Outlines universal strategies and principles of Open RAN security
Open RAN systems integrator Rakuten Symphony has shared the wisdom it accumulated when pioneering the world’s biggest cloud native, fully virtualised commercial network open systems network for parent company Rakuten Mobile.
In 8,000 words A Definitive Guide to Open RAN Security details the every plane of attack and explains how to mitigate risk from a total software system, configuration and operational perspective. It is based on Rakuten Mobile’s own Open RAN installation in Japan, which is the largest such deployment in the world. The information, strategies and principles shared can form the foundation for secure Open RAN networks anywhere, it claims.
While risk remains a persistent presence and always will, management, not avoidance, represents the best path forward for a multi-vendor radio access network, says the guide, which admits that Open RAN security isn’t as simple as just “relying on interoperability standards”. Instead, Rakuten Symphony advocates an approach that evaluates industry best practices, collaboration and innovation. It then sets the best security and privacy strategies based on individual regulatory and market context.
The systems integrator said it has discovered the unique security needs of Open RAN telecom assets. These are reviewed, including new infrastructure, network functions, interfaces and critical data. Open RAN network vulnerabilities and their possible exploitation are covered in detail before the author presents nine security principles that form the basis of the guide.
It then details the basic requirements for a secure cloud native platform for Open RAN network functions, such as trust between Open RAN network functions, secure management of Open RAN networks and container security.
The 3GPP and the O-RAN Alliance provide base blueprints and design principles for securing telco-specific functions and interfaces, said Nagendra Bykampadi, Head of Security Architecture & Standards at Rakuten Symphony, Co-chair of O-RAN Alliance Security Work Group (WG11) and main author of the guide. These are secured through controls which must be implemented by vendors and operators to reach a high level of hacking resistance, particularly for the IT and cloud systems underpinning modern networks. This book puts all the instructions in one place.
“When implementing these controls, vendors and operators can borrow knowledge and experience from related cloud-powered industries,” said Bykampadi, “we are sharing what we know today to help contribute to the global security of new networks.”