Security Experts:

Connect with us

Hi, what are you looking for?


Mobile & Wireless

US Agencies Publish Security Guidance on Implementing Open RAN Architecture

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have published guidance on implementing an Open Radio Access Network (RAN) architecture.

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have published guidance on implementing an Open Radio Access Network (RAN) architecture.

A general-purpose document titled Open Radio Access Network Security Considerations, the guidance is based on current knowledge and recommended practices and should apply to a variety of industries.

“Open RAN is the industry term for the evolution of traditional RAN architecture to open interoperable interfaces, virtualization, and big data and AI-enabled intelligence,” the document reads.

An Open RAN architecture, CISA and the NSA explain, opens the door to cloudification and virtualization, while promoting ‘increased competition, vendor diversity, and innovation’ by creating a multi-vendor ecosystem.

Open RAN can increase resiliency and flexibility in telecommunications networks through the adoption of ‘best-of-breed’ solutions from multiple vendors and also takes advantage of the security features of 5G, while offering increased transparency to help identify and address issues in real-time, the document notes.

“The deployment of Open RAN introduces new security considerations for mobile network operators (MNO). By nature, an open ecosystem that involves a disaggregated multi-vendor environment requires specific focus on changes to the threat surface area at the interfaces between technologies integrated via the architecture,” CISA and the NSA note.

The two agencies also point out that service providers will need to address security risks related not only to the use of components from multiple vendors, but also to the use of open source software and new 5G network functions and interfaces.

While not unique to Open RAN, other security considerations that MNOs will need to address include cloud infrastructure, containerization, virtualization, and distributed denial of service (DDoS) attacks, the document reads.

CISA and the NSA also provide considerations on ensuring the security of the network despite the complexity created by using components from multiple vendors, as well as on component lifecycle, cooperation with vendors, and the use of defined Open RAN standards and specifications.

“If a zero-day vulnerability is identified, vendors could release patches at different times. If one vendor’s device is patched in response to a critical vulnerability, and others are not, it could lead to incompatibility of network devices and loss of network service availability. Until all the vendors within a network release a patch for the exploit, the operator’s network may be vulnerable,” the document reads.

Furthermore, the two agencies provide guidance on the security of the fronthaul network (the system of radios on top of cell towers) and network automation applications, and of the expanded threat surface created by open source applications, cloudification and virtualization, and the data sources used for the training of artificial intelligence (AI) and machine learning (ML) algorithms.

“As standards are developed and adopted by equipment manufacturers, software developers, integrators, and mobile network operators, these security considerations may be mitigated through the adoption of standards and industry best practices. Some of the security considerations identified in this assessment are not unique to Open RAN and exist in current closed RAN deployments, both would benefit by mitigating these security considerations,” CISA and the NSA note.

Related: AMTSO Publishes Guidance for Testing IoT Security Products

Related: NSA Publishes Best Practices for Improving Network Defenses

Related: CISA Releases Final IPv6 Security Guidance for Federal Agencies

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...