Small cells are one of the few network elements that are actually exposed to the full force of the outside world. That also means they are exposed to new security threats, as mobile network operators are just discovering.

The beauty of small cells is that they are compact and easily deployed on lamp posts, on the side of buildings, or any physical structure, indoors or outdoors. That also presents a key challenge -- they lack any physical security.

What's more, the fact they are hooked up to all-IP backhaul connections increases their vulnerability to hacking.

"Because of the physical vulnerability and accessibility of public access small cells, many operators will deploy security solutions like IPsec encryption to support their public access small cells," says Heavy Reading analyst Patrick Donegan.

Vitesse Semiconductor Corp. (Nasdaq: VTSS), which builds silicon for small cells, is addressing this issue. Uday Mudoi, the company's VP of product marketing, says the main message to carriers is that Layer 3 IPsec alone won't do the job. It's already popular in the network core, he says, but it's power hungry, processor hungry, and it's harder to scale to a higher speed since it is so processing oriented.

Because of that, a number of carriers including Verizon Wireless , Sprint Corp. (NYSE: S), and AT&T Inc. (NYSE: T), are looking for alternatives, he says. (See Vitesse Targets Small Cells.)

Small cells, he says, need Layer 2 MACsec alongside a standardized encryption process, so they can interoperate with the various other small cells deployed in any given network. It's not as simple as it is on the macro network, however. Adding encryption to small cells can throw off timing in the backhaul by adding extra bytes, which can lead to delays. Mudoi says standards bodies are currently looking at how security mechanisms can coexist with the timing requirement.

Security is of vital importance to small cells, but it's probably not the issue that's holding the market back from wide-scale LTE and multimode small cell deployments. Mudoi says that's because the operators aren't yet ready to think about it. They are too busy working out more basic questions, like what their deployment model is for public access small cells, or whether they will use line-of-sight or no-line-of-sight backhaul. (See Synching Up Small-Cell Backhaul.)

"There are reasons beyond security why people aren't completely converged on figuring out a deployment model," Mudoi says. "Security and timing are starting to become more and more important. Will I go for line-of-sight? At which frequency band? Once those things are resolved, timing and security become more important."

Another good reason for operators to get the security right, says Mudoi, is that, in the US, the Department of Defense won't allow a carrier to operate a network without encryption. That means operators have to care, and they are starting to think more about what the means. "I think I'm seeing a lot more conversation in the industry about security and encryption now than I've seen in the last year," Mudoi says.

— Sarah Reedy, Senior Editor, Light Reading

Interested in learning more on this topic? Then come to Mobile Network Security Strategies, a Light Reading Live event that takes place on December 5, 2013 at the Westin Times Square Hotel in New York City. For more information, or to register, click
here.