The telecoms industry is rife with conversation regarding 5G and the potential implications of an open radio access network (or Open RAN) on 5G networks. Certainly, both 5G itself and its interaction with Open RAN are a very exciting concept for the future of communications. But there is a pretty major issue holding the industry back from diving headfirst into this telecoms utopia… it’s really not that safe.
In today’s blog, I am taking a closer look at what exactly Open RAN could do for 5G, the cyber security risks associated with both 5G and Open RAN, and I will even offer a potential solution to all these problems. Exciting, right? Let’s get started…
The Potential Of Open RAN
First of all, let’s talk about Open RAN. Open RAN is a push for strict industry standards across the design of radio-access gear. A collaboration of equipment makers and industry leaders are coming together in a bid to create industry standards that ensure interoperability. If they are successful, any equipment that meets Open RAN standards will be compatible with all other equipment that meets the standards – regardless of who it was made by. The obvious benefit is the ability for telecoms carriers to shop around for their equipment. After all, if one vendor makes a specific piece really well, but another piece is best bought from a different vendor, carriers can combine the two for the best possible set-up.
The slightly less obvious benefit is the potential for Open RAN to elevate 5G. An Open RAN infrastructure would make deployment of 5G and other cellular networks far less expensive and provide far more options for carriers, resulting in faster innovation of features and services. With Open RAN, many of the issues currently faced by telecoms companies surrounding 5G could likely be solved (and quickly).
The Problems With 5G
So what are the problems with 5G? Well, thanks to its reliance on the cloud, replacement of hardware with dynamic software and connections to IoT, there is a much greater potential attack surface. In other words, 5G increases the number of potential entry points a cyber attacker could use to penetrate a security system. Let’s dive a little deeper into the primary security issues associated with 5G:
Firstly, the 5G core network is based on SDN (software-defined networking) and NFV (network function virtualisation), which both use HTTP and REST API protocols. These protocols have been widely used for quite some time and are well-known to seasoned hackers, so they are a very easy target.
Secondly, the sad truth is that only a small minority of 5G private networks will be built entirely from scratch. Most networks will have been built upon existing infrastructure. The use of legacy technologies in developing 5G networks doesn’t just allow for more room for error, it also increases the potential attack surface in that network even further.
Finally, the use of Multi-Access Edge Computing (or MEC) is a key component of most 5G networks. However, many businesses do not utilise encryption or security protocols at the endpoints (or ‘edges’) of their communications. This leaves yet another area of the corporate attack surface exposed to cyber criminals.
The Problems With Open-RAN
Now we understand why there are concerns around the security of 5G, it is time to talk about the security of Open RAN.
Open RAN has the potential to create a much less secure environment, at least in the short term. This is because it involves introducing a number of software and hardware components from multiple vendors that may not initially work well together, creating gaps in the infrastructure that could be exploited by cyber criminals. Particularly in the early stages of Open RAN, there will be teething issues when it comes to combining equipment from multiple vendors. As such, many Open RAN systems could have an increased attack surface and additional vulnerabilities.
Another potential issue stems from the fact that Open RAN requires an entirely open-source code, which typically takes contributions from hundreds of programmers. For example, one of the biggest advocate groups for Open RAN, The O-RAN Alliance, includes more than 40 Chinese member companies, including China Mobile, China Telecom and China Unicom. If Open RAN is to run smoothly, every single contributor must be both trusted and completely secure. For every additional contributor, there is an obvious increased risk.
A recent German report found that significant security risks “emanated from a multiplicity of the interfaces and components specified in O-RAN.” The report’s main conclusion is that a combination of equipment from multiple suppliers – as Open RAN demands – is practically asking for a cyber security breach. They also concluded that not enough has been done on the specifications side to ensure Open RAN is computationally secure.
The QuantumCloud Solution
It might sound like it is all doom and gloom, but it’s not. In fact, there is a solution on the market right now that could wipe away all the concerns I have spent the last two sections of this blog meticulously detailing.
The solution, known as QuantumCloud, is the product of a British company called Arqit.
According to Arqit, the solution is a lightweight and highly secure encryption product that can be managed automatically via the cloud. It utilises an old but gold encryption technique known as symmetric key encryption (SKE). Keys are created at endpoints, ensuring that these potential cyber criminal entry points are closed off, and distributes the keys in such a way that they are literally impossible to guess – even for the most advanced and futuristic algorithms. It is also completely zero-trust, so none of those Open RAN contributors would put the network at risk. What’s more, the complexity of encryption techniques means that even if a cyber attacker did manage to sneak their way into a network equipped with the solution, they would never be able to read the data they gained access to, rendering it useless. All this means that, with the QuantumCloud solution, we could keep both 5G communications and the Open RAN concept secure against all potential threats.
Pretty neat, huh?