We believe that network security is critical to the success of next-generation mobile networks. So much so that we’ll work with anyone – competitors, customers, competitor’s customers, government agencies, and standards bodies – on initiatives that improve network security and reliability.
We have long been active in security standards activity, working with organizations such as 3GPP and O-RAN Alliance. One of our latest initiatives in this endeavor is participating in the FCC’s Communications Security, Reliability, and Interoperability Council VIII (CSRIC VIII). The council is a group of industry security experts from more than 70 organizations ranging from public-interest groups, equipment vendors, service providers, trade associations and government officials.
The question is what can a government body like this do to improve security that augments the work of standards bodies and companies themselves? Quite a lot actually.
In the case of CSRIC, a variety of security experts are collaborating with the goal of optimizing security within the telecom industry amid growing threats.
The CSRIC work is divided into six working groups, with Rakuten Symphony taking an active role in Working Groups 2 and 3.
The representative from Rakuten Symphony is Javed Khan, Sr. Director of 5G RAN Product Management. He brings his extensive industry experience with 5G, LTE and cloud native networks to the work of the group. His assignment is to work on two groups of the CSRIC VIII that are dedicated to promoting security, reliability, and interoperability of Open RAN equipment, and leveraging virtualization technology to promote secure and reliable 5G networks.
The CSRIC has made great strides already since its first meeting that took place in September 2021.
At the June 2022 virtual meeting, representatives of the working groups provided an update on their study areas and timelines for their detailed working papers.
In the September 2022 meeting, two reports were advanced to the Commission from Working Group 1 on the use of HTTP/2 as the signal protocol for 5G and Working Group 5 on best practices for securing the communications supply chain.
The next CSRIC meeting will be held on December 15, 2022, where we can expect the council to vote on the final reports from the various working groups, including the two represented by Rakuten Symphony.
"Security by design integrates security at the heart of the infrastructure and instills the whole network end-to-end with a defense-in-depth strategy, augmented by zero trust posture, with the ability to cope with different situations and unexpected events in extreme conditions."
The outcome of this work will be one more input we apply to our comprehensive approach to Open RAN security, which we announced in October. Security by design has always been the first principle for Rakuten Symphony and we continue to put more emphasis on securing our products.
Security by design integrates security at the heart of the infrastructure and instills the whole network end-to-end with a defense-in-depth strategy, augmented by a zero trust posture, with the ability to cope with different situations and unexpected events in extreme conditions. It also involves inserting security into the DevOps process (DevSecOps). (Read this blog post for more details on methods to secure Open RAN).
We also work closely with ecosystem partners to integrate proven security measures at each level of the protocol stack; such as in commercial off the shelf (COTS) architecture servers, operating systems, cloud infrastructure and other systems and software used in building a network.
The FCC CSRIC VIII brings together the industry’s brightest minds to make telecom network security even better. The Council’s mission is critical to the whole industry. We are committed to making an impactful contribution to the improvement of mobile network security on cloud native platforms.
I look forward to the success of this prominent government and industry initiative.