“Our common priorities and responsibilities are to ensure the timely deployment of 5G networks in Europe and at the same time to ensure their security.. The architectures Open Ran creates new opportunities in the marketbut the report shows that they also put major security challenges, especially in the short term. It will be important for all participants to devote enough time and attention to mitigating these challenges so that Open Ran’s promises can come true. ”This is what the Margrethe Vestager, EU Commissioner for Digital on the occasion of the presentation of the Open Ran’s cybersecurity report (DOWNLOAD THE DOCUMENT HERE) carried out by the EU Member States, with the support of the European Commission and theEnisa, the EU Cybersecurity Agency.
Recommendations for promoting Open Ran
Use regulatory powers in order to be able to examine the plans of mobile operators for the large-scale deployment of Open Ran and, if necessary, to limit, prohibit and / or impose specific requirements or conditions for the supply, large-scale deployment and operation of Open. Network running. Strengthen key engineering controls, such as authentication and authorization, and tailoring the monitoring design to a modular environment that includes control of each component. V.assess the risk profile of Open Ran providers, of external service providers connected to Open Ran, system integrators, and service providers / infrastructure in the cloud, and extend the controls and limitations imposed on Managed Service Providers (MSPs) to those providers. Fill in the gaps in the development of technical specifications and address security deficiencies. Include Open Ran components in the future 5G cybersecurity certification system as soon as possiblecurrently under development. These are the recommendations set out in black and white in the Report in which it stands out that in the coming years this type of 5G network architecture will provide alternative ways to build the radio access part of 5G networks based on open interfaces. An important step forward in coordinated EU-wide work on 5G cybersecurity, which demonstrates a strong determination to continue to respond jointly to the security challenges of the 5G network and to keep pace with developments in 5G technology and architecture.
June 8, 2022 – 12:00 p.m.
Data governance and security. How to manage them better?
“With the deployment of the 5G network across the EU and our economies’ growing dependence on digital infrastructure, it is more important than ever to ensure a high level of security for our communications networks. This is what we have done. with the 5G cybersecurity toolbox, and that is what we are doing now, together with the Member States, for Open Ran with this new report, he points out. Thierry Breton, Commissioner of Internal Market -. It is not up to public authorities to choose a technology, but it is our responsibility to assess the risks associated with individual technologies. The report shows that Open Ran creates a number of opportunities, but it also poses major security challenges that remain unresolved and cannot be underestimated. Under no circumstances should the possible spread of Open Ran on European 5G networks lead to new vulnerabilities. “
More interoperability is needed for security
From the conclusions of the report, theOpen Ran could offer potential security opportunities, as long as certain conditions are met. Thanks to greater interoperability between the ran components of different vendors, it could allow for greater diversification of vendors within networks in the same geographic area. This could help to comply with the EU 5G Toolbox recommendation that each operator should have an appropriate multi-vendor strategy to avoid or limit any significant reliance on a single vendor. Open Ran could also help increase network visibility through the use of open interfaces and standards, reduce human error through greater automation, and increase flexibility through the use of virtualization and cloud-based solutions.
Open Ran, immature technology: action is needed
However, technology has not yet reached the required maturity and cybersecurity remains a major challenge. In particular in the short term theOpen Ran increasing the complexity of networks would increase a number of security risks, o increasing the attack area and more entry points for malicious people, as well as the risk of cIncorrect network configuration and possible impacts on other functions due to the exchange of resources. The report also notes that the technical specifications, such as those developed by the O-Ran Alliance, do not offer sufficient design maturity and security. Hence the announced recommendations. A prudent approach to the transition to this new architecture. Sufficient time and resources are required for the transition of existing and reliable technologies to coexist with them to assess risks in advance, implement appropriate mitigation measures, and clearly define responsibilities in the event of a failure or accident.
@ALL RIGHTS RESERVED