Open RAN – Not Solving the “5G China Challenge”

The high market share of Chinese technology giant Huawei in 5G infrastructure has made observers hope that a technological disaggregation of 5G’s Radio Access Network (RAN) could solve geopolitical challenges posed by China. While technologically promising, this approach, known as Open RAN, neither reduces reliance on China nor necessarily offers a higher degree of network security.

The high market share of Chinese tech giant Huawei in the global mobile infrastructure has become a subject of concern in the US and several other western countries. Critics raise two primary concerns. 

First, as 5G and future generations of mobile infrastructure will be more software-defined, they require constant maintenance. Cooperation with the vendors is indispensable. Hence, the maintenance of critical infrastructure would be entrusted to a technology company from an authoritarian state. 

Second, the highly complex nature of 5G networks increases the attack surface considerably. Critics fear that the use of Huawei equipment provides the company with privileged knowledge and access. Chinese party-state agencies would gain increased opportunities for espionage and the sabotage of wireless networks in Europe. Resulting network insecurities and technological dependencies could become political tools in the hands of the authoritarian leaders in Beijing.

Attempts to replace Huawei equipment raise the challenge that only few alternatives exist to Huawei, particularly in the highly concentrated Radio Access Network (RAN) equipment market. While there are already more RAN vendors, only four companies are “full-stack” vendors that offer tightly integrated solutions for radio, transport, core network and management software – Sweden’s Ericsson, Finland’s Nokia, and China’s Huawei and ZTE. Banning Chinese suppliers could create network security vulnerabilities linked to reduced vendor diversity.

This has given additional prominence to an alternative technological concept: Open RAN. Instead of being a single-vendor solutions, Open RAN is intended to enable multi-vendor single RAN site implementation. Open RAN hardware and software components of a Radio Access Network are disaggregated and can be provided by separate suppliers, enabling mobile operators to freely pick individual RAN components from a range of sources. 

In theory, this could increase network diversity because disaggregation multiplies vendor choice. But is Open RAN really solving the “5G China challenge”?

Does Open RAN Reduce Technological Dependency on China?

The idea that a disaggregation of RAN technology will minimize western dependence on Chinese technology is optimistic at best. Whether we consider single-vendor or Open RAN technology, China remains best positioned in the global market. The barriers to market entry for Radio Access Network technology, as well as its components, are high. Entry requires expertise and is capital intensive. China’s party-state will be able to sustain an uneven playing field by the very same means it has used to support Huawei. While Huawei denies any published numbers on direct and indirect subsidies, there can be little doubt that the company has profited from preferential treatment in a largely shielded domestic market, public procurement policies, tax breaks, soft loans, subsidies and export credits.

Such considerations mirror the reality in the most influential Open RAN community that exists: the O-RAN Alliance. The O-RAN Alliance united two earlier organizations: the US-based xRAN Foundation and China’s C-RAN. It has also established a formal liaison with the Telecom Infra Project (TIP), which involves hundreds of participants from around the world, including from China. China Unicom is particularly prominent in the TIP, and leads the Indoor 5G NR Small Cell Subgroup. However, while only 20 percent of O-RAN Alliance members are Chinese entities, the O-RAN Alliance is anything but free from Chinese influence.

Not only are 36 company participants in the O-RAN Alliance headquartered in China, but some of its most active members are subject to US sanctions. A recently published analysis finds that at least two-thirds of the Chinese O-RAN Alliance members have elements of state-ownership, and six are outright public institutions or agencies. At least 16 O-RAN Alliance members have public links to the Chinese security apparatus. Strikingly, all three of China’s main mobile operators, China Mobile, China Telecom and China Unicom, participate in the O-RAN Alliance. 

Does Open RAN Provide Better Network Security?

As argued elsewhere, the Chinese security services are advanced enough to conduct espionage or sabotage operations with or without the deployment of Huawei equipment in 5G. This applies to Open RAN equipment too. Particularly crucial is the fear that China could shut down 5G networks in a situation of conflict, the so-called “kill switch” scenario. The most effective means to reduce the risk of a kill switch is to increase the cost for a malign actor through vendor diversification. In a diverse network, an attacker needs to identify and exploit vulnerabilities in the equipment of not just one but several vendors. 

At least in theory, the disaggregation of equipment in an Open RAN scenario increases network diversity and improves network security. Importantly, however, Open RAN does not just facilitate network diversification – it also comes with two risks. 

First, Open RAN requires a community of operators, vendors and researchers to develop open interfaces and software. This is not necessarily problematic. For example, the development of open interfaces for Open RAN seems fairly harmless as it provides little information on the actual equipment but focuses on the interfaces that are necessary for interoperability. It appears to be riskier when code is jointly developed, as is the case in the O-RAN Alliance’s Software Community. Here, the complexity of RAN code provides multiple options for backdoors not only in a single piece of code, but also in the combination of it. It is unrealistic to expect to be able to constantly review the code provided by all the participants in an Open RAN software community. A proper security review of RAN code is impossible, even by experts in code analysis. The trustworthiness of software suppliers is indispensable. In reality, some of the members of the O-RAN Alliance are more obscure and probably less trustworthy than Huawei.

Second, while providing more options for vendor diversification, the deployment of Open RAN presents additional network security challenges. These largely stem from the greater complexity of different Open RAN network functions linked to different suppliers interacting with each other. Such increased complexity enlarges the attack surface of the RAN. At the same time, however, at least in theory, the high level of virtualization has the potential to increase security. While the high level of virtualization and encapsulation of Open RAN solutions could potentially increase network security, Open RAN development does not exclusively focus on security considerations. Interoperability, openness and time-to-market are also crucial. 

Ultimately, the concept of Open RAN prevents neither a dominant Chinese market presence in strategic segments of Open RAN equipment nor an unlevel playing field. Open RAN does not necessarily increase network security. The collective development of code, as is the case in the O-RAN Alliance Software Community, requires a high degree of trust. Given that several Chinese members of the O-RAN Alliance are less trustworthy than Huawei, this initiative carries obvious risks to network security.

This paper is based on a longer report published by the Digital Power China (DPC) research consortium available here.