Virtual Webinars at IEEE ComSoc Santa Clara Valley Chapter and Santa Clara University's School of Engineering

By Alan J Weissberger - IEEE GCN Correspondent and IEEE Techblog Content Manager, IEEE ComSoc SCV Chapter, CA, USA

IEEE ComSoc Santa Clara Valley Chapter (ComSocSCV) and Santa Clara University’s School of Engineering (SoE) collaborated this Spring 2022 to produce two very well received virtual webinars:

  1. OpenRAN and Private 5G — Opportunities and Challenges on March 22, 2022 and

  2. Critical Cybersecurity Issues for Cellular Networks (3G/4G, 5G), IoT, and Cloud Resident Data Centers on May 26, 2022.

The presentations and lively discussion by the panelist and moderators made the event both informative and intellectually stimulating.

OpenRAN and Private 5G Issues

Some of the issues and questions addressed in the first webinar were:

  • Can mix and match OpenRAN module interoperability result without solid standards?

  • Is OpenRAN just a different form of vendor lock-in (as Light Reading claims)?

  • How will a legacy carrier manage and maintain a “brownfield” network of conventional RAN and OpenRAN?

  • Can 5G private networks compete with new WiFi offerings? Or 4G-LTE private networks? Or 5G based fixed wireless access (FWA) public networks?

  • Will carriers be bypassed by new entrants offering 5G private networks using frequencies licensed by enterprise customers?

  • What can OpenRAN and Private 5G providers do better, cheaper, and with more value than Classic RAN and Wi-Fi?

  • Who are the competitors: Mobile carriers, legacy wireless infrastructure vendors, Wi-Fi players, new OpenRAN players, others?

  • Where are the REAL opportunities for companies to take market share from the big base station vendors in both OpenRAN and private 5G?

  • What are the barriers to success and what’s being done to resolve them?

One important takeaway was that 5G Private Networks will likely offer a very good customized solution for various industry verticals, as illustrated by Intel’s Caroline Chan. However, a 5G Stand Alone (SA) core network will be necessary to realize the various 5G features needed. Most “5G” networks currently deployed are 5G Non-Stand Alone (NSA) which use a 4G LTE infrastructure for all functions and features.

John Baker of Mavenir opined that there is a real requirement for 2G Open RAN solutions, particularly in many developing countries. Several panelists agreed with him. Mavenir has a specification for 2G OpenRAN, but it is not being considered at this time by the OpenRAN alliance.

John Strand of StrandConsult was quite skeptical about the business case for OpenRAN. “I just feel it’s too little, too late. We have today almost 200 5G 3GPP networks which have gone live worldwide,” he said. “The reality is nowadays 10,000 sites are deployed every month.” Meanwhile, members of the open RAN community largely boast about trials as if they are commercial orders for real-world deployments, he added. “Open RAN players will find it very difficult to sell their solutions to the classic operators,” Strand concluded.

Other speaker/panelists were: Jane Rygaard, Head of Dedicated Wireless Networks at Nokia (Denmark) and Adil Kidwai, Head of Product Management, EdgeQ (Santa Clara, CA).

This workshop was covered by SDxCentral in two articles:

https://www.sdxcentral.com/articles/news/mavenir-nokia-execs-evaluate-state-of-open-ran/2022/03/

https://www.sdxcentral.com/articles/analysis/will-private-networks-squeeze-out-carriers/2022/03/

Cybersecurity for Cellular Networks and the IoT; Internet Control; Cloud Resident Data Centers

This panel session included Jimmy Jones of Zariot (extreme right and lower left), Colin Constable of the @Company, and Thomas Foerster of Nokia (middle of bottom row). Moderator Alan Weissberger is in the upper left corner of the image below

This panel session included Jimmy Jones of Zariot (extreme right and lower left), Colin Constable of the @Company, and Thomas Foerster of Nokia (middle of bottom row). Moderator Alan Weissberger is in the upper left corner of the image

Cellular network security naturally leads into IoT security, since cellular networks (e.g. NB IoT, LTE-M, 5G) are often used for IoT connectivity.

It is estimated that by 2025 we will interact with an IoT device every 18 seconds, meaning our online experiences and physical lives will become indistinguishable. With this in mind it is critical to improve IoT security.

The real cost of a security breach or loss of service for a critical IoT device could be disastrous for a business of any size, yet it’s a cost seldom accurately calculated or forecasted by most enterprises at any stage of IoT deployment. Gartner predicts Operational Technologies might be weaponized to cause physical harm or even kill within three years.

Jimmy Jones of Zariot stressed the importance of secure connectivity, while explaining the need to protect the full DNA of IoT (Device, Network and Applications) to truly secure the entire system.

Connectivity providers are a core component of IoT and have a responsibility to become part of the solution. A secure connectivity solution is essential, with strong cellular network standards/ specifications and licensed spectrum the obvious starting point.

Colin Constable of the @Company says ISPs should flip the security control of the Internet from the core to the network edge and the endpoint devices. To do that, he has defined a new networking layer and an application layer protocol. Furthermore, Colin cited several questions about the effectiveness of Encryption Keys to protect the integrity of data transferred:

  • IT and Data security increasingly rely on encryption; encryption relies on keys; who has them?

  • Is there really any point to VPN’s Firewalls and Network segmentation if data is encrypted?

  • We use keys for so many things TLS, SSH, IM, Email, but we never tend to think about the keys. Why not?

  • Do you own your keys? If not someone else can see your data!

  • What do we need to flip the way IT is architected?

His recommendations for Keys were as follows:

  • Keys should be cut at the edge and never go anywhere else.

  • You should be able to securely share keys along with the data being transmitted/received.

  • There needs to be a new way to think about identity on the Internet.

Colin’s challenge will be to get major ISPs to agree and to get co-authors to present his proposal to the IETF (Internet Engineering Trask Force) as a draft standard.

Thomas Foerster of Nokia noted that telecommunications networks are becoming more complex and reliant on networks of inter-connected devices. With the advent of 5G mobile networks, security threat vectors and the cybersecurity attack surface have expanded, especially with virtualized networks. The exposure of new connected industries (Industry 4.0) and critical services (connected vehicular, smart cities etc.) makes it even more important to secure networks and cloud resident data centers.

Here are Thomas’ recommendations to prevent or mitigate Data Center (DC) attacks:

  • Privileged Access Management across DC entities

  • Individual credentials for all user/device entities

  • MFA: One-Time Password (OTP) via text message or phone call considered being not secure 2-Factor Authentication anymore

  • Network and configuration audits considering NIST/ CIS/ GSMA NESAS

  • Regular vulnerability scans and keep network entities up to date

  • Tested playbooks to mitigate security emergencies

  • Business continuity planning and establish tested procedures

Conclusions

One of the few silver linings of the COVID pandemic lockdowns has been the rise of virtual webinars, which makes it possible for speakers, panelists and audience members to participate in events without having to travel. IEEE ComSocSCV and SCU SoE made very good use of that this Spring and we are quite proud of the results.

References

  1. Event Videos: https://www.youtube.com/watch?v=fQoaEAbxQG0
    https://www.youtube.com/watch?v=i7QUyhjxpzE

  2. Presentation slides: https://scv.chapters.comsoc.org/event/openran-and-private-5g-new-opportunities-and-challenges/
    https://scv.chapters.comsoc.org/event/critical-cybersecurity-issues-for-cellular-networks-3g-4g-5g-iot-and-cloud-resident-data-centers/