Qualcomm’s Contributions Toward O-RAN and 5G Network Security

For this vignette of a recent episode of the Futurum Tech Webcast, part of the 5G Factor series, analysts Ron Westfall and Shelly Kramer delve into Qualcomm’s contributions to O-RAN and its commitment towards defining 5G security requirements and best practices.

Their discussion spotlighted:

  • Why security is essential to O-RAN Alliance’s Open RAN architecture, especially by further disaggregating the RAN beyond the 3GPP functions.
  • How the introduction of each new entity to a system requires a comprehensive security design to account for new attack scenarios that seek to exploit new interfaces and functionality.
  • Understanding the principle of how open interfaces can improve security since they are more transparent than black-box implementations through optimizing ecosystem-wide alignment with security standards and best practices. As such, an increased attack surface does not mean the system is less secure.

Ron and Shelly see progress across O-RAN architecture security due to factors such as disaggregation boosting security agility, adaptability, and resiliency across interface security, software security, and zero-trust model domains. They believe Qualcomm’s support of the O-RAN Security Focus Group can help solidify mobile ecosystem support for security guidelines that span across the entire O-RAN architecture.

Watch the video vignette here:

Watch the entire episode here:

Or stream the audio of the entire episode here:

If you’ve not yet subscribed to The 5G Factor, hit the ‘subscribe’ button while you’re there and you won’t miss an episode.


Disclaimer: The Futurum Tech Webcast is for information and entertainment purposes only. Over the course of this webcast, we may talk about companies that are publicly traded and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors and we do not ask that you treat us as such.


Shelly Kramer: We’re going to touch one more time briefly on all things O-RAN, this time, as it relates to the O-RAN Alliance, which you mentioned earlier, and we’re going to talk a little bit about Qualcomm’s contribution as part of the O-RAN Alliance task force, as it relates to helping define best practices and security requirements and so just a tiny bit of background the O-RAN security focus group was formed to conduct a deep threat analysis on each bit of O-RAN software and hardware component at interface and evaluate the impacts of identified threats to ensure the right security measures are being put into place to keep O-RAN secure and it is no surprise that Qualcomm has a leadership role as it relates to this. So I don’t remember if this is something that you covered for the Futurum blog or not Ron, but maybe let’s chat a little bit about the security challenges that OpenRAN faces and other same security challenges that today’s RAN and other virtualized architectures face. So all things, disaggregation of functions, an increased threat service, lots of things, but let’s talk a little bit, what are your thought? And again, I don’t remember if you covered this in a research note or not.

Ron Westfall: Well, I did cover definitely Qualcomm’s contributions to advancing 3GPP standard processes. And that is specifically related to the recent completion of Release 17. And that definitely entails the ability to expand network typology, to support a broader range of 5G capabilities that are definitely going to be important in elevating use cases. And this is pretty much in parallel to this. This is out the O-RAN security groups advancement of 5G security specifically. And you definitely tee it up, Shelly, what is going on here is that in order for these diverse deployment scenarios to become more secure, it requires streamline orchestration and placing the intelligence and processing where it’s needed most. Again, it’s that optimization capability. And I think one thing that definitely needs more clarity is, oh, well, openness, OpenRAN, or open 5G, doesn’t that create more security risk, that is it’s increasing the attack surface? And isn’t that something that is a trade off from say, than a traditional black box implementations? And I think what Qualcomm is emphasizing here is no, it does not.

In fact, what it’s offering is the fact that because that there is this openness, that there’s a vast ecosystem of developers, it’s just quite simply a broader range of people that can be brought in to take care of or preempt any security concerns that come with open 5G implementations. And so this is, I think, something that seems slightly counterintuitive, but it’s not. It’s the fact that if you have a closed system, that means there’s just less flexibility, that there’s less ability for those suppliers to be able to ward off hackers when you have a much broader range of developers and contributors and suppliers that can tackle the very same issue.

So in other words, quantity matters. It helps the quality, quantity can be its own quality when it comes to O-RAN’s security. And so this is definitely lining with the fact that the O-RAN security focus group is conducting deep threat analysis on every single O-RAN software and hardware component and interface.

Shelly Kramer: That’s awesome.

Ron Westfall: And so the more the barrier in this case, and this is something that they are taking very seriously, obviously, you can’t have OpenRAN and open 5G implementations where there’s a security question mark. And so I think Qualcomm is definitely making a big contribution here just like they did with the recent completion of Release 17 and it sets them up to, again, be a major player with say Release 18 and 5G advanced capabilities, which relies a lot more on AI ML engines, for example, that’s more baked into the standards, and this is something again that AI and ML can be enlisted to strengthen 5G security in, again, in standalone implementations and OpenRAN or any open component within the entire 5G network. So this is definitely something that is going to be a difference maker and that’s why it’s just left out and in parallel the note that I wrote about, again, Qualcomm support for Release 17 capabilities.

Shelly Kramer: Was, incredibly timely. We are going to drive away on the last segment of this show with… This is what happens to me when I hang out with Ron, because Ron is always bringing the clever sayings and headlines and everything else. So I do feel like he throws the gauntlet down and I’m required to try to pick it up on a regular basis.

About the Authors

Ron is an experienced research expert and analyst, with over 20 years of experience in the digital and IT transformation markets. He is a recognized authority at tracking the evolution of and identifying the key disruptive trends within the service enablement ecosystem, including software and services, infrastructure, 5G/IoT, AI/analytics, security, cloud computing, revenue management, and regulatory issues. Read Full Bio.

Shelly Kramer is a Principal Analyst and Founding Partner at Futurum Research. A serial entrepreneur with a technology centric focus, she has worked alongside some of the world’s largest brands to embrace disruption and spur innovation, understand and address the realities of the connected customer, and help navigate the process of digital transformation. She brings 20 years' experience as a brand strategist to her work at Futurum, and has deep experience helping global companies with marketing challenges, GTM strategies, messaging development, and driving strategy and digital transformation for B2B brands across multiple verticals. Shelly's coverage areas include Collaboration/CX/SaaS, platforms, ESG, and Cybersecurity, as well as topics and trends related to the Future of Work, the transformation of the workplace and how people and technology are driving that transformation. A transplanted New Yorker, she has learned to love life in the Midwest, and has firsthand experience that some of the most innovative minds and most successful companies in the world also happen to live in “flyover country.”