AIN in­ve­sti­ga­tes se­cu­ri­ty aspects in ra­dio com­mu­ni­ca­ti­on net­works, which, par­ti­cu­lar­ly through 5G, gain a cen­tral role for data com­mu­ni­ca­ti­on in pro­fes­sio­nal fiel­ds – in­clu­ding cri­ti­cal in­fra­st­ruc­tures such as en­er­gy and wa­ter sup­ply, lo­gi­stics and trans­por­ta­ti­on. The as­so­cia­ted risks in terms of IT se­cu­ri­ty and data pro­tec­tion ari­sing from the use of 5G as a com­mu­ni­ca­ti­ons in­fra­st­ruc­tu­re must be iden­ti­fied ac­cord­in­gly in or­der to ad­dress po­ten­ti­al vul­nera­bi­li­ties. 

The “Open RAN Risk Ana­ly­sis” stu­dy was com­mis­sio­ned and fi­nan­ced by the Ger­man Fe­deral Of­fice for In­for­ma­ti­on Se­cu­ri­ty (BSI) and writ­ten by the Bark­hau­sen In­sti­tu­te as an in­de­pen­dent re­se­arch in­sti­tu­te in coope­ra­ti­on with AIN and with the sup­port of se­cu­n­et Se­cu­ri­ty Net­works AG. The fo­cus of this stu­dy lies on the im­ple­men­ta­ti­on pro­po­sal for a 5G-RAN spe­ci­fied by the O‑RAN ALLIANCE, in short O‑RAN. Ba­sed on the cur­rent spe­ci­fi­ca­ti­ons at the time, the stu­dy pres­ents the re­sul­ting thre­ats and risks, which can ser­ve as a ba­sis for de­ci­si­on-ma­king re­gar­ding ne­cessa­ry fu­ture mea­su­res to mi­ni­mi­ze risks.