2 backhaul and transportation circuits in traditional RANs, to safely open IPsec traffic in clouds of mobile services, and as a backhaul firewall to maintain and update software and applications and to interrupt LAN traffic. It is also used on the F1 interface between DU and CU in Open RAN. Juniper’s Contrail cloud solution provides secure connections between servers at the edge of the cloud and uses microsegmentation to secure chains of services in the cloud to prevent compromised virtual functions from accessing areas at the edge of the cloud they don’t need.
Chris Hazelton, Director of Security Solutions, pay attention:
This alliance increases the transparency of the vast ecosystem of 5G suppliers. Whatever my motivation, the recent news about Huawei has really raised questions about my options. This is an important signal for companies and government agencies that know that the 5G pulse is likely to increase and that they need to be prepared for security Bring your own network (BYON).
When using 5G, the network of a mobile device can be faster than the network of a company or government organisation. Users can be linked to their mobile phone and then work completely outside the organization’s security control system. Mobile security is therefore a mandatory requirement of BYON security, so that user identification and secure data are not compromised.
Jack Mannino, CEO of nVisium:
Standardization of protocols and security standards from key vendors can help reduce the drawbacks of integration into the stack. Restoring safeguards in various ways leads to increased development efforts and increases the likelihood of vulnerabilities or regression. The development of safe and interoperable 5G systems will contribute to a faster deployment and a reduction of the burden on technical teams in the application of safety standards.
@EduardKovacs – Publisher of the Safety Week. He worked for two years as a high school computer science teacher before starting a career in journalism as a security reporter for Softpedia. Edouard has a bachelor’s degree in industrial computer sciences and a master’s degree in computer engineering for electrical engineering.
Previous chronicles of Eduard Kovacs :