EU believes Open RAN could improve 5G security

Mast in Strathconon
(Image credit: WHP Telecom)

A report from the European Union (EU) says Open RAN technology has the potential to enhance the continent’s cybersecurity provisions but warns that certain conditions must be met if this promise is to be fulfilled.

The Radio Access Network (RAN) market has traditionally been dominated by a few major players who offer highly integrated cell sites comprising radio, hardware, and software. 

This approach has made it difficult for operators to mix and match innovations and has proved to be a significant barrier to entry for smaller vendors.

Open RAN adoption

OpenRAN is a vendor-neutral approach with standardised designs that allow a variety of firms to supply hardware and software. Operators believe this can increase innovation, reduce costs, and reduce dependency on the ‘big three’ of Ericsson, Huawei, and Nokia.

Several major European mobile operator groups, including Deutsche Telekom, Orange, Telefonica, TIM and Vodafone are excited by the technology, as are many governments who want to avoid overreliance on a single supplier.

The EU’s report said the greater interoperability of components would ensure a greater diversity of supplier and allow operators to pursue a multi-vendor strategy. By procuring radio equipment from many different providers, operators are insulated against potential vulnerabilities in one vendor’s equipment, helping to protect data and reduce disruption to critical infrastructure.

Meanwhile, the use of open interfaces and standards in Open RAN would increase network visibility and automation would reduce the risk of human error introducing potential weak spots.

However the report said the Open RAN concept still lacked maturity and this was a short-term risk. It said the increased complexity of networks would introduce more attack surfaces for malicious actors to stage attacks and would also increase the risk of misconfiguration. It also argued that specifications and standards were not yet mature of inherently secure by design.

To mitigate the risks, the report recommended regulatory powers that could scrutinise large deployments and assess the risk of suppliers, integrators, and service providers. It also wanted any potential deficiencies to be addressed at a standards level and for Open RAN to be include in any future EU 5G cybersecurity scheme as soon as possible.

“Our common priority and responsibility is to ensure the timely deployment of 5G networks in Europe, while ensuring they are secure,” said Margrethe Vestager, Executive Vice-President for a Europe Fit for the Digital Age. 

“Open RAN architectures create new opportunities in the marketplace, but this report shows they also raise important security challenges, especially in the short term. It will be important for all participants to dedicate sufficient time and attention to mitigate such challenges, so that the promises of Open RAN can be realised.”

Open radio technologies are expected to account for as much as 15% of the Radio Access Network (RAN) market by 2026, according to a report from Dell’Oro Group. The pace of adoption has impressed analysts who believe Open RAN will not just play an important role in the deployment of 5G, but also future generations such as 6G.

Vodafone  switched on the first OpenRAN mobile site in the UK that will carry live customer 5G traffic in Bath earlier this year and plans to deploy 2,700 in Wales and the South West of England by 2027. Meanwhile, Telefonica is targeting 800 sites in four markets, including the UK, by 2022 and BT is trialling Open RAN in Hull.  

Steve McCaskill is TechRadar Pro's resident mobile industry expert, covering all aspects of the UK and global news, from operators to service providers and everything in between. He is a former editor of Silicon UK and journalist with over a decade's experience in the technology industry, writing about technology, in particular, telecoms, mobile and sports tech, sports, video games and media.