ESF Members, NSA, and CISA Publish Open Radio Access Network Security Considerations > National Security Agency/Central Security Service > Article

FORT MEADE, Maryland — The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA), through the Enduring Security Framework (ESF), have published an assessment of Open Radio Access Network (Open RAN) security considerations.

Open RAN is the industry term for the evolution from traditional proprietary RAN architecture to an open ecosystem of hardware, software, and smart network optimization enabled by artificial intelligence/machine learning. Moving to an Open RAN-based mobile network enables interoperability between different vendors, removing the proprietary nature of traditional RAN and reliance on a single vendor.

The ESF working group focused on security considerations for several key technical aspects of Open RAN: multi-vendor management, Open Fronthaul connecting radios to base station equipment, a new RAN application framework including rApps and xApps that use AI/ML for RAN optimization, and other general network considerations including open source software, virtualization, and a 5G core network based on the cloud.

“Security considerations always emerge in new open systems aimed at improving cost, performance and supply chain benefits,” said Jorge Laurel, ESF project manager. “Open RAN also shares these security considerations, and through the continued efforts of the Open RAN ecosystem, they can be overcome.”

The working panel also discussed the associated resources needed to realize the vision of an interoperable, multi-vendor RAN powered by cloud services and software, which drives innovation on a global platform.

“Open RAN is an exciting concept, which opens several doors to innovation, improved network performance, and a more diverse and competitive cyber ecosystem,” said Mona Harrington, Acting Deputy Director of CISA. “However, with these benefits come the potential for additional security issues. As a community, we must work together to not only identify these concerns, but also to develop the practices and architecture to mitigate them. »

As standards are developed and adopted by equipment manufacturers, software developers, integrators and mobile network operators, these security considerations can be mitigated through the adoption of standards and best practices. Of the industry. Some of the security considerations identified in this assessment are not unique to Open RAN and exist in current closed RAN deployments, both would benefit from mitigating these security considerations.

“Limited competition in the telecommunications infrastructure market can reduce supply chain resilience and contribute to higher prices for operators and consumers in the long term. Open and interoperable approaches to network architecture, such as the development of Open RAN, have the potential to increase the number of reliable vendors in the market and reduce costs and improve security,” said Mark Cullinane, Director of Bilateral Affairs for the Office of Cyberspace and of the US State Department’s digital policy.

See other ESF 5G series documents on our homepage.

For more timely, unique, and actionable cybersecurity advice from the NSA and our partners, visit our comprehensive library.

If you have questions or want to learn more about the ESF, please contact [email protected]


NSA Media Relations
[email protected]
443-634-0721