Open Ran 5G, Europe turns the spotlight on cybersecurity

In a document the recommendations for resolving the technical issues. Still immature technology even if with great potential. But a gradual transition will be needed in order not to risk increasing dangers and human errors. Vestager: "Dedicate sufficient time and attention to mitigating challenges" 11 May 2022 Mila Cornflowers Director

“Our common priorities and responsibilities are to ensure the timely deployment of 5G networks in Europe while ensuring their security. Open Ran architectures create new opportunities on the market, but the report shows that they also pose major security challenges, especially in the short term. It will be important that all participants devote sufficient time and attention to mitigating these challenges, so as to be able to realize the promises of Open Ran ": this is what EU Commissioner for digital Margrethe Vestager declared at the presentation of the Report on cybersecurity Open Ran (DOWNLOAD THE DOCUMENT HERE) made by EU Member States, with the support of the European Commission and Enisa, the EU Cybersecurity Agency. Index of topics • Recommendations for pushing the Open Ran • More interoperability is needed for security • Open Ran, immature technology: action is needed The recommendations for pushing the Open Ran Use regulatory powers in order to be able to review mobile operators' plans for large-scale deployment of Open Ran and, if necessary, limit, prohibit and / or impose specific requirements or conditions for the provision, large-scale deployment and the operation of Open Ran network equipment. Strengthen key technical controls, such as authentication and authorization, and adapt the monitoring design to a modular environment that provides for the control of each component. Assess the risk profile of Open Ran providers, external providers of services connected to Open Ran, system integrators and cloud service / infrastructure providers, and extend the controls and limitations imposed on managed service providers to these providers (Msp, Managed Service Providers). Fill gaps in the development of technical specifications and address safety gaps. Include Open Ran components as soon as possible in the future 5G cybersecurity certification system, currently under development. These are the recommendations written in black and white in the Report which highlights that in the coming years this type of 5G network architecture will provide alternative methods for the realization of the radio access part of 5G networks based on open interfaces. An important step forward in coordinated work at EU level on the cybersecurity of 5G networks, demonstrating a strong determination to continue to jointly respond to the challenges related to 5G network security and to keep pace with developments in 5G technology and architecture. "With the roll-out of the 5G network across the EU and the growing dependence of our economies on digital infrastructure, it is more important than ever to ensure a high level of security for our communications networks. This is what we have done with the 5G cybersecurity toolbox, and it is what we, together with the Member States, are doing now for Open Ran with this new report - underlines Thierry Breton, Commissioner for the Internal Market -. It is not up to public authorities to choose a technology, but it is our responsibility to assess the risks associated with individual technologies. The report shows that Open Ran creates a number of opportunities, but also carries major security challenges that remain unresolved and cannot be underestimated. In no case should the potential spread of Open Ran in European 5G networks lead to new vulnerabilities ". More interoperability is needed for security Based on the findings of the report, Open Ran could offer potential security opportunities, provided certain conditions are met. Thanks to greater interoperability between the Ran components of different suppliers, it could allow for greater diversification of suppliers within networks in the same geographical area. This could help implement the EU toolbox recommendation for 5G that each operator should have an appropriate multi-supplier strategy to avoid or limit any significant dependence on a single supplier. The Open Ran could also help increase network visibility through the use of open interfaces and standards, reduce human errors through greater automation and increase flexibility through the use of virtualization and basic solutions on the cloud. Open Ran, immature technology: action is needed However, technology has not yet reached the necessary maturity and cybersecurity remains a major challenge. In particular, in the short term, Open Ran by increasing the complexity of the networks would aggravate a series of security risks, i.e. by increasing the attack surface and the more points of entry for malicious people, as well as the risk of incorrect configuration of the networks and potential impacts on other functions due to resource sharing. The report also notes that the technical specifications, such as those developed by the O-Ran Alliance, do not offer sufficient maturity and safety right from the design stage. Hence the recommendations announced. A cautious approach to the transition to this new architecture is recommended. Sufficient time and resources are required for the transition from existing and reliable technologies to coexist with them to assess risks in advance, implement adequate mitigation measures and clearly define responsibilities in the event of a failure or accident.