TOKYO, OCTOBER 25, 2022 – In the wake of a sustained industry dialogue questioning the security of Open RAN networks, Rakuten Symphony today published “A Definitive Guide to Open RAN Security.” The nearly 8,000-word guide details the potential planes of attack and recommended strategies to mitigate risk from a total software system, configuration and operational perspective. It is based on Rakuten Mobile’s successful, secure Open RAN implementation in Japan, which is the largest such deployment in the world. The information, strategies and principles shared in this first-of-its kind guide can form the foundation for secure Open RAN networks anywhere.
“Is Open RAN secure? It depends on who you ask and that is a major problem,” says Tareq Amin, CEO of Rakuten Mobile and Rakuten Symphony. “Rather than endlessly debate misinformation meant to spread doubt about the security of next-gen networks, we are openly sharing a definitive guide any mobile operator can adopt as the foundation of a successful security strategy for Open RAN. As these new networks are deployed en masse by new and incumbent operators alike, we want to move the industry past a conversation focused on ‘if’ to a more helpful one focused on ‘how’.”
“The Definitive Guide to Open RAN Security” acknowledges that while risk remains a persistent presence and always will, management, not avoidance, represents the best path forward. It also cedes that Open RAN security isn’t as simple as relying on interoperability standards. Rakuten Symphony instead advocates for an approach that evaluates industry best practices, collaboration and innovation, and sets the best security and privacy strategies based on individual regulatory and market context.
Security requirements unique to Open RAN telecom assets are reviewed, including new infrastructure, network functions, interfaces and critical data. Open RAN network vulnerabilities and how they can be exploited by attackers are covered in detail before presenting nine security principles that form the basis for Rakuten Symphony’s proposed approach. The guide then expands into greater detail specific to establishing a secure cloud-native platform for Open RAN network functions, trust between Open RAN network functions, secure management of Open RAN networks and container security.
“3GPP and the O-RAN Alliance provide base blueprints and design principles for securing telco-specific functions and interfaces through security controls which must be implemented by vendors and operators to reach a high level of hacking resistance, in particular for the IT and cloud systems underpinning modern networks,” said Nagendra Bykampadi, Head of Security Architecture and Standards, Assurance & Operations at Rakuten Symphony, Co-chair of O-RAN Alliance Security Work Group (WG11) and main author of the guide. “When implementing these controls, vendors and operators can borrow knowledge and experience from related cloud-powered industries, and we are sharing what we know today to help contribute to the global security of new networks.”
For more information and to download “The Definitive Guide to Open RAN Security,” visit: https://symphony.rakuten.com/security.
About Rakuten Symphony
Rakuten Symphony is reimagining telecom, changing supply chain norms, and disrupting outmoded thinking that threatens the industry’s pursuit of rapid innovation and growth. Based on proven modern infrastructure practices, its open interface platforms make it possible to launch and operate advanced mobile services in a fraction of the time and cost of conventional approaches, with no compromise to network quality or security. Rakuten Symphony has headquarters in Japan and a local presence in the United States, Singapore, India, Europe, and the Middle East & Africa region.
For more information, visit: https://symphony.rakuten.com/.
O-RAN ALLIANCE and O-RAN are trademarks or registered marks of O-RAN ALLIANCE e.V. in the United States and other countries.
3GPP is a trademark of the European TelecommunicationsStandards Institute (ETSI).