Tokyo, Japan. 25 October 2022 – In the wake of a sustained industry dialogue questioning the security of Open RAN networks, Rakuten Symphony published “A Definitive Guide to Open RAN Security.” The nearly 8,000-word guide details the potential planes of attack and recommended strategies to mitigate risk from a total software system, configuration and operational perspective.
It is based on Rakuten Mobile’s successful, secure Open RAN implementation in Japan, which is the largest such deployment in the world. The information, strategies and principles shared in this guide can form the foundation for secure Open RAN networks anywhere.
“Is Open RAN secure? It depends on who you ask and that is a major problem,” says Tareq Amin, CEO of Rakuten Mobile and Rakuten Symphony. “Rather than endlessly debate misinformation meant to spread doubt about the security of next-gen networks, we are openly sharing a definitive guide any mobile operator can adopt as the foundation of a successful security strategy for Open RAN. As these new networks are deployed en masse by new and incumbent operators alike, we want to move the industry past a conversation focused on ‘if’ to a more helpful one focused on ‘how’.”
“The Definitive Guide to Open RAN Security” acknowledges that while risk remains a persistent presence and always will, management, not avoidance, represents the best path forward. It also cedes that Open RAN security isn’t as simple as relying on interoperability standards. Rakuten Symphony instead advocates for an approach that evaluates industry best practices, collaboration and innovation, and sets the best security and privacy strategies based on individual regulatory and market context.
Security requirements unique to Open RAN telecom assets are reviewed, including new infrastructure, network functions, interfaces and critical data. Open RAN network vulnerabilities and how they can be exploited by attackers are covered in detail before presenting nine security principles that form the basis for Rakuten Symphony’s proposed approach. The guide then expands into greater detail specific to establishing a secure cloud-native platform for Open RAN network functions, trust between Open RAN network functions, secure management of Open RAN networks and container security.
“3GPP and the O-RAN Alliance provide base blueprints and design principles for securing telco-specific functions and interfaces through security controls which must be implemented by vendors and operators to reach a high level of hacking resistance, in particular for the IT and cloud systems underpinning modern networks,” says Nagendra Bykampadi, head of security architecture and standards assurance & operations at Rakuten Symphony, co-chair of O-RAN Alliance Security Work Group (WG11) and main author of the guide. “When implementing these controls, vendors and operators can borrow knowledge and experience from related cloud-powered industries, and we are sharing what we know today to help contribute to the global security of new networks.”
For more information and to download “The Definitive Guide to Open RAN Security,” visit here.
Comment on this article below or via Twitter: @VanillaPlus OR @jcvplus”
