Strand Consult: What NTIA won’t tell the FCC about Open RAN

by John Strand, CEO and Founder of Strand Consult (see company profile and bio below)

Introduction:

In “NTIA Comments on Promoting the Deployment of 5G Open Radio Access Networks,” (Docket Number: GN-Docket No. 21-63) the National Telecommunications and Information Administration (NTIA) makes many claims about Open RAN [1] and states what appears to be official U.S. Executive Branch policy promoting that technology.  In particular:

As stated in the Implementation Plan of the National Strategy to Secure 5G, the U.S. Executive Branch agrees that “close coordination between the United States Government, private sector, academic, and international government partners is required to ensure adoption of policies, standards, guidelines, and procurement strategies that reinforce 5G vendor diversity and foster market competition.”  One promising solution in line with these objectives is open, interoperable networks, including Open RAN. While this response focuses on Open RAN, the Executive Branch’s policy is to promote the development of Open RAN alongside other policies, technologies, and architectures that support 5G vendor diversity and foster market competition.

Strand Consult analyzes these claims, their references, and the assumptions underpinning them from security and economics perspectives. Strand Consult’s report also includes an appendix fact checking 35 claims by NTIA and well as 133 additional references to help investigate the technology.

OpenRAN (open radio access network) is an evolving topic. It is an industrial concept, not a technical standard. Stakeholders, including NTIA may define OpenRAN differently, provide different definitions, ascribe different purposes to it, and have different expectations.

Editor’s Note: 

There are two Open RAN spec writing bodies- the O-RAN Alliance and the Telecom Infra Project Open RAN Group. Neither of them have a liaison with either 3GPP or ITU-R WP 5D which have produced specifications/standards for 4G-LTE Advanced and 5G RAN/RIT specifications (3GPP  Release 10 and Release 15 & 16, respectively) and ITU-R standards (M.2012-4, and M.2150, respectively).  The O-RAN Alliance does have a liaison arrangement with GSMA which this author claims was an Ultra-Oxymoron.

……………………………………………………………………………………….

Strand Consult’s research question is to determine if, when, and how OpenRAN and O-RAN will replace conventional RAN on a 1:1 basis without compromising network quality, security, energy efficiency, and other important factors. Mobile operators have little ability to raise price, so operators must compete on network quality coverage and other factors.

Executive Summary:

We don’t believe NTIA’s comments provide insight to answer our questions. Strand Consult has found that most of the comments in NTIA’s report restate talking points from the OpenRAN industry and present policy arguments as if they were fact or technical analysis. As advisor to the US President and policy lead for the Executive Branch on telecommunications, NTIA is considered an authority and is expected to produce serious, objective policy. Indeed it would be welcome for an objective report from NTIA on OpenRAN with an authoritative list of critical references and information from test installations of the technology. Unfortunately NTIA’s report falls short of this expectation.

In our opinion, the main shortcoming of the report is that NTIA has either overlooked, ignored, or is unaware of the role of Chinese vendors in the OpenRAN industry. The separate but related ORAN Alliance has 44 Chinese vendors, many which are explicitly state-owned and military-aligned. At least 7 of these entities are on the US Dept of Commerce Entity List and others have lost their Federal Communications Commission operating license.  NTIA has not conducted a security assessment of OpenRAN and yet it blesses the technology and pronounces that it is Executive Branch policy to pursue it.  Strand Consult investigates NTIA’s other comments about the infrastructure market, competition, prices, and innovation and finds that many of them are either unevidenced or proffered by self-interested OpenRAN actors.

O-RAN Alliance Reference Architecture:

Image Credit:  O-RAN Alliance

……………………………………………………………………………………………

Strand Consult’s Analysis:

In an effort to lift the level of policy discussion, Strand Consult reviewed “NTIA Comments on Promoting the Deployment of 5G Open Radio Access Networks” from July 16th to the U.S. Federal Communications Commission’s (FCC) a part of the Inquiry in the proceeding on open radio access networks (Open RAN). The highly respected NTIA is chartered to advise the President and represent the Executive Branch view on telecommunications, and there is an expectation that NTIA’s reports are objective, authoritative, and empirical, particularly with its roster of employee scientists and technologists. The document submitted to the FCC appears to be written by staff lawyers and makes many debatable claims which are either unsupported or based on advocacy materials from the OpenRAN industry.

NTIA’s OpenRAN document does not live up to expectations for the following reasons:
 Its lack of objectivity and empirical support
 Its overlooking role of Chinese vendors in OpenRAN ecosystem
 Its misunderstanding of the economics of infrastructure and innovation
 Its unfounded assertions about competition and the role of OpenRAN.

Lack of objectivity and empirical support. Citing of interested parties as experts. The OpenRAN document published by NTIA offers very little empirical, or even academic policy, evidence for its assertions. Most of references cited, 55%, come from OpenRAN advocacy groups or companies with a financial interest in OpenRAN, for example self-described OpenRAN vendors. The main part of the document’s references are not technical studies but rather policy arguments.

Moreover, NTIA fails to disclose that its preferred sources are advocacy organizations. While there is nothing illegal about citing advocacy organizations, government agencies like NTIA are supposed to be above touting advocacy as fact, science, and official policy.

The O-RAN Alliance [2] develops technical specifications for 4G and 5G RAN internal functions and interface, not for 2G and 3G. The O-RAN Alliance is not a standards development organization (SDOs) [3] like ITU-R and ITU-T. The O-RAN Alliance does not satisfy the openness criteria laid down in Word Trade Organization Principles [4] for the Development of International Standards, Guides and Recommendations.

The O-RAN Alliance is a closed industrial collaboration developing technical RAN specification on top of 3GPP specifications and ITU-R standards for 4G and 5G.

While industrial cooperation is important, there can be no mobile networks without the basic work of organizations like ITU-R WP 5D, 3GPP (which is NOT a SDO) and its seven regional members (which are SDOs) [5].

OpenRAN concepts include: cloudification, automation and open RAN internal interfaces do follow some elements of 3GPP specifications.

It appears that NTIA is attempting to elevate the O-RAN Alliance, essentially a closed association, with established WTO compliant SDOs (e.g. ITU and IEEE) and global consortia like 3GPP. Such an elevation is false and deceptive, and NTIA should clarify why it promotes a closed association that doesn’t meet openness requirements in WTO.

NTIA could have balanced this shortcoming by referencing some the widely published critical reviews of OpenRAN. Unfortunately, it does not. For example, U.S. federal documents can create credibility by objectively stating competing views and discussing the merits, similar to the Congressional Research Service [6].

Because NTIA appears only to provide favorable views of OpenRAN from interested parties, its document is tainted with bias. It reads like a set of talking points from the OpenRAN Policy Coalition, the a front for the OpenRAN industry’s interests.

Overlooking the role of Chinese vendors in the OpenRAN ecosystem:

Another shortcoming is the apparent ignorance of the role of Chinese vendors in the OpenRAN ecosystem. NTIA forgets to name the 44 Chinese companies that make up the second largest national group in the O-RAN Alliance. It failed to disclose that seven of these actors are either on the U.S. Entity List [7] and have lost their FCC license to operate [8] . Those companies include: China Mobile, China Telecom, China Unicom, ZTE, Inspur, Phytium and Kindroid, companies
which are integrated with the Chinese government and military.

Nor does NTIA disclose that the European telco Memorandum of Understanding (MoU) [between Deutsche Telekom, Telefonica, TIM, Vodafone and Orange] that OpenRAN should be built on top of Kubernetes [9], which is  a software
technology platform that has been infiltrated by the Chinese.

While it began life in 2014 as a Google project, Kubernetes currently is under the jurisdiction of the Cloud Native Computing Foundation, an offshoot of the Linux Foundation (perhaps the world’s largest open-source organization).

By late 2017, Huawei had gained a seat on the Kubernetes Steering Committee. Huawei claims to be the fifth-biggest contributor of software code to Kubernetes.

According to the “Report on the 2020 FOSS Contributor Survey” [10] from The Linux Foundation & The Laboratory for Innovation Science at Harvard, the open source community spends very little time responding to security issues (an average of 2.27% of their total contribution time) and reports that it does not desire to increase this metric significantly.

It appears to be a problem that Huawei and ZTE are increasingly involved in the leading open source technology 11 used by OpenRAN developers. It is not clear how this acceptance of Chinese involvement in OpenRAN is consistent with President Biden’s tough stance on security vis-à-vis China and other threat actors [12].

Conclusions:

NTIA’s document appears to endorse the O-RAN Alliance for the security of OpenRAN. However, NTIA doesn’t provide technical analysis or a security assessment of O-RAN Alliance specifications. It is not clear from the document whether NTIA had access to these specifications to conduct an assessment. In any event, ORAN Alliance members exchange specifications on OpenRAN every 6 months. This means that the 44 Chinese companies in the O-RAN Alliance get fresh OpenRAN “code” at least twice a year, NTIA provides no threat analysis, risk assessment nor potential mitigation of these processes.

–>This is a breathtaking omission that alone warrants further attention by the NTIA.

NTIA could have strengthened its credibility by providing an authoritative, empirical document to inform policymakers objectively about OpenRAN. Instead NTIA offers a document which merely restates the talking points of OpenRAN advocacy groups and industry. This fails the U.S. Executive branch and the American people who expect quality information and impartial judgement from an expert agency.

More importantly, the NTIA document mis-informs readers about the security risks of OpenRAN which greatly extends the cyber security attack surface with its many “open interfaces.”

Hopefully, NTIA will review the empirical information and update its assessment in a new report.

…………………………………………………………………………………….

Readers who know something about OpenRAN are welcome to weigh in with their comments in the box below this article.

…………………………………………………………………………………….

Notes & Hyperlinks:

1. https://www.ntia.gov/fcc-filing/2021/ntia-comments-promoting-deployment-5g-open-radio-access-networks

https://www.ntia.gov/files/ntia/publications/ntia_comments_-_open_ran_noi_gn_21-63_7.16.21.pdf
2. https://www.o-ran.org/
3. https://en.wikipedia.org/wiki/Standards_organization          4. https://www.wto.org/english/tratop_e/tbt_e/principles_standards_tbt_e.htm
5. https://www.3gpp.org/about-3gpp

6. Disruptive Analysis Report: Telecom & 5G Supply Diversification A long term view: demand diversification, Open
RAN & 6G path dependence

https://www.linkedin.com/postsdeanbubley_disruptive-analysis-5g-supply-diversification-activity-6763038817348808704-jaAY

https://www.lightreading.com/open-ran/verizon-t-mobile-outline-their-open-ran-fears/d/d-id/769201  https://www.lightreading.com/open-ran/open-ran-has-missed-5g-boat-says-three-uk-boss/d/d-id/766258?
7. https://www.bis.doc.gov/index.php/policy-guidance/lists-of-parties-of-concern/entity-list
8. https://www.fcc.gov/document/fcc-denies-china-mobile-telecom-services-application-0 
https://www.reuters.com/article/us-usa-china-telecom-idUSKBN2B92FE  9.https://www.telefonica.com/documents/737979/146026852/Open-RAN-Technical-Priorities-Executive-Summary.pdf/cdbf0310-4cfe-5c2f-2dfb-c68b8c8a8186
10. Page 5 of: https://www.linuxfoundation.org/wp-content/uploads/2020FOSSContributorSurveyReport_121020.pdf
11. https://merics.org/en/short-analysis/china-bets-open-source-technologies-boost-domestic-innovation
12. https://www.reuters.com/article/us-usa-biden-cyber-war-idUSKBN2EX2S9

………………………………………………………………………………………………..

About Strand Consult:

Strand Consult is an independent consultancy with 25 years of telecom industry experience.  Strand Consult is known for its expert knowledge and many reports which help mobile operators and their shareholders navigate an increasing complex world. It has 170 mobile operators from around the world on its client list.

John Strand (photo below) is CEO of Strand Consult.  He founded Strand Consult in 1995.

The mobile industry exploded in the 1990s, and Strand Consult grew along with its new clients from the mobile industry, analyzing market trends, publishing reports and holding executive workshops that have helped telecom operators, mobile services providers, technology manufacturers all over the world focus on their business strategies and maximizing the return on their investments.

References:

https://www.ntia.doc.gov/fcc-filing/2021/ntia-comments-promoting-deployment-5g-open-radio-access-networks

ntia_comments_-_open_ran_noi_gn_21-63_7.16.21.pdf (doc.gov)

https://www.o-ran.org/

OpenRAN MoU Group

Ultra Oxymoron: GSMA teams up with O-RAN Alliance without liaison with 3GPP or ITU

Strand Consult: The 10 Parameters of Open RAN; AT&T memo to FCC

Strand Consult: 5G in 2019 and 2020 telecom predictions

Strand Consulting: Why the Quality of Mobile Networks Differs