While the governments of US, UK, India and Japan promote OpenRAN, they have not yet published any official, authoritative security studies on the technology
Strand Consult, a leading independent European analysis research firm for global telecommunications and mobile industry said that over the past few years, OpenRAN has received a lot of media attention. The solution was first marketed as an alternative to Chinese suppliers such as Huawei and ZTE and subsequently, as a way to rollout 5G faster and cheaper. If you believe those who market OpenRAN, then the world’s mobile operators should be lining up to buy it. However, the reality is that OpenRAN is a commercial catastrophe. It’s something that everybody talks about, but nobody buys.
The company said it has nothing against OpenRAN. However, they want to create transparency at the O-RAN Alliance, and some of its members have pushed back against it. Indeed, Strand Consult’s transparency concerns are shared by policymakers in the EU and US, notably the House of Representatives Foreign Affairs Committee.
Last month Strand Consult released the report “OpenRAN and Security: A Literature Review”. While OpenRAN has received significant press and policy attention, there is relatively little scientific, empirical, and academic analysis of the Security topic. The company reviews the literature that does exist which includes academic papers by German and Taiwanese engineers, an official technical security review by European authorities, and some white papers and blogs by OpenRAN trade associations. The goal is to create objectivity and transparency about the actors promoting OpenRAN so that mobile operators, investors, and other stakeholders can make informed decisions.
A few weeks ago, one of the high-profile companies in the OpenRAN space, Parallel Wireless, laid off more than half of its employees. It came just months after the same company said it would double the number of employees by the end of 2022. The reason for the scale-down, according to Parallel Wireless, is that the market is developing more slowly than expected and that OpenRAN is starting to look like a marathon, not a sprint. Shareholders at Parallel Wireless probably came to the conclusion that it will be difficult to deliver the OpenRAN success story. Indeed, they may be looking for a buyer to recover some, if any, of their investment in the company.
Much of Africa, Latin America and Asia are still 2G/3G markets. Hundreds of millions of people today and in the future will still use phones that only support 2G and 3G. In fact, the most widely used network technologies in Africa and Latin America today are 2G and 3G. Many emerging countries are behind to roll out 4G. This is not to say that operators in Africa and Latin America are not innovative to add 4G coverage on cell sites and base stations that support 2G/3G they try to innovate and upgrade as much as possible. However, mobile operators face certain limitations as much as they try to economize. While policymakers may want ubiquitous 5G, it is still a challenge to roll it out in many countries, to say nothing of the requirements of end users demand for 5G devices and services as a driver of the technology.
OpenRAN and O-RAN require 4G/5G technologies. They are not substitutes for 2G/3G, nor shortcuts to 4G/5G. Next generation networks still require the installation of regular RAN technologies before any OpenRAN technologies can be used. Simply put, OpenRAN does not offer 1:1 replacement for existing networks in Africa, Latin America, and Asia. This means OpenRAN is not a plug and play solution for low-income subscribers in emerging markets.
Last week the European Commission published the report Cybersecurity of Open Radio Access Networks which analyses the cybersecurity implications of Open Radio Access Networks (RAN). It includes background on the technology, an assessment of security risks, and guidance for implementation. The report is significant as it represents perhaps the only official government assessment of OpenRAN.
While the governments of US, United Kingdom, India and Japan promote OpenRAN, they have not yet published any official, authoritative security studies on the technology. The European Union report was developed by the Network and Information Systems (NIS) Cooperation Group which includes the security authorities of the 27 EU-member states and ENISA, the EU Agency for Cybersecurity.
The OpenRAN cybersecurity report is an appendix to and expansion of the EU tool box for 5G Security, the set of robust and comprehensive measures for a coordinated EU approach to 5G network security. The report is not a position paper which argues for or against a policy. Rather, it is practical, technical approach to ensure that OpenRAN aligns with the EU 5G 3GPP tool box.
OpenRAN is not a per se standard but a collection of technological features purported to allow different vendors to supply 5G networks with “standardized open interfaces” specified by the O-RAN ALLIANCE. Note that O-RAN only addresses internal RAN components. The industry still relies on 3GPP, the 3rd Generation Partnership Project, to build an end-to-end mobile cellular network and to connect end-user devices.
Citing security concerns, the Federal Communications Commission rejected a US operating license to China Mobile and may revoke approvals for China Telecom for its failure to demonstrate that it is not influenced the Chinese government. Other O-RAN ALLIANCE members include Inspur, Lenovo, Tsinghua, and ZTE, companies the US government restricts for security reasons
After some years, OpenRAN has yet to notch a major commercial success. If OpenRAN gets the growth its proponents predict, it will account for less than 1 percent of the 5G mobile sites in 2025; not more than 3 percent in 2030 (install base). It looks like OpenRAN is too little, too late to make a difference in a world in which operators deploy 10,000 classic 5G sites every month. Note that the RAN cost of an average mobile operator is equivalent to about 3% of their ARPU. In practice, this means that if a US operator passed on all OpenRAN savings to customers, the average subscriber would save 40 cents per month.
In the report ”Debunking 25 Myths of OpenRAN” Strand Consult provided with the objectivity and transparency needed by decision makers. This is the sort of information and analysis which is not available in most mainstream outlets. At the end of the day, mobile operators’ job is to deliver a great network experience to their customers. OpenRAN proponents have not succeeded to communicate, let alone demonstrate, specifically or empirically the difference they will make to mobile operators’ bottom line in a world in which 200 commercial 5G networks on classic RAN have been launched.
