CSRIC Approves Reports on ORAN, Network Virtualization

A report by the Promoting Security, Reliability and Interoperability of ORAN Equipment WG makes recommendations for the FCC and for industry but found no glaring issues that need to be addressed now, WG leaders said.

“This is a complex issue, and with restrictions, we can get overly zealous on security at the expense of achieving global scale,” said co-Chair George Woodward, CEO of Trilogy Networks. Industry needs scale “to achieve unit economics that are really going to proliferate in 5G, 6G and beyond,” he said. “The whole idea of zero trust architecture falls into virtually every aspect of this report,” he said.

ORAN “is on the right track,” Woodward said: “The right types of players are involved. There will be another CSRIC on this. It's an evolving process. The real punch line is there's no greater vulnerability with ORAN.”

ORAN will “continue to evolve,” said co-Chair Mike Barnes, Mavenir chief product security officer. “Bottom line -- open RAN needs to adopt” industry “best practices and so on, things that are already being done,” he said. “Open RAN does bring new capabilities and concerns” including through the use of machine learning, AI and open fronthaul network requirements, but those concerns aren’t unique to ORAN, he said.

“This is open RAN -- it should be open, and it should be fast,” Woodward said.

CSRIC also approved a report by the Leveraging Virtualization Technology to Promote Secure, Reliable 5G Networks WG. The report looks at risk of virtualized and non-virtualized networks, said co-Chair Micaela Giuhat, director-5G policy at Microsoft. “A lot of people consider that there are more security vulnerabilities with virtualization and, in fact, some of the presentations showed that there were vulnerabilities that existed from 3G and that continue to be and have nothing to do with virtualization itself,” she said. The WG also considered ways to "leverage" virtualization, Giuhat said. The goal was “not necessarily to look at how bad it is but actually look at the good things and see how we can leverage that to better secure the 5G networks,” she said.

The technical work is “already being done -- the problem is that the technical work in virtualization, which is quite mature and evolving, does not easily apply to the telecom ecosystem,” co-Chair John Roese, Dell Technologies chief technology officer. There’s a “Venn diagram problem” between virtualization and telecom, he said.

“You have a very large virtualization ecosystem … and it has been around for a very long time that is rapidly becoming a foundational component of not just new technologies like open RAN, but is also plumbing underneath traditional architectures,” Roese said: “On the other side, you have a telecom infrastructure system that is bifurcated, that has brand new architectures like open RAN that are essentially born in the virtualized world … and take advantage more aggressively of virtualization, and at the same time traditional telecom architectures.”

Roese said the WG shifted to look at how the FCC and the federal government can “navigate this intersection that didn’t exist 10 years ago, and yet is, in our view absolutely the foundation of modern communications in all domains going forward.” A lot of the recommendations “focus on how to not get in trouble, how to avoid additional fragmentation or only seeing part of the problem,” he said.

CSRIC also approved an initial report by its Leveraging Mobile Device Applications and Firmware to Enhance Wireless Emergency Alerts WG and got updates from the other WGs. The reports weren't immediately available.