Ericsson crashes Open RAN party with security scare

Ray Le Maistre
By Ray Le Maistre

Sep 10, 2020

  • Swedish vendor points network security finger at Open RAN
  • Outlines multiple ways in which an Open RAN build could be hacked
  • Security just one of the challenges Open RAN deployments will raise
  • Ericsson is no fan of the alternative radio access architecture…

Just as the Open RAN party was getting into full swing, Ericsson has arrived in sober mood, turned down the music, switched on the lights and given everyone a lecture about potential security concerns.

The Swedish vendor, which has long expressed reservations about the role that Open RAN technology could or should play in commercial network rollouts, has published a blog, titled Making sure that Open RAN doesn’t open the door for new risks in 5G, that lays out the various ways in which an Open RAN architecture, with its additional interfaces and new functions such as the near-real-time RAN intelligent controller (RIC), could lead to security challenges: “The introduction of new and additional touch points in O-RAN architecture, along with the decoupling of hardware and software, has the potential to expand the threat and attack surface of the network in numerous ways,” writes Jason Boswell, Head of Security, Network Product Solutions, at Ericsson.

This is an important topic, for sure, and the points raised by Ericsson are absolutely pertinent: Network security should be one of the major considerations of any network architect, and new deployment models need to be scrutinized from every angle to ensure that the network is as secure as possible.

And the Ericsson blog is absolutely worth 10 minutes of anyone’s time to read: It raises real world concerns from the perspective of a company that knows as much as any other about the nature of cellular networking.

What’s also notable, though, is that the topic is presented in a way that suggests quite clearly that an Open RAN network is, by its nature, inherently compromised, with the use of sub-headlines such as ‘expanded threat surface’ and ‘weakened links in the trust chain.’ 

This shouldn’t really come as a surprise: As a leading supplier of traditional RAN technology, Ericsson is one of the companies that, if the Open RAN market grows and progresses as much as some observers believe, stands to lose the most and it clearly appears to be rattled by the surge of support for the open alternative to its systems, even though the Open RAN market is still in its infancy. (See Why Open RAN is just too hot to ignore for some of the market growth projections and growing list of operators keen to explore the alternative world of disaggregated, open mobile networks.) 

The Swedish vendor says it will get more involved in the Open RAN market at an appropriate time, when the Open RAN ecosystem is ready to deliver what network operators need in terms of performance, scalability, economics and, of course, security.

In the meantime, just as the momentum behind the Open RAN market starts to build in a meaningful way, Ericsson is arguably doing what it can to dampen the growing enthusiasm for an alternative approach to mobile networking while still being able to argue it is acting in the best interests of operators.

The Open RAN party may have been interrupted, but it will take much more for it be disbanded and the revellers sent home.

- Ray Le Maistre, Editorial Director, TelecomTV  

Email Newsletters

Sign up to receive TelecomTV's top news and videos, plus exclusive subscriber-only content direct to your inbox.