UK security agency joins O-RAN Alliance

The UK's National Cyber Security Centre (NCSC) has become the first major government security agency to join the O-RAN Alliance, the group behind specifications for open RAN technology.

Its move is a further sign of the importance UK authorities attach to open RAN, a system designed to support interoperability between vendors of mobile network products. It was confirmed to Light Reading by an NCSC spokesperson this morning and the NCSC has also been listed on the O-RAN Alliance's membership page as a contributor.

The UK government started to back open RAN after deciding to ban Huawei from the 5G market starting in 2028. The Chinese equipment vendor had been responsible for much of the UK's 4G infrastructure and signed 5G contracts with BT, Three UK and Vodafone before the government move. An unwelcome consequence of the ban, authorities fear, is heavy reliance on Ericsson and Nokia, the only big non-Chinese alternatives for traditional products.

With open RAN, operators would theoretically be able to mix products from different suppliers, buying radios from one company and baseband equipment from another, for instance. The lack of standardized interfaces supporting interoperability has made that difficult in traditional networks, forcing most operators to buy everything for a given mobile site from the same vendor.

UK authorities think open RAN will provide a boost for specialists that have struggled to compete against giant vendors without an end-to-end portfolio of RAN products. Around £250 million ($330 million) in public sector funds has been allocated to telecom "diversification" initiatives, including support for UK-based startups developing open RAN technologies.

But critics doubt the fledgling technology will have much impact on 5G rollout. Operators have now awarded contracts for traditional equipment to Ericsson and Nokia and most technology executives do not think open RAN will deliver the same performance in the busiest environments for several years.

There is also concern that open RAN may be less secure than traditional infrastructure. Last month, Germany's Federal Office for Information Security issued a report that said "the current development process of the O-RAN specifications is not guided by the paradigm of security/privacy by design/default."

Want to know more about 5G? Check out our dedicated 5G content channel here on Light Reading.

Its report followed criticism that the O-RAN Alliance, despite its name, is insufficiently transparent, concealing much of its work from the outside world. The group says it has recently taken steps to improve transparency after Nokia, one of its main contributors, temporarily paused technical activities. The Finnish company had feared non-compliance with US laws because some Chinese contributors to the O-RAN Alliance have featured on US trade blacklists.

"This has been a closed environment and a lot of the criticism of the O-RAN Alliance is totally fair," says John Strand, the CEO of Danish advisory firm Strand Consult. He welcomes NCSC involvement as a positive step. "It is good that is happening."

Open RAN skeptics have said that multivendor networks could expose operators to additional risks purely because more players are involved and there is more that can go wrong. But others dismiss this concern and have argued that open RAN could even be an opportunity to bolster security.

"The only thing that becomes more open is the interfaces," says Roger Entner, the founder and lead analyst of Recon Analytics. "What you can do is change out the bits and pieces that are proprietary. You can change them for convenience or commercial performance or security performance."

The presence of so many Chinese companies in the O-RAN Alliance is another potential security headache for the likes of the NCSC. Strand Consult's research showed there were more than 40 Chinese members and contributors, including several companies subject to one US sanction or another. Only the US is better represented.

Related posts:

— Iain Morris, International Editor, Light Reading