SAN JOSE, Calif. — The TIA has started a working group to study security for network functions virtualization (NFV), a move that is arguably less about security itself and more about carriers’ lingering discomfort with this new, software-driven world.
Plenty of other groups and projects are looking into NFV security. What TIA members want is a “clearinghouse” for all that activity, said Franklin Flint, the TIA’s chief technology officer, who announced the working group during the closing session of last week’s NFV World Congress.
The working group’s output is yet to be decided. It could be a design reference or a set of specifications, or simply some recommendations. Even so, the group is noteworthy because of what it represents. It’s an indication of carriers’ unease with open source software.
“They instinctively say to themselves, ‘Clearly, Linux is being used by the NSA and the large banks, so clearly, open source can be secure,’ ” said Flint. But “they also know software has a lot more vulnerabilities compared to purpose-built silicon.”
Carriers have been talking big about committing to open source. AT&T, for instance, is hoping for open source participation for its Enhanced Control, Orchestration, Management & Policy (ECOMP) platform.
But open source development at large scale is a new experience for telecom operators, which are accustomed to years-long standards cycles. Open source software, on the other hand, is a chaotic process where anybody can try anything at any time — and it’s up to the community to decide what works.
And yet, open source has become the development vehicle of choice for software-defined networking (SDN) and NFV. The open source OPNFV project, for instance, is creating an NFV reference implementation using other open source pieces.
Carriers do seem to be sincerely committed to open source software. What they want out of the new TIA group, Flint guessed, is some “assurance” that security won’t become a runaway train of a problem.
The group held one meeting on April 20, with carriers, software vendors, and equipment vendors participating, Flint said. He said the working group is hoping to issue a call for participants in June. That’s also when they’ll make decisions about how the working group should be funded.