Skip to content
InTechnology Podcast

What That Means with Camille: AI and Cybersecurity in 5G (191)

In this episode of What That Means, Camille gets into 5G cybersecurity and AI-powered RAN with Scott Poretsky, Director of Security for Ericsson. The conversation covers the benefits of O-RAN, the role of AI and machine learning in 5G cybersecurity, and zero-trust architecture.

Click here to learn more about the Ericsson Intelligent Automation Platform (EIAP) Ecosystem discussed in this episode.

To find the transcription of this podcast, scroll to the bottom of the page.

To find more episodes of InTechnology, visit our homepage. To read more about cybersecurity, sustainability, and technology topics, visit our blog.

The views and opinions expressed are those of the guests and author and do not necessarily reflect the official policy or position of Intel Corporation.

Follow our host Camille @morhardt.

Learn more about Intel Cybersecurity and the Intel Compute Life Cycle (CLA).

O-RAN: What Is It, and How Does It Work?

Scott defines RAN, short for radio access network, as the part of a network that takes the information from an antenna and converts it into something meaningful that can go to the 5G core, and then the information is sent out to the internet or other wireless service. The O part of O-RAN stands for open, and he explains that open RAN works by disaggregating hardware from software and making it cloud-native, which then opens up the ecosystem so more vendors can participate in building various sub-block functions of the RAN. This will lead to increased supply chain diversity and new interfaces between sub-functions. However, Scott emphasizes the need for securing those interfaces with zero-trust architecture.

AI and Machine Learning: Optimizing Performance, Sustainability, and Cybersecurity

Camille and Scott then explore the shifting paradigms as a result of AI and machine learning for 5G cybersecurity and RAN. He begins by noting an advantage of using AI and machine learning with the softwarization of RAN is the ability to build in more intelligence. Scott then outlines two different types of RAN intelligent controllers, or RICSs: non-real-time RICs that sit on service management and orchestrations (SMOs) and near-real-time RICs that sit below that. These RICs with AI machine learning capabilities built in can optimize RAN performance and improve network sustainability by using less energy and being more energy efficient.

At the same time, Scott touches on the growing importance of network cybersecurity because of the risks of AI and machine learning, pointing to the role of the Cybersecurity and Information Security Agency, or CISA. He adds how using rApps for non-real-time RICs and xApps for near-real-time RICs can better enable software vendors to build specialized software applications and efficiently integrate them into the RAN. Scott shares how the Ericsson SMO known as the Ericsson Intelligent Automation Platform (EIAP) is helping these efforts.

Zero-Trust Architecture

Diving deeper into zero-trust architecture, or ZTA, Scott begins by setting the scene of building in security with 6G and beyond, as AI, machine learning, and the cloud will be everywhere. Building security from the beginning with zero-trust architecture allows higher security at a lower cost. This will allow data to be protected in transit, in use, and at rest throughout the network. Using AI within the system, he says, will also allow a more dynamic policy rather than the traditional static policy, resulting in optimized security along with better sustainability by turning on power-hungry security features only when and where they are needed. As for defining the standards of zero-trust architecture, Scott lists the seven tenets from NIST, the four principles of zero trust in 5G from CISA, the zero trust maturity model, and the O-RAN Alliance.

Scott Poretsky, Director of Security, North America, Network Product Solutions at Ericsson

Scott Poretsky AI cybersecurity 5G RAN O-RAN

Scott is currently Director of Security for North America at Ericsson, a multinational networking and telecommunications company. He was previously AVP of Solutions Architecture for the Americas at Allot Communications. In addition to his work at Ericsson, Scott is Co-Chair of the O-RAN Alliance Working Group 11 for security as well as Co-Chair of the ATIS 5G Zero Trust Study Group. He has also served on the FCC Communications Security, Reliability, and Interoperability Council (CSRIC) and the NSA’s Enduring Security Framework. Scott’s education includes an MSEE in Communications Engineering from Worcester Polytechnic Institute and a BSEE in Computer Engineering from the University of Vermont. Scott is a CISSP and CCSP.

Share on social:


Scott Poretsky  00:11

If we can leverage AI ML to decide what security capabilities to turn on where and when, at each place in the network, we can better optimize our security, while still gaining the advantages of a zero trust architecture.

Camille Morhardt  00:31

I’m Camille Morhardt, host of InTechnology and very happy to have with me today, Scott Poretsky, to talk about the next layer down of cybersecurity and artificial intelligence and zero trust architecture in 5G, and telecommunications moving forward. Welcome to the podcast Scott.

Scott Poretsky  00:50

Thank you very much for having me. I look forward to a very interesting conversation.

Camille Morhardt  00:56

And just to rattle off of a little bit about your expertise here, you’re Director of Security in North America for Ericsson; you’re also co-chair of the O-RAN Alliance Working Group 11 for Security–and hold on, folks, if you don’t know what O-RAN is, that’s my first question for him. You are also co-chair of the ATIS 5G Zero Trust Study Group. And in the past, you’ve worked on the FCC Security and Reliability Council, as well as the NSA’s Enduring Security Framework.

So first question would be please tell us what RAN is?

Scott Poretsky  01:32

So you have your mobile device, and it goes over the air and connects to some antenna somewhere– whether it’s on the roof of a building or on a tower; and then from there, you’re able to make a call, send a text, or get out to the internet and start streaming movies on your device. The RAN is the part of the network that takes the information from that antenna and converts it into something meaningful so that it can go to what’s called the 5G core. The RAN takes that information from the antenna and through 3G PP specified functions, converts that into that information that goes to the 5G core, and then sends it out to the internet or to whatever service that you need.

Camille Morhardt  02:20

And RAN literally stands for Radio Access Network.

Scott Poretsky  02:24

Radio Access Network, so it is a type of access onto a larger network.

Camille Morhardt  02:31

So then what is the O?

Scott Poretsky  02:33

Yeah, so the “O” is open. So RAN, traditionally, it’s been a monolithic system of integrated hardware and software. It is standardized, however, being a monolithic system, there has been a few set of vendors who have been able to produce these. The idea is now by opening up the RAN, disaggregating, its functions–really decomposing it into smaller functions–and disaggregating hardware from software, while making it cloud native, we can open up the ecosystem, so that more vendors can participate in building the different sub block functions of the RAN. And one of the major goals of this is to increase supply chain diversity by having more vendors that can build these different sub functions. Now when doing this, however, we’ve created new interfaces between the sub functions.

And as we’re coming now into this area of zero trust architecture, we need to make sure that we secure everything as a micro perimeter and data on those internal interfaces between those sub functions is still secure. And that’s new, traditionally in RAN, we’ve been taking these monolithic functions with the integrated hardware and software and deploying these and an operator’s network in a facility that they control. But now that we’re going cloud-native, and we’re opening up all of these interfaces and creating these new sub network functions, we need to make sure we build in the security so that we can achieve what’s called a zero trust architecture.

Camille Morhardt  04:24

There’s also a new paradigm I’m gonna ask you to explain how that exists for I assume machine learning is a big part of that and why it’s coming about. And then I also want to understand some of the new paradigms for how AI is expected to be used, not just anticipated within 5G, but expected to be used.

Scott Poretsky  04:44

Alright, so one of the advantages of allowing softwarization of the RAN and clarifying this is we can build in more intelligence. Not just orchestration, that’s one way of having automation and intelligence, but also building in AI ML. With the open RAN standards being specified by the O-RAN Alliance, we have something called RICs. These are the RAN Intelligent Controllers. And there’s a non-real time RIC that sits in something called the service management and orchestration. And then there’s the near real time RIC that sits below that.

The RICs, these RAN-intelligent controllers, have AI ML capabilities built into them, so that we can make a more intelligent RAN that responds faster to conditions. It can optimize RAN performance, make the network more sustainable and we can gain higher performance while utilizing less energy becoming more energy efficient using this AI ML in the RICs.

Camille Morhardt  05:52

So can you say more detail around that, like as an example? What is it going to figure out or orchestrate in near real-time that currently is not happening and slowing things down? Or costing energy?

Scott Poretsky  06:07

Yeah, so we could see at a given hour that we’re using a large amount of the RAN resources, but there’s little utilization at that hour just because there’s fewer people in that area. So we could turn that back down and turn it up over in another area rather than operating at maximum capacity all the time in every area. There’s great advantages, cost advantages to this, and also for the environment. But we also have to keep in mind there are security considerations when doing this because there are security risks with AI ML. AI ML is a recognized attack vector. So when we’re doing this, we need to make sure it’s secure.

Remember, our networks are critical infrastructure. So the Department of Homeland Security’s Cybersecurity and Information Security Agency, CISA, they have 16 sectors of critical infrastructure that they manage. The communication sector is one of those sectors. So now we’re talking about opening up critical infrastructure and deploying it on cloud-native technology, and possibly even running on third-party infrastructure in a third-party facility. This introduces opportunity now for any type of threat actor to come into this expanded threat surface, because now there’s more entry points that you’re able to access. And as CISA says, with zero trust architecture, we have to assume the adversary is already in the network. So if we’re doing that, we need to secure these internal interfaces.

Now with AI ML, we’re also using enrichment data that can come from outside the network. So we can have these external sources pulling in AI ML data that we’re using to make decisions in our critical infrastructure. We need to make sure we can trust that AI ML data that we’re importing into the RAN, because this will influence those decisions. We need to make sure it’s trustworthy data, we need to make sure that it’s stored securely. We need to make sure that when we’re pulling that data from a third party they’re following security best practices for protecting AI data. We also need to make sure that interface with the API that we’re importing that data is secure, as well. And APIs are a high security risk. The Cloud Security Alliance has APIs as number two on their list of greatest cloud security threats–number two, ahead of misconfigurations. That just shows how serious API security is. And by the way, number one is identity and access management; we need to make sure that we have that properly implemented, as well. So when the O-RAN Alliance in Working Group 11–which I co-chair–we are making a concerted effort to secure the AI ML that we’re using in Open RAN And we’re making sure our APIs are secure, as well. In addition to securing all of those new internal interfaces that we’ve specified in O-RAN.

Camille Morhardt  09:24

Do you anticipate AI or machine learning or ML being used to actually discover attacks as they’re coming in or discover vulnerabilities one or the other? Or is it just like, you’re worried about it being attacked itself? Is it gonna go on the offensive looking?

Scott Poretsky  09:46

Yeah, this is actually a really insightful question by you. So in the RICs, we have applications, and in the non real time RIC, we have something called rApps, and in the near real time RIC, we have something called xApps. The purpose of having these apps is to further enable smaller software vendors who have specialized expertise to be able to build those software applications and efficiently integrate them into the RAN. So the rApps sit on something that’s called the R1 interface that’s part of service management and orchestration.  There can certainly be security, rApps, where we have a security vendor, they specialize in the area of security, they have something innovative for RAN security, they could build an rApp that supports that R1 interface and the security requirements associated with it, to now provide this new security functionality that integrates into the SMO, and is part of the O-RAN solution.

I think this is a great opportunity for software developers and security experts out there; the apps approach is a very nice way to integrate into the RAN using these rApps. And by the way, Ericsson has an rApps developer ecosystem, we have a website that you can go to where there’s developer guidance, and you can become part of the ecosystem to integrate into the Ericsson SMO—that’s service management and orchestration. Our SMO is called the Ericsson Intelligent Automation Platform, the EIAP. And yes, we allow integration of third-party rApps.

Camille Morhardt  11:36

Is part of the way that O-RAN is structured and some of the standards with 5G such that a developer doesn’t need to have deep expertise in Telco infrastructure in order to do some of this orchestration or management? I’m thinking of things like you said, look at energy consumption or perhaps orchestrating different times of day or different workloads. Somebody who might have that expertise, but not have worked on it in the telco space before, is there now an opportunity for them that wasn’t there previously?

Scott Poretsky  12:12

I think so. It’s certainly beneficial to have an understanding of the RAN, because you will integrate into the SMO which then has all of those interfaces to the different RAN functions–the open centralized unit, the OCU, the open distributed unit, the ODU, and then also to the ORU. So it is in the interest of the developer to understand these different RAN network functions that are there. But I really think there is opportunity now for software vendors, who have expertise in certain functionalities to now start building these for RAN when they didn’t have that opportunity before. And that’s one of the advantages now of opening up the RAN ecosystem and having what we call Open RAN.

Camille Morhardt  12:58

Can you talk a little bit about the difference fundamentally, in cybersecurity between previous generations, like 4G, and future generations are coming, 5G and 6G and beyond?

Scott Poretsky  13:11

Yes, so each generation of mobile technology has been more secure than the one prior to it.  5G is more secure than 4G, with things like what are called the soupy and the sookie and a SEP. So there’s all of these different acronyms that are real functions that have made 5G more secure.

6G, I anticipate will follow the same track and will be more secure than the prior G. We will see as 6G evolves, and it becomes even more cloud native than 5G, we will have cybersecurity specific to cloud security built in the 6G. And even more importantly, that zero trust architecture now, we’re seeing being thought of to be built into the 6G standards as those evolve.

Camille Morhardt  14:06

Hmm.  And where do you see the use of machine learning or artificial intelligence advancing and 6G?

Scott Poretsky  14:13

Oh, we’ll heavily rely upon it–so AI, ML, and cloud everywhere in 6G. It will be very important though, that we keep an eye on security, as well. We’re all in a rush to get the new latest shiny thing working so we can all use it. But of course, being a cybersecurity professional, I always say let’s also think about securing that. And if we can build in security, it results in not only a higher security posture but lower cost as well. Because if you go back after the fact and try to Lego brick on security, then you’re adding cost and you’re adding complexity. Now fortunately, with 6G we’re really seeing, now, this mindset to build in a zero trust architecture and building an AI ML securely, and make sure that all of our network functions are secured as micro perimeters. And we protect all of our data, data in transit, data in use and data at rest.

Camille Morhardt  15:19

Why do we need to use AI in this orchestration? I mean, why can’t a regular algorithm manage the load balancing and the different activities? What is it learning, actually, that’s unique and differentiated?

Scott Poretsky  15:36

Well, with AI, we can be more dynamic. And this is particularly important with policy, because we’ve been at a point that we have relied traditionally on what’s called static policy. So you pre-configure in your network static policy and that’s the way it lives until an operations person goes in and changes it because they received some work order somewhere. Well, by having AI built into the system, wherever possible, we now move away from that static policy, and have what’s called dynamic policy, where you don’t need to wait for a work order and have some operator go in and manually change that static policy. With dynamic policy, the system is able to learn and change that policy on its own, by the conditions that have been set.

Camille Morhardt  16:26

And what kind of policies?  Give me a handful of policies would it be dynamically changing.

Scott Poretsky  16:33

So I’ve mentioned a few times this ZTA, acronym.  ZTA, the zero trust architecture can be expensive, there’s a lot to do. There’s twelve different critical security control groups. There’s seven tenets we need to follow from NIST, there’s four principles for zero trust in 5G that come from CISA, there’s a lot to do. And it will take time to implement all of this. But when it’s there, it may also be processing intensive, this is a lot to monitor. Part of zero trust architecture is continuous monitoring and response. So just think about looking at everything all of the time.

But now, if we can leverage AI ML to decide what security capabilities to turn on, where and when, at each place in the network, we can better optimize our security, while still gaining the advantages of a zero trust architecture. And this also is consistent with sustainability. Because sometimes security and sustainability can work against each other in conflict, because we need to turn on all of these power-hungry security features, that hurts our sustainability. But now with AI, we can create a better balance there, so we can get to the security we need with the sustainability we’re trying to achieve.

Camille Morhardt  18:06

Thank you for eloquently summarizing why this podcast contains technology, sustainability, and cybersecurity, because they really do all go together sometimes, actually, quite frequently.

Scott Poretsky  18:17

Yeah, they do.

Camille Morhardt  18:19

What kinds of things are the working group or different standards bodies arguing about right now? What are some of the major contentions?

Scott Poretsky  18:28

I’d actually say right now, where there’s the most debate is in the zero trust architecture. How far do we want to go? How far do we want to take it? Because it is complex, there’s a lot of features, and it will take time. But as I remind my colleagues in Working Group 11, there’s something called the zero trust Maturity Model.  CISA advises we get there gradually over time, and they have four stages to get to a zero trust architecture, there’s traditional–traditional is the way we’ve been doing it. That’s the traditional perimeter security. So we have this big perimeter with all of our network functions inside of it and all of our data inside of it, and just secured at the perimeter. Perimeter security no longer works, because we have very sophisticated adversaries that are able to get in. So now what do we do? And that’s where we need to have that zero trust architecture that protects everything inside the network.

Let’s get there gradually, through the stages, get to a zero trust architecture from going from traditional to what’s called Initial and then the next one’s Advanced. And then the fourth one is the holy grail. That’s Optimal, zero trust architecture. That’s where we want to get to and CISA advises, don’t wait for perfect, don’t wait for optimal because in the meantime, you will be breached or you will be hacked and you’ll end up with ransomware or something just as catastrophic. Don’t wait for perfect. Start incrementally going through the stages now, adding the different security features on that march towards the zero trust architecture.

Camille Morhardt  20:13

So you’ve mentioned that communications is one of the sixteen critical infrastructures that the US government considers to be critical. So what happens, if it’s hacked? What happens if all of the security fails, and something goes down and major portions of cellular network are disabled or frozen? Is there, like, a contingency plan or resiliency plan? Help us feel a little better about the steps that are being built in that space.

Scott Poretsky  20:45

So there’s a lot of focus right now on resiliency in our communications networks; this work is being done in a number of different bodies, vendors pay very close attention to this. Also, many vendors now are looking at how they can better secure their products. Certainly, Ericsson has been leading the way here, we’ve taken security of our networks very seriously, understanding the responsibility that we are building critical infrastructure for societies around the globe. So we’ve been building in the security in our software development processes, in the features we support, and in the operationalization of the products, as well, so that security teams with our customers can also use our products to monitor the situation. So I think we’ll see the vendor community as a whole continue to raise that security posture.

Camille Morhardt  21:43

Has the government or different standards bodies laid out requirements for resiliency, as well as requirements for security?

Scott Poretsky  21:51

Yeah, so there are agencies involved here, great references, or CISA, NIST, and even the FCC for communications networks. So that work is being done there.

Camille Morhardt  22:04

What am I not asking you that I should in this space?

Scott Poretsky  22:10

How will we know when we have a security event going on in the network?  Because you can’t get to a zero trust architecture unless you have visibility. And this is one of the key things that’s pointed out in the NIST tenants and also the CISA guidance for 5G cloud infrastructure: you need to have that visibility. And it’s called continuous monitoring and logging. This needs to be built in.

And as we’re thinking about sustainability, too, we also need to consider how much to continuously monitor and log and where to do that and what to look for. So there are tradeoffs here, but we also need to have that feedback loop into our dynamic policy, as we’re detecting events. Because we need to be able to respond and recover when we detect an event. And from that detection, use our AI ML to determine the level of impact. How would we score this, that would dictate how we want to automatically respond and orchestrate that response. So this all comes back together is one big feedback loop that starts with that visibility.

Camille Morhardt  23:28

And that’s part of what Working Group 11 is working on?

Scott Poretsky  23:35

That’s right. We are pursuing a zero trust architecture for RAN and we really think the O-RAN Alliance would be the first standards body that specifies zero trust architecture for RAN.  And this will help have a very strong security posture in Open RAN.

Camille Morhardt  23:53

Scott Poretsky Thank you. You are co-chair of the O-RAN Alliance Working Group 11 for Security and also Director of Security for North America for Ericsson. Thank you for your time explaining this.

Scott Poretsky  24:10

Camille, it was great to speak with you and have this conversation. I’m always happy to share cybersecurity, talk with anyone who’s interested.

More From