Ericsson’s Open RAN system builders get new tools that make security scale from small cell to global cloud
Two significant technology breakthroughs have been announced that could help infrastructure builders fortify their 5G networks. At a micro-level, German test specialist Rohde & Schwarz and Qualcomm Technologies have validated small cell testing, so that system builders can use mmWave technology as a building block for 5G network with greater confidence. At the other extreme, Ericsson-built cloud radio access networks (Cloud RANs) have passed a security audit, making this a robust option for infrastructure hyper scalers.
The Cloud RAN from network equipment maker Ericsson has passed an independent Network Equipment Security Assurance Scheme (NESAS) audit, making it fully compliant with the security requirements defined by global standards organizations 3GPP and GSMA.
The Security Reliability Model
The NESAS audit of Ericsson Cloud RAN follows earlier compliance recognition for Ericsson’s Core, Transport and Radio Access Network (RAN) portfolios.
GSMA introduced NESAS as a common security assurance framework for secure product development and product lifecycle processes across the mobile industry. Conformance with NESAS is an integral part of the vendor’s Security Reliability Model (SRM) according to Per Narvinger, Ericsson’s head of product area networks.
Cloud-based RAN deployment is an important step towards a more open RAN architecture because it can provide inherent security advantages such as isolation and geographical redundancy. On the other hand, the cloud introduces new security risks according to Ericsson’s technical paper Security Considerations of Cloud RAN.
Your cloud has many points of attack
Traditional attacks against the RAN and Coren aside, the cloud infrastructure has many other vulnerabilities, including micro-services, container engines, host operating system and third-party hardware, which can be exploited in cloud-based RAN and Core systems.
“Security is a key cornerstone in the design of our products. In the days of software and hardware disaggregation it is even more important that security is built in from the start,” said Narvinger. “Having Cloud RAN confirmed as NESAS-compliant adds another layer of credibility and trustworthiness to our Ericsson radio access network (RAN) portfolio.”
Good day for small cell validation
The products examined were the Central Unit-Control Plane, Central Unit-User Plane, the Distributed Unit (DU) and RAN Service Discovery. Ericsson’s NESAS compliance processes underwent a complete audit by a GSMA-approved, independent auditor.
Meanwhile Christoph Pointner, senior VP mobile radio testers at Rohde & Schwarz, said the breakthrough in testing equipment was a great day for small cell validation.
“OEMs worldwide rely on Qualcomm Technologies’ platform for their small cell products,” said Pointner, “with its new functionality specialising on small cell testing, which is already validated for QDART for Small Cells, OEMs can be confident that our test solution is ready to fulfil their testing needs, whether for in the lab or production line.”