On March 12, the UC Berkeley Center for Long Term Cybersecurity (CLTC) hosted an online panel focused on the implications of “open radio access networks,” or Open RAN, a movement focused on “unbundling” the hardware and software in wireless telecommunication systems to reduce dependence on a small number of suppliers.
The panel brought together industry experts to discuss key insights from CLTC’s recent report, Impacts of Open Radio Access Networks for Operators, Policymakers, and Consumers, which was authored by Jon Metzler, Continuing Lecturer in the Haas School of Business at UC Berkeley. This report builds on Metzler’s previous CLTC paper, Security Implications of 5G Networks, published in 2020.
As Metzler explains in his new report, Open RAN seeks to promote greater hardware and software interoperability between different elements in the wireless network infrastructure, and to “disaggregate what historically had been monolithically provided by one supplier…, facilitate greater interoperability between supplier hardware and software…, and create greater supplier diversity in the RAN market.”
The panel brought together a group of experts and insiders to discuss these opportunities, as well as challenges and cybersecurity implications associated with bringing Open RAN into the new telecommunications landscape, along with what network operators, consumers, and policymakers can do to start preparing for a 6G future.
Metzler was joined in conversation by Chris Boyer, Vice President of Global Security and Technology Policy at AT&T; David Jeppsen, Vice President of Business Development and Public Affairs for NTT DOCOMO USA; Art King, Director of Product Management and Marketing at Cohere Technologies; and Doug Kirkpatrick, Co-Founder and CTO of Eridan Communications. The panel was moderated by Leah Walker, Lab Director at the Berkeley Risk & Security Lab.
“This is a particularly important topic at the moment, especially as we’ve seen countries roll out different strategies on next-generation 6G networks,” Walker said. “It’s also a time where telecommunications are at the forefront of the strategic geopolitical ecosystem, whether it’s about the competitive nature of different countries, telecommunications technology, or about cyber pre-positioning. So it’s really the ideal time for [Jon Metzler] to have put out this report.”
Key Takeaways
In his opening remarks, Metzler focused on three primary takeaways from his research, which included conducting interviews with a wide range of stakeholders from industry and government. First, he noted that there is general consensus that unbundling the RAN was a good idea, though they may have had different motivations. “This gets to the idea that Open RAN is ‘what is in the eyes of the beholder,'” Metzler said.
His second takeaway is that “wireless suppliers have to navigate a few really tough timelines” when it comes to moving toward Open RAN, as network generation upgrade cycles, operator testing cycles, and companies’ own “incubation cycle” can take several years. “Founding a wireless infrastructure company takes some amount of bravery, fortitude, and patience, but nurturing them also takes time and consistency,” Metzler said.
Third, he noted that “shaping the RAN actually wouldn’t take that much money” relative to the total costs that U.S. operators already invest in capital expenditures. He noted that increased investment from government could lead to a more flexible, open, and resilient RAN, and that the government should lead an intensive investment similar to the “Operation Warp Speed” that led to expedited COVID vaccine development.
An Overview of Open RAN and Its Benefits
Chris Boyer of AT&T provided a high-level overview of Open RAN, explaining that it fundamentally transforms how wireless radio access technology works. “For years, the basic components that make up the RAN have been fully integrated within a single vendor stack,” Boyer said. “Open RAN ‘unbundles’ these components, allowing operators to use different parts from different vendors — radios from one company, baseband from another, and software applications from a third.”
One of the benefits, Boyer explained, is that Open RAN lets companies “start using different components from different vendors…. The value proposition for a company like AT&T is that we can then introduce best-of-breed vendors across the network. We could use different combinations of vendors, which would allow us flexibility to bring in new suppliers, new capabilities, and do things potentially more quickly than we would in the past, where everything was working through a supplier.”
Art King from Cohere Technologies, a telecom software company, described Open RAN as “almost the key to our existence,” as it provides access to parts of the network stack that were previously “completely locked away in the bottom of the base station and just not available for innovation from the outside world.”
“Everything that we’ve done just wouldn’t be possible without breakthroughs that Open RAN has afforded us as a company,” King said. “So we’re really seeing it as a springboard toward a continuous innovation environment.”
David Jeppsen of NTT noted that Open RAN has already proven that it can be effective at scale: “There are 30 million subscribers on a fully Open RAN network right now in Japan,” Jeppsen said. “The challenge with Open Ran is on the integration side. If you’re a big company like DOCOMO and AT&T, you can manage that on your own, but if you’re a smaller operator, it’s not easy to do all the integration.”
Doug Kirkpatrick of Eridan Communications highlighted the revolutionary impact of Open RAN for enterprise customers: “Enterprise 5G deployments are skyrocketing because it’s almost as easy as Wi-Fi,” Kirkpatrick said. “We can go to a campus with an installation that costs tens of thousands of dollars, not millions of dollars.”
Cybersecurity Considerations
When asked about potential cybersecurity risks, Jon Metzler acknowledged that Open RAN could introduce new vectors for attack, but he emphasized that the Quad nations (US, Japan, Australia, India) see a net positive tradeoff in the increased diversity in the marketplace: “If you define those interfaces, then you can probably have more suppliers who can build those interfaces, and you get a little more choice if you’re the operator or the integrator.”
David Jeppsen added that Open RAN provides greater visibility that can help improve security: “Any operator has to have very good security protection protocols, whether you have more interfaces or not, you’re going to have to be ready to deal with that,” he said. “But the one benefit in an open architecture versus a closed is that you’re able to see where the breach happens much quicker than when it’s in an integrated box.”
Doug Kirkpatrick pointed out that Open RAN actually enhances resilience: “You would actually use different suppliers for the same pieces of different elements of your network, so that if somebody found a flaw in some layer of your network, they’d only be able to attack some portion of it, not the entire network itself.”
Watch the panel above or on YouTube.
