Ericsson issued a broad warning Thursday to the wireless industry about the security of open RAN technology. The company listed a number of specific security issues that it said need to be addressed before the technology is widely deployed, and argued that "with any nascent technology, including O-RAN, security cannot be an afterthought and should be built upon a security-by-design approach."
The company's stance on the topic, complete with a 14-page white paper, is noteworthy considering the growing noise around the open RAN topic – as well as the effect the technology could have on Ericsson specifically and the wider telecom industry in general.
Open RAN promises to separate the various elements in a wireless network so that network operators can mix and match products from different vendors – a development that could have a profound effect on Ericsson and other established vendors that typically sell tightly integrated software and hardware products. Ericsson, for its part, has carefully waded into the open RAN space, having joined the ORAN Alliance standards group early last year.
Since that time, the general open RAN trend has caught fire with operators like Rakuten and Dish Network loudly embracing the technology, and policymakers eyeing open RAN as a way to counter the rise of Chinese vendors.
Indeed, the Open RAN Policy Coalition – an American lobbying group looking for US government funding for the technology – just Thursday announced American Tower, Broadcom, GigaTera Communications, Inseego, Ligado Networks, Nvidia, RIFT, Texas Instruments and Xilinx as new members. Ericsson is conspicuously absent from the coalition's membership list.
Further, next week the FCC – the US telecom regulator – is scheduled to host an open RAN forum featuring speakers from Nokia, Parallel Wireless and other vendors. But not Ericsson.
Thus, the timing of Ericson's new open RAN security warning is noteworthy, given the broad-based momentum around the technology.
"As the industry evolves towards RAN virtualization, with 3GPP or O-RAN, it is important that a risk-based approach is taken to adequately address security risk," wrote Jason Boswell, head of security for Ericsson's Network Product Solutions, in a post on the company's website. "Secure Open RAN systems may require additional security measures not yet fully addressed, a trusted stack for software and hardware, and interoperability between vendors with a common understanding and implementation of security requirements."
Boswell added: "Ericsson will continue its leadership role within the O-RAN Alliance and its Security Task Group to incorporate security best practices, ensuring that new deployments are ready to meet the level of security, resilience and performance expected by service providers and their customers."