O-RAN Security Threat Modelling and HCL 5G initiatives | HCL Technologies

5G: O-RAN Security Threats

The ORAN Alliance takes care of the security aspects from the design stage, giving guidelines issued by security experts (SFG, Security Focus Group), and consolidated by the most important standardization bodies (3GPP, ETSI, NIST, ENISA, GSMA). The open nature of this architecture allows the interoperability of different systems provided by various vendors and operators. The RIC, the intelligent part of the O-RAN architecture, hosts applications that implement the various uses cases of 5G networks. These applications can be developed either by a RIC vendor or by third parties, without a limit in theory, and the risk of introducing new threats and vulnerabilities easily increases. One of the basic cybersecurity concepts is that “no weak link must be in the chain”. A single component with a vulnerability can be the root cause of an entire system being compromised if an attacker exploits the vulnerability. HCL is part of the O-RAN ALLIANCE and is involved in several O-RAN Software Community (ORAN SC) projects and, among those, contributes widely in RIC Application (RICAPP) project with xApps development. ORAN SC projects are following the Core Infrastructure Initiative (CII) best practices program [14], which is an open-source secure development maturity model leading to secure products since their design, and those one having a CII badge showcase the project’s commitment to security. RICAPP project is among projects having the CII badge.

Download the whitepaper