Top 5 security risks of Open RAN

When a cell phone or other mobile device connects to the nearest cell tower, the communication takes place over something called a RAN — a radio access network. From the cell tower, the signal is then routed to a fiber or wireless backhaul connection to the core network. RANs

RANs are proprietary to each equipment manufacturer. Open RAN, on the other hand, allows for interoperability that allows service providers to use non-proprietary subcomponents from a choice of vendors. That adds complexity to the network and changes the risk landscape for wireless communications.

What is RAN and Open RAN?

With 4G, the RAN signal was based for the first time on the Internet Protocol (IP). Previously, it used circuit-based networks, where phone calls and text messages traveled on dedicated circuits. RAN has also evolved to support video and audio streaming, and more types of devices, including vehicles and drones.

RANs have both hardware and software components. Hardware includes the cell phone antennas and radios, and the base band units located in the cell towers. The baseband units are typically custom made.

Historically, this has been the largest investment for a mobile network operator, according to Shamik Mishra, CTO for connectivity at Capgemini. Virtualization and cloudification have bypassed this part of the network, he says, mainly because of the dependence on a single hardware vendor and the accompanying embedded software, complex network management, and customized radio units.

In recent years, the radio network has become disaggregated, Mishra says. “Radio units and the baseband software are now split,” he says, “which makes it possible to virtualize the RAN. This advancement also adds multiple vendors into the mix.”