VIAVI Solutions NITRO Wireless Open RAN Security Test Solution A TeraVM Security and TM500 Solution to Reduce Risk of Costly Open RAN Security Breaches The Challenge Malicious actors are constantly probing for weaknesses in networks. Open RAN networks and interfaces offer many benefits but also open up more threat surfaces. Equipment vendors, operators and Open Test and Integration Center (OTIC) Labs face an increasingly complex task to both ensure that network elements have been designed to withstand security threats and are kept up-to-date. Growing usage of open-source software makes this more complex: a missed patch or expired certificate can provide an open door for a hacker. The VIAVI Solution The VIAVI Open RAN Security Solution provides a suite of automated tests to check for compliance to standards offering vendors, labs and operators peace of mind when deploying Open RAN. Test coverage includes 3GPP SCAS compliance, DoS and fuzzing attack, O-Cloud resource exhaustion, protocol validation, port scanning and open fronthaul security test. Business Impact A network security breach can result in significant impact to an operator with a knock-on effect for their vendors. And the situation is made worse if an organization cannot track what software is embedded and whether it is upto-date. An unpatched software module may seem insignificant, but the ripple effects can be enormous. Before 2021, Log4j was an obscure piece of open-source software that turned out to be widely used across the software industry. Many companies were not even aware of the level of their exposure. Solutions Brochure VIAVI NITRO

Sample Use Cases Use Case 1: 3GPP Security Assurance Specs (SCAS) and and O-Cloud against potential vulnerabilities and System Security – Test E2E network against 3GPP TS weaknesses which could disrupt network availability 33.511 and TS 33.117 for security functional requirements and compromise data integrity. as well as security requirements derived from threats specific to gNB. Automated tests include Integrity check, Ciphering, AS algorithms, security key validation. Use Case 3: Software Security Evaluation – Verify validity of the software by testing for Software Bill of Material (SBOM) and...