美日澳印政府《Open RAN安全报告》（2023年5月） Open RAN Security Report -Outcome from Quad Critical and Emerging Technology Working Group

OpenRAN

SecurityReport

May2023

Outcomefrom

Quad

CriticalandEmerging

Technology

WorkingGroup

1

TableofContents

Introduction

5

Background

5

Objectivesofthisresearchstudy

6

Summary

6

1Categorizingsecurityrisksof5Gnetworks

9

2Scopeandmethodofresearch

10

2.1Introduction

10

2.2Scopeandlimitations

10

2.3AssumptionsontheRadioAccessNetwork

11

2.3.1Deploymentassumptions

12

2.3.2Securityassumptions

14

2.4Riskanalysis

15

2.4.1Threatidentification

15

2.4.2Riskrating

17

2.4.3Riskmitigation

20

2.4.4Mitigationowners

20

2.5PreviouslypublishedviewsonOpenRANsecurity

21

2.5.1BSI–OpenRANRiskAnalysis(5GRANR)

21

2.5.2NISGroup–ReportonthecybersecurityofOpenRAN

21

2.5.3CISA–OpenRadioAccessNetworkSecurityConsiderations

22

2.5.4IFRI–“Open”TelecomNetworks(OpenRAN)

23

2.5.5NTTDocomo–5GOpenRANEcosystemWhitepaper

24

2.5.6Summaryofpreviouslypublishedviews

25

3ComparisonofOpenRANandtraditionalRAN

29

3.1SecurityrisksassociatedtoOpenRAN

29

3.1.1Resultofthethreatidentification

29

3.1.2Resultoftheriskrating

31

2

3.2PotentialOpenRANsecuritychallenges

37

3.3PotentialsecurityadvantagesofOpenRAN

40

4Riskmitigationmeasures

42

4.1MitigationmeasuresdefinedbyO-RANspecifications

42

4.1.1Specificationanalysis

42

4.1.2Analysisresults

46

4.1.3SummaryofO-RANdefinedmitigatingmeasures

50

4.2Supplementarymitigationmeasures

51

4.2.1Analysis&design

51

4.2.2Implementation&test

54

4.2.3Sourcing&procurement

56

4.2.4Integration&deployment

58

4.2.5Operations&maintenance

60

5LabVerificationandAnalysis

63

5.1PurposeofLabVerification

63

5.2Labverificationscopeandprocedure

63

5.2.1Scope

63

5.2.2Procedure

64

5.3Testscenarios

65

5.3.1OpenInterface

65

CharacteristicsofOpenInterface

65

OpenFronthaulTestScenario

67

OtherOpenInterfaceTestScenarios

69

5.3.2Virtualization

70

CharacteristicsofOpenInterface

70

Testscenarioforvirtualization

70

5.3.3Intelligence

71

TheCharacteristicsofIntelligence

71

3

IntelligenceTestingScenario

71

5.4TestEnvironment

73

5.5ValidationResults

74

5.5.1OpenInterface

74

Verificationitemsandprocedures

74

TestResults

79

Analysis

80

6Conclusion

82

6.1OpenRANsecurityrisksandmitigations

82

6.1.1Riskanalysisfindings

82

6.1.2Mitigatingmeasures

83

6.1.3ComparisontotraditionalRAN

84

6.1.4LabVerificationandAnalysis

85

6.2Openchallenges

85

6.2.1AI/MLpoisoning

85

6.2.2Privacyconsiderations

85

6.3Aspectsunrelatedtosecurity

86

6.3.1Lowerpricesforwirelesscommunicationequipment

86

6.3.2Optimizingenergyefficiencythroughintelligence(Energysaving)

86

6.3.3ImprovedmonitoringandmaintenancefunctionsbySMOs

86

7References

88

Appendix

91

A1DuplicatethreatsidentifiedintheO-RANThreatModelingandRemediation

Analysis

91

A2SecuritythreatsuniquetoOpenRAN

96

A3SecuritychecklistforOpenRAN

104

A3.1Objectiveofthischecklist

104

A3.2Descriptionofparametersinthischecklist

104

A3.3Supplementaryinformation

105

4

Introduction

Background

Mobilecommunicationsystemsandotherinformationandcommunicationinfrastructuresareanessentialpartofthesocialeconomyandpeople'slives.5Gnetworks,whicharecurrentlybeingdeployedglobally,differfromconventionalmobilecommunicationsystemsinthat,inadditiontoultra-highspeedandhighcapacity,theyareequippedwithrequirementssuchasultra-lowlatencyandmultiplesimultaneousconnections,andareexpectedtobeusedasaplatformforimprovingefficiencyandconvenienceinindustryandsocietyandcreatingnewaddedvalue.Theimportanceofthesesystemsinsocietyandtheeconomyisincreasing,anditisimportanttoensuretheirsecurity.Traditionally,basestationsnecessaryforthedeploymentofmobilecommunicationsystemsweredesignedbyvendorsusingtheirproprietarytechnologiesandstandardsandwereprovidedasasinglesolution.Therefore,ifatelecommunicationsoperatoradoptsacertainvendor'sbasestationandbuildsanetwork,itwillbeforcedtocontinuebuildingitsnetworkwiththatsamevendor'sbasestationfromthenon,resultinginso-calledvendorlock-in.Thishasmadeitdifficultfornewentrants,eventhosewithsuperiortechnology,toenterthebasestationmarket,leadingtomarketoligopolyandvendorlock-in,andtheglobalmarketformobilecommunicationsystembasestationshasbecomeanoligopolydominatedbyasmallnumberofvendors.Inaddition,ifthevendorlock-insituationpersistsforalongtime,itisassumedthatthespecificationsandoperationalmethodsofbasestationsmaybecomeincreasinglyblackboxed.Furthermore,astheprocurementofproductsisdependentonaspecificvendor,ifprocurementfromthatvendorstagnatesorisdisruptedforsomereason,thereisapotentialforso-calledsupplychainrisk,wheretheentireservicemaybecomeinoperable.

Inresponsetothissituation,worldwideeffortsareunderwaytoopenuptheinterfacesbetweenthedevicesthatmakeupthebasestation,beginningwithOpenRAN.TheOpenRadioAccessNetwork(O-RAN)Alliance,aninternationalassociationforopenandintelligentRadioAccessNetworks(RANs),waslaunchedin2018.AsofMay2023,nearly330carriersandvendorsbelongtothisorganization,whichhasgrownintoaglobalandlargeindustryassociation.

TheO-RANAllianceisdevelopingopentechnicalspecificationsforsignalinterfacesbetweenthedevicesthatmakeupthe5Gbasestation.Inaddition,studiesarebeingconductedonthecertificationandinteroperabilitytestingofOpenRANcomponentsandinterfacesthroughOpenTestingandIntegrationCentres(OTICs),whichareopenandneutralinteroperabilityverificationcentres.Currently,severalOTICsareestablishedinEurope,theUSAandAsia,includingJapan.OpenRANallowsforthefreechoiceoftheequipmentthatmakesupthebasestation,makingitpossibletodevelopahighlyscalableandflexiblebasestation.Vendorswillalsobeabletointroducehigh-demandanddifferentiatedproductstothemarketthatusetheirownspecialisttechnologies,andmobilenetworkoperators(MNOs)willbeabletoadoptbetterproductswithout

5

beinglockedintoexistingvendors.ThewidespreaduseofO-RANspecificationsisexpectedtobreakthetelecomsbasestationoligopoly,andmarketcompetitionbetweenvendorsisexpectedtoimprovetheperformanceofindividualdevicesandreducethecostofequipmentconsideringincreasedmarketcompetition.

Ontheotherhand,reportspublishedbygovernmentorganizationsinsomecountrieshavepointedoutthatOpenRANshavesecurityissuesduetotheinclusionofinterfacessuchasOpenfronthaulandcomponentssuchasO-Cloud,SMO(ServiceManagementandOrchestration)andRIC(RANIntelligentController).

Objectivesofthisresearchstudy

Giventheabovebackground,itisenvisagedthatinthefuture,vendorswillactivelydevelopO-RANequipment,numberof5GbasestationscompliantwiththeO-RANAlliancespecificationswillincrease,andnetworksconsistingofadiverserangeofbasestationsprovidedbyvariousvendorsareexpectedtobeformed.

Ontheotherhand,reportspublishedbygovernmentorganizationsinsomecountrieshavepointedoutthatOpenRANshavesecurityissues.

Inresponsetothesepoints,thisstudywillfirstlydevelopacategorizationofsecurityrisksfor5Gnetworks,reviewexistingexpertreports,andconsiderhowtosetconditionsinaneutralandnon-biasedmanner.AcomparativestudyofOpenRANandtraditionalverticallyintegratednetworksisthencarriedouttoidentifythesecurityadvantagesandchallengesofOpenRAN.FortheissuesidentifiedassecuritychallengesforOpenRAN,riskmitigationmeasuresarestudiedforeachissue,andlaboratoryexperimentsareconductedforitemsconsiderednecessaryorbeneficial.WithsuchattentiontosecurityinOpenRANs,itisnecessarytoassessissuespointedoutinthosereportsandpossibilitiesforthemitigationinanobjectivemanner.

Summary

5Gnetworkfacesmultifacetedriskssuchasmarketoligopolyofbasestations,therisingcostoffossilfuel-basedenergyresourcesandincreasedcomplexityassociatedwithtechnologicalevolution.Amongthem,inthisinvestigation,securityrisksfortypical5GnetworkarecategorizedandcomparedbetweentraditionalRANandOpenRAN.

ComparisonofOpenRANandtraditionalRAN

•SeveralfindingsarederivedfromtheSTRIDEThreatModelingandassociatedriskanalysisperformedonthebasisoftheO-RANspecifications

-Intotal,10O-RANcomponentsandinterfaceshavehigh-ratedsecurityrisksassociatedtothem.ThecomponentwiththehighestnumberofsecuritythreatsaccordingtotheanalysisistheO-Cloud

6

-However,itcanbeconsideredavirtualization-relatedsecuritythreatthatisnotlimitedtoOpenRAN.Atotalof4%oftheanalyzedsecuritythreatsareconsidereduniquetoOpenRAN

-Comparedtonon-disaggregated,non-virtualizedRAN,OpenRANhaspotential

securityadvantages,incl.openlyspecified,verifiablesecuritycontrolsandcapabilitiesassociatedtovirtualizationandcloudificationthatcanhelptoimproveoperationalsecuritytasks

•MitigationmeasuresbasedonO-RANspecificationsareevaluatedasfollows:

-AnalysisofthetechnicalspecificationsshowsthatdefinedsecuritycontrolsmainlyfocusontheAnalysis&designphaseoftheOpenRANlifecycle

-SupplementarymitigationmeasuresareprovidedtocovertheentireOpen

RAN

lifecyclebeyondAnalysis&design

-Analysis&design:OpenRANvendortoensurecompliancewithrelevanttechnicalspecifications(incl.O-RAN,3GPP)andfollowbestpracticesforsecuresolutiondesign

-Implementation&test:OpenRANvendortoenforcesecuredevelopmentpractices,performsecuritytesting,andconfirminteroperabilityusingO-RANtestspecifications

-Sourcing&procurement:MNO,OpenRANvendor,andotherinvolvedpartiestocontractuallyagreesecurityrequirements,rolesandresponsibilities,e.g.,bysigningSLAsandutilizingRFPs/RFQs/SBOMs

-Integration&deployment:Involvedpartiestoperformnetworkintegration,securityconfigurationandhardeningtasks

-Operations&maintenance:MNOtoleverageoperationalsecurityand

automationcapabilitiesofO-CloudandSMOtoenforceestablishedbestpracticesforidentifyingandmitigatingsecurityincidents

-AsecuritychecklistattachedasanAppendixtothisreportisalsobeneficialfor

mitigationofsecurityrisk

-Withthesemitigationmeasures,itispossibletoensureequivalentsecuritylevelcomparedtotraditionalRAN

LabVerificationandAnalysis

•Forlabverificationpurpose,OpenFronthaulisselectedasarepresentativeinterfaceasitincludesallCUS+M-Planecomponentsandwasthefirstinterfacetobeopenedup.Thisinterfaceisanappropriaterepresentativetestsubjectduetoitsmaturityandadvancedimplementation

•ThetestsconductedherewerebasedontheO-RANspecification,anditwasconfirmed

thattheriskofOpenFronthaulcanbeaddressedbyadheringtothestandardspecification

•Furthermore,OpenFronthaulincludestypicalconnectiontypes(EthernetL2connections,TCP/IPconnections)andsecuritycontrolsOpenFH,whichmeansthatitcanbeestimatedthattheriskofotherinterfacescanalsobereducedbyadheringtothestandardspecifications,leadingtosecurityassurance

Inaddition,fromaspectsunrelatedtosecurity,OpenRANcanbeexpectedtohavethefollowingeffects:

-Improvementoftheperformanceandreducingthecostofequipmentbystimulatingcompetitioninthebasestationmarket;

-Mitigatingsupplychainrisks(diversifyingsuppliers)accordingtothemulti-venderconfiguration;

-Optimizingenergyefficiencythroughintelligence(Energysaving);

-ImprovementofmonitoringandmaintenancefunctionsbySMOs.

So,in5Gnetworkdeployment,MNOswillbeabletomakecomprehensivedecisionsbasedontheseaspectsaswellassecurity.

Finally,AsecuritychecklistsummarizingthesecurityrequirementstobemetbyOpenRANisalsoattachedasanAppendixtothisreport.ThischecklistismainlyintendedtobeusedtocheckwhetherthesecuritymeasuresforOpenRANnetworksaresufficientinthefollowingtwosituations.

-ForMNOscurrentlyoperatingOpenRAN:usethechecklisttoassessifthecurrentOpenRANnetworkdeploymentmeetsthenecessarysecurityrequirements.

-ForMNOsconsideringnewOpenRANdeployments:usethechecklistasareferencetoevaluate,eliminateorreducesecurityconcernspriortodeployingOpenRANinthefuture.

8

Implementation

vulnerabilities

Misconfiguration

/Lackof

hardening

ytaeoceIinlnbr

tk

1Categorizingsecurityrisksof5Gnetworks

Mobilenetworksaresubjecttoaplethoraofsecurityrisksthroughouttheirlifetime.5GadoptsmanytechnologiesandarchitecturalconceptsfromthedomainofITandthus,itneedstotakethosepotentialrisksintoaccount,forexample,relatedtotheincreasedadoptionofcloudcomputingandAI.ThesedevelopmentsarenotjustconstrainedtotheCoreNetwork,butalsoaffecttheRadioAccessNetwork(RAN).

Forthepurposesofidentifyingandappropriatelymitigatingtheserisks,itisusefultocategorizethem.Oneapproachistodistinguishthelifecyclephaseinwhicheachriskcommonlyoccurs.Both5GdeploymentsandOpenRANdeploymentsshareasystemlifecyclethatistypicallycomprisedofthefollowingphases:

1.Analysis&design

2.Implementation&test

3.Sourcing&procurement

4.Integration&deployment

5.Operations&maintenance

Throughouttheselifecyclephases,differentsecuritythreatshavethepotentialtoaffectindividualnetworkcomponentsoreventheentirenetworkdeployment.Table1illustratesthedifferentcategoriesinrelationtothesystemlifecycleoutlinedabove.Intheremainderofthisreport,thesecategorieswillbeleveragedtoanalyzeOpenRANsecurityrisksfurtherandidentifyassociated

Supplychain/

dependencyvuln.

controls.

Analysis&design

●

Designflaw

●

●

●

●●

Implementation&test

Sourcing&procurement

Integration&deployment

Operations&maintenance

Table1:Categorizationofsecuritythreats

6

10

2Scopeandmethodofresearch

2.1Introduction

Globally,mobilenetworkconnectionshavecontinuedtoincreaseeversincemobilenetworkswereintroduced,andtheyareexpectedtoincreasefurther.Atthesametime,theusecasesformobilenetworksareexpectedtoexpandandmobilenetworkswillbecomeincreasinglyessentialfordailylife.

TheRadioAccessNetwork(RAN)isresponsibleforprovidingtheaccessstratum.Saiddifferently,theRAN’sprimarytaskwithinamobilenetworkistoprovidecoveragetomobiledevicesandusingthatcoverage,enabledatacommunicationsbetweenconnecteddevicesandthecorenetwork.Withinthatsystem,itisthecorenetwork’sresponsibilitytohandlethatdataandtorouteittoanexternalparty,eitherdirectlyorthroughtheinternet.

Duetoitsdistributednatureofdeployment,theRANaccountsforaconsiderablepartoftheinvestmentinmobilenetworkdeployments.Therefore,itisunderstandablethatmobilenetworkoperatorswouldliketounderstandwhatthesecurityrisksareassociatedwiththisinvestmentandhowthosesecurityriskscanbeaddressed.

ThischapterdescribesathreatmodelingandriskanalysisapproachtoOpenRAN.ItdefinesthescopeofOpenRAN,ourmethod,andthekeyassumptionsunderpinningtheassessment.Finally,itcontainsasummaryofreportspreviouslypublishedbythirdpartiesonthetopicofOpenRANsecurityandhowthepresentreportfurtherextendsonthiswork.

2.2Scopeandlimitations

ThefollowingchapterdescribesthethreatmodelingandriskanalysisperformedontheOpenRANsystem.ThistheoreticalexerciseisperformedtoassessthethreatsurfacepresentedbyOpenRANsystemcomponentsandderiveappropriatesecuritycontrols.

BasisfortheanalysisdescribedinthisdocumentarethetechnicalspecificationsdevelopedbytheO-RANAlliance.SincetheseO-RANspecificationsbuildontheworkdonebythe3rdGenerationPartnershipProject(3GPP),therelevantsecurityspecificationsforNextGenerationRadioAccessNetwork(NG-RAN)arealsotakenintoaccount.Hence,throughoutthisdocument,theterm“OpenRAN”isunderstoodtomean“OpenRANasperO-RANand3GPPNG-RANspecifications”.Frombothofthesesources,thelatestavailabledocumentversionsasofMarch2023areutilized.PartofthisanalysisisalsoacomparisonbetweensecurityrisksuniquetoOpenRANandthosethataffectRANdeploymentsingeneral,incl.traditionalRAN.ThisdistinctionisintendedtohelpmobilenetworkoperatorsidentifygenuinelynewthreatsthatneedtobemanagedwhentransitioningtoOpenRAN.Thehigh-levelarchitecturaldiagraminFigure1illustratesallnetworkcomponentsandinterfacesofOpenRANthatfallwithinthescopeofthisanalysis.Thisdiagram,whichiscreatedbasedon

11

thelogicalarchitecturediagramofO-RAN[1],providesahigh-leveloverviewofhowindividualcomponentsandinterfacesareconnectedwithintheRAN,aswellasspecifieswhichofthemaredefinedandstandardizedby3GPPandO-RAN.

•SecurityprotocolsbetweentheRANandthecorenetworkaredefinedby3GPP(3GPPTS33.501)

•SecuritysolutionsforsoftwaredefinedDUandCUareimplementedandintegratedbymultiplevendors

•OpeninterfacesbetweenRANcomponentsarestandardizedby

xApps

Open

Fronthaul

M-Plane

UE

Xn-c

NG-c

Airinterface

O-RUO-DU

•UserPlaneandControlPlaneareprotectedby3GPPsecurityof3GPPTS33.501

Backhaul

Legend

UserPlanetraffic

ControlPlanetraffic

3GPPdefinedinterface

O-RANinterface

Forfuturestudy

O-CU-CP

E1

O-CU-UP

CUS+M-Plane

F1-c

F1-u

Non-RTRIC

ORANAlliance

Fronthaul

Near-RTRIC

O-Cloud

Open

NG-u

Xn-u

AMF

UPF

SMO

the

rApps

O2

O1

A1

R1

E2

E2

...

RadioAccessNetwork

CoreNetwork

Figure1:High-levelarchitecturaldiagramofOpenRANdeployments

OutofscopeofthisanalysisaresystemcomponentsoutsideofNG-RAN(e.g.,eNB,5GCore,UserEquipment),systemcomponentsandinterfacesofpreviousmobilegenerations(e.g.,4G/LTE),andanyproprietarycomponentsoutsidethescopeof3GPPandO-RANspecifications(e.g.,specificcloudimplementations).

2.3AssumptionsontheRadioAccessNetwork

OpenRANdeploymentscanvarygreatlybetweenusecasesandtherefore,securitycontrolsdifferaswell.Theproblemthisposes,isthatthelikelihoodofariskwillbeaffectedbythetypeofdeploymentthatisselected.Forexample,thelikelihoodofanattackonanisolateddeploymentwithintheperimeterofafactoryisdifferentthanthelikelihoodofanattackonapublicnetworkthatleveragespubliccloudresources.Toaddressthatproblem,ariskassessmentforeachtypeofdeploymentwouldneedtobeperformed.Eventhen,thevariationbetweendeploymentswouldlimitthevalueofsuchariskassessment.

Assuch,thefirstunderlyingassumptionoftheriskassessmentinthisdocumentisasfollows.

1.TheOpenRANdeploymentisassumedtobepartofapublicmobilenetwork.

Anotherassumptionhasbeenmadeonthesecuritycontrolsalreadypresentinthenetwork.Specifically,itisassumedthatminimumsecuritycontrolsnecessaryarealreadyinplace.Examplesforminimumsecuritycontrolsincludesuchfundamentalcapabilitiessuchasasysteminventory,secretsmanagement,andpublickeyinfrastructure.Thereasonforthisassumptionisthatwithoutit,theriskassessmentwillratemanyrisksashigh,whereasinpractice,mitigatingmeasureswillbeinplace(andinsomecasesmitigatingmeasuresthemselvesaresubjecttoadditionalrisks).Assuch,theassumptionof‘reasonablesecurity’ismadetoavoidlonglistsofthreatsthatmaybetheoreticallyrelevant,butinpracticearealwaysmitigated.Thisassumptionisbasedonexpert

opinionsaswellaspublicdata,whereavailable.

2.MinimumsecuritycontrolsarealreadypresentinthemobilenetworkintegratingtheOpen RANdeployment.

Inthefollowing,itisdescribedinmoredetailwhattheseassumptionsmeanspecifically.

2.3.1Deploymentassumptions

Mobilenetworkoperatordeploymentsarefarfromhomogeneous,evenwithinonemobilenetwork.Forexample,shoppingmalls,tunnels,remoteareascanallhavedifferentdeploymentsdependingonthelocalsituation.Thisreportfocusesonpublicnetworkdeploymentsthatareexpectedtobemostcommonlyused.

DomainAssumption

O-RU

-deployedinphysicallyaccessiblelocations,suchasonpoles,oron

rooftops

-physicallyaccessiblebyanattackerbyrelativelysimplemeans

O-DU

-deployedinalocaldatacenter,suchasadedicatedbuildingstation

orinthebasementofabuilding

tt

-accesstolocaldatacentersrestricted,butsharedwithother

O-CU

-deployedinphysicallysecureddatacenters

-onlyauthorizedpersonnelcanaccesspremises

-datacenterassetsseparatedforeachclient

SMO

-deployedinlarge,physicallysecureddatacenters

Table2:DeploymentassumptionsofOpenRANcomponents

TheriskassessmentalsoincludesacomparisonbetweenOpenRANandtraditionalRAN.

Because12

13

Deploymentassumptionsoftraditionalcomponents

Table3:

RAN

theterm“traditionalRAN”isnotclearlydefined,itisassumedthattraditionalRANdeploymentsarecomprisedofBaseBandUnits(BBU)andRadioRemoteUnits(RRU),alsocalledRadioRemoteHeads(RRH).ThearchitecturaldiagraminFigure2illustratesthenetworkcomponentsintraditionalRANdeployments.Whilethistypeofdeploymentimplementsanon-disaggregatedRANasspecifiedby3GPP,individualRANcomponentsareoftenprovidedbyasinglevendor,tightlycoupled,andrelyonproprietarysecuritycontrols.

Figure2:High-levelarchitecturaldiagramoftraditionalRANdeployments

WithregardtotraditionalRANcomponents,thefollowingassumptionshavebeenmade.TraditionalRANinterfacespecificationisnotopenlypublished.So,thirdpartiesintheindustrycannotproactivelydiscoverandaddresssecurityissuesintheinterfacespecification.

DomainAssumption

BBU

-deployedinphysicallyaccessiblelocationsclosetotheradioantenna,suchasonpoles,oronrooftops

-connectedtotheBBUviaunsecuredEthernetorFiberlink

RRU/RRH

-deployedinphysicallyaccessiblelocations,suchasrooftopsorseparateroominsideabuilding

-physicallyaccessiblebyanattackerbyrelativelysimplemeans

14

2.3.2Securityassumptions

Both3GPPspecificationsandO-RANspecificationscomewithsecuritycontrolsthatoperatorscanchoosetoemploy.Thereasonbehindtheoptionalityisthatthestandardsneedtoworkacrossdifferentgeographies,includingthosethatmayprohibitorlimittheuseofencryptionorothercryptographicprotocols.Assuch,technicalspecificationsaredefinedinawaythatsecuritycanbeenabledordisabled,sothatstandardequipmentcanbeusedacrosstheglobe.Atthesametime,thisdoesnotmeanthateachoperatorwillalwaysenableallofthesecurityfunctionalityavailableinthe3GPPandO-RANspecifications.Operatorsmayopttonotincludesecurityfeaturesiftheyfindthatithampersperformanceorthatitmaynotmit