Ericsson dampened open RAN enthusiasm, arguing more work needs to be done to address key security risks associated with the technology.

In a blog, head of security for network product solutions Jason Boswell highlighted several areas of vulnerability, including new and expanded risks from the use of fresh interfaces and third-party network applications.

Added security measures are also needed to address new threats presented by the decoupling of hardware and software functions, and vendors should carefully scrutinise open source code they plan to use, he said.

Boswell stressed “security cannot be an afterthought”, advocating the importance of a risk-based approach.

“Secure open RAN systems may require additional security measures not yet fully addressed, a trusted stack for software and hardware, and interoperability between vendors with a common understanding and implementation of security requirements.”

The post comes as momentum around open RAN builds, with the US particularly keen on the approach as a potential alternative source of telecom equipment.

Though it is a member of the O-RAN Alliance, Ericsson was notably absent from a list of speakers scheduled to participate in a Federal Communications Commission summit on the topic set for 14 September.

Other major vendors and operators, including AT&T, Dish Network, HPE, IBM, Mavenir, Nokia, Qualcomm, Rakuten, Reliance Jio, Parallel Wireless and Verizon will take part.