![\"\"](\"\/\/www.iser-br.com\/Themes\/Release\/images\/responsive\/ettelecom-default.jpg\")
“Security is paramount if we decide to use Open RAN<\/a>, and we need to ensure how we can protect the network. We need to be mindful if we are to use a homogenised network, with multiple vendors and a range of solutions. In essence we are opening ourselves up to more,” Sean Duca, Vice President & Regional CSO for Asia Pacific & Japan at Palo Alto<\/a> Networks told ETTelecom.
Open RAN is a non-proprietary disaggregated network functionality based on open interface specifications.
Duca said that there is a need to keep in mind vulnerabilities that can be easily exploited by cyber adversaries, and without a fool-proof security layer, the telecom infrastructure can be easily attacked and can be used as a foothold on the entire base of telcos.
The top executive further said that the attack surface would expand due to an increased number of suppliers, components and interfaces forming part of Open RAN deployments<\/a>.
“The front haul interfaces could be exploited to carry out denial-of-service attacks, interception or tampering attacks and, as a result, compromise availability, confidentiality and integrity. In addition, by opening certain interfaces, Open RAN will give access to information flows to new third-party applications,” Duca said.
The open architecture is now being adopted by telecom carriers worldwide for fourth generation (4G<\/a>) and fifth generation (5G<\/a>) networks to achieve better scalability and lower total cost of ownership (TCO).
“In Open RAN, different network functions are virtualised and running on the same hardware, which potentially means that if there are not sufficient controls in place, other network functions could be impacted by security issues with these new RAN functions,” Duca added.
However, Open RAN proponents such as Mavenir, Altiostar, Fujitsu and RedHat say that by adopting a zero-trust security framework, the architecture provides a secured path to open network and open interface as compared to the existing proprietary network.
In a finding, Strand Consult echoed Palo Alto Networks views, and said that Open RAN presents significant new risks due to the introduction of multiple vendors, components, and interfaces each with different grades of security, quality, and product development, and added that while it potentially offers some benefits such as reducing dependency on some suppliers, it comes with costs, trade offs, and exposure to a new set of risks and dependencies.