The BSI commissioned a study on 5G security: The Open RAN study (Open Radio Access Network) shows clear security risks.
Open RAN (Open Radio Access Network), based on the standards of the O-RAN Alliance, contains significant security risks in its current form. This is the result of a study commissioned by the Federal Office for Information Security (BSI) and which is now being published. The risk analysis for Open RAN was carried out by the Barkhausen Institute (under the direction of Prof. Dr. Gerhard Fettweis) as an independent research institution in cooperation with Advancing Individual Networks GmbH from Dresden and with the support of secunet Security Networks AG.
Technology concept with open interfaces
Open RAN is a technology concept in the field of 5G cellular communication that introduces additional and open interfaces for previously proprietary components of the radio access network (RAN - Radio Access Network). This is intended to promote openness and interoperability in the RAN of a cellular network. The concrete implementation of Open RAN by the O-RAN Alliance is based on the 5G-RAN specifications of 3GPP (3rd Generation Partnership Project), a worldwide cooperation of standardization bodies for standardization in mobile communications. In addition to interface specifications, new components with intelligent RAN functions are also defined.
Arne Schönbohm, President of the BSI on the study
“As the federal cyber security authority, the BSI monitors and accompanies the development process of Open RAN. That is why we commissioned a risk analysis that analyzes various affected parties and attacker groups and assesses the risks for the central protection goals of confidentiality, integrity, accountability, availability and privacy. Using a best / worst case analysis, the study demonstrates that the previous Open RAN has not yet been sufficiently specified in accordance with Security by Design and that in some cases it has security risks. The security improvements from the study should therefore be included in the specifications in order to be able to serve the rapid growth of Open RAN in the market with sufficiently secure products right from the start. "
More at BSI.Bund.de
About the Federal Office for Information Security (BSI) The Federal Office for Information Security (BSI) is the federal cyber security authority and the creator of secure digitization in Germany. The guiding principle: As the federal cyber security authority, the BSI designs information security in digitization through prevention, detection and reaction for the state, economy and society.