Network X
8 - 10 October 2024
Paris Expo Porte de VersaillesParis, France

The Current State of Open RAN Security: A Preview

The Network X caught up with Patricia Diez Munoz, Global Security Director for Networks and Systems at Telefonica Group ahead of her speaking engagement at Network X on all things security, including Open RAN and NTN. Patricia will be speaking on the topic of The Current State of Open RAN Security, in an exciting panel discussion moderated by Heavy Reading, and joined by Orange Group.

expand_less

At Network X, you will be talking about Open RAN security. Could you give us a snapshot of what you will address and Telefonica’s relevant work on this?

I would talk more about a cloudified architecture, which is where the market is heading to.

The analysis of the security in Open and Cloud RAN usually concludes that it may be compromised mainly by the basics of the technical solution that, on one hand, are essential for it, but that, on the other, are not significantly different of those used in any other cloud environment. None of these and other security concerns (that are not exclusive of Open RAN) are being ignored, and all of them are being addressed by Telefónica and the rest of the industry through different initiatives like the O-RAN Alliance and the Open RAN Memorandum of Understanding (G5-MoU).

As of result of the collaboration of the operators who signed the G5-MoU, a White Paper of the assessment of Open RAN security was published in March 2022 that summarises the view on Open RAN and security of the main European operators, including Telefónica. The White Paper identifies four technological pillars in order to ensure that Open RAN implements state-of-the-art security procedures.

Additionally, Telefónica is specifically involved in other activities.

As part of the G5-MoU, Telefónica is leading the Security Group where we have published in June the Open RAN Technical Priorities Release 4 which is an update of the documents published in June 2021 (Release 1), March 2022 (Release 2) and April 2023 (Release 3) respectively. Just for context, each release has prioritised different aspects of Open RAN development. Release 1 focused on the main scenarios and technical requirements for each of the building blocks of a multi-vendor RAN. Release 2 mainly focused on intelligence, orchestration, transport, and cloud infrastructure, addressing also the energy efficiency goals and targets to support sustainable Open RAN. Release 3 mainly focused on developing requirements on SMO and RIC building blocks and enhancing other areas such as Cloud infrastructure, O-CU/O-DU, and O-RU, addressing also the security topic to support more secure Open RAN. The fourth release of the technical priorities has primarily focused on developing further requirements on SMO especially related to AI/ML framework, interworking with traditional RAN and slicing management, and on Security with MoU operator vision about the Zero Trust approach and requirements for certification.