Cryptography is a foundational security technology used to protect digital information by providing the underpinnings for confidentiality, authentication and integrity. Today’s cryptographic algorithms may soon be undermined by emerging attacks, including the realization of a cryptographically relevant quantum computer (CRQC). Such attacks pose a very real and increasingly urgent threat across virtually all industries and their technologies, including broadband network infrastructure.

With cryptography and public key infrastructure being foundational to the security of cable networks, the broadband industry is uniquely positioned to rise to this challenge and seize the opportunity to future-proof networks to be robust, flexible and responsive to any cryptographic threat — quantum or otherwise. In this blog, we’ll review the threats against cryptography on the horizon, the solution to mitigate those threats and actions to start migration to new cryptographic paradigms. Many organizations, including network operators, have started taking action to plan for and execute cryptographic migrations.

The Threat: Attacks Against Cryptography

So, what exactly is the risk? To put it simply, quantum computers will one day be powerful enough to crack the asymmetric cryptography that is the basis of confidentiality, authenticity and integrity of data at all layers for virtually all devices deployed today. The current timeline for the potential development of a CRQC is 10–30 years — with increasing probability. That estimate isn’t certain, and recent research advancements suggest that it could be sooner.

While that time frame is wide, the risk of compromise is relevant today, thanks to the “harvest now, decrypt later” style of attack. In this scenario, adversaries may capture encrypted data today and retain it, planning to decrypt it once they have access to a CRQC. Any sensitive data generated today that will remain sensitive in the future (such as health records) is therefore at risk today.

The Solution: Cryptographic Agility and Post-Quantum Cryptography

So, how can the industry future-proof itself against these threats? The solution is twofold:

• Enabling cryptographic agility: Cryptographic agility is the ability to switch cryptographic systems quickly and efficiently. It’s a forward-looking design principle and capability that helps security interfaces stay flexible and adaptable in the face of all future threats.
• Post-quantum cryptography (PQC): Also called quantum-safe cryptography, these new encryption algorithms are designed to resist attacks from quantum computers. Their standardization, primarily driven by the National Institute of Standards and Technology in the United States, is a global effort that’s been ongoing for the last decade.

PQC aims to be the replacement for today’s vulnerable cryptography. Cryptographic agility is the framework by which systems will be migrated to PQC (and future iterations of cryptographic algorithms). Together, these strategies offer a path forward.

Migrating to PQC and Leveraging Existing Guidance

From existing guidance on cryptographic migrations, the CableLabs Future of Cryptography Working Group — a collaborative initiative bringing together operators, vendors and security experts to prepare for and to navigate changes to evolving cryptography — has identified certain “no-regret” actions, which can benefit network security posture regardless of whether or when the threat of a CRQC is realized. Some of these no-regret actions include:

• Establishing a cryptographic inventory: A comprehensive inventory of what cryptography is deployed is a critical artifact for any organization to compile as a first step towards cryptographic migrations.
• Assessing and estimating cryptographic agility enablement: Cryptographic agility is a deceptively simple concept; effectively enabling it begins with quantifying how cryptographically agile security interfaces are today. Tools exist today to aid in that effort.
• Discussions with vendors: Vendors play a critical role in cryptographic migrations, providing the implementation of security interfaces and concretely enabling cryptographic agility. Therefore, early and ongoing engagement with vendors on their roadmaps for enabling cryptographic agility and migrations to new cryptographic paradigms is key.
• Risk assessments and defining risk tolerance: Migration of cryptography at full organization scale is an optimization problem; undertaking risk assessment activities to identify the devices, services and interfaces that are at highest risk and should be prioritized for migration is crucial.

Taking Action Through Collaboration

Over the next decade, regulatory bodies around the world expect critical infrastructure — including broadband networks — to adopt quantum-safe cryptography. That makes the next five years crucial for operators looking to future-proof their networks and enable cryptographic agility as a key security capability. Reaching that goal will require deep collaboration, not just between network operators, but across the entire ecosystem of equipment manufacturers, software developers and standards organizations.

To ensure a smoother transition, the CableLabs Future of Cryptography Working Group is continuing to drive the foundational work to adapt current crypto migration and agility guidance to cable networks, identifying gaps therein and developing strategies to address those gaps. The working group’s mission is to develop practical, industry-specific guidance for enabling cryptographic agility as a new capability and migrating operator networks to post-quantum cryptography.

The threat may be complex, but the goal for the cable broadband industry is simple: Keep our networks — and the people who rely on them — secure for the future. To learn more or if you’re interested in contributing, the Future of Cryptography Working Group is open to CableLabs members and our vendor community. Join us here.

Ransomware has changed a lot in the past few years. The term refers to a form of malicious software loaded by attackers to restrict access to files and other data with the intention of extracting payment from the owners of that data.

CableLabs has been working to make sure that residential and business subscribers have the tools they need not only for preparedness and prevention, but also in the event that ransomware actors target them.

Let’s take a look at how the ransomware landscape has evolved, how law enforcement has changed its approach and how one important document can alter the course of your network’s future.

The Law Enforcement Front

The global climate on the regulatory, legislative and law enforcement front has changed, as you can see in the table below.

Evolving Threat Actor Behavior

We’re also seeing changes in threat actor behavior. There’s been a sharp increase in both the number of victims (over 200 percent) and the number of ransomware variants (over 30 percent) in 2025 — a deviation from last year’s trends.

The increased use of ransomware-as-a-service (RaaS), the open availability of threat tools and malicious actor communication all continue to evolve. No longer does the threat actor have to find a way to access systems, they can now buy opened systems and immediately move to the ransom phase. The horizontal disaggregation of the marketplace has enabled more threat actors to engage against more victims, with less technical know-how. Exploited vulnerabilities are now the primary method of malicious access, followed by compromised credentials and email/phishing.

Collaborating to Combat Threat Actors

CableLabs engages with several Information Sharing and Analysis Centers (ISACs) and anti-abuse groups. One of the more focused groups is the Messaging, Malware and Mobile Anti-Abuse Working Group (M³AAWG), where we’re proud to have helped to both originally build (and then shepherd updates to) the “M³AAWG Ransomware Active Attack Response Best Common Practices” document.

We do this work because — although the dogma of cybersecurity defense is to prepare, prepare, prepare — the reality is that no matter how good a network’s defenses are, they can always be stronger.

The Best Common Practices document starts with advice from victims who were previously infected, moves on to steps to follow, lists numerous resources, provides a high-level view of what to expect and finally offers decision guideposts about who to involve and when. The document helps with detection, analysis and response activities; demonstrates how to communicate; and enumerates the deliverables necessary for each stage.

This document doesn’t prescribe specific behaviors, but it helps to make sure the reader is equipped with the right questions to ask, as well as the considered order of approach to tackling a problem.

There will be decisions to make about when to declare an event, whether you have reporting requirement, what law enforcement’s role will be, which disclosures are necessary, whether you pay a ransom (or whether that is legally permissible in your situation), when and how to engage on cybersecurity insurance, and what your potential negotiation options are.

There are always collateral victims in attacks like these, and there may be actions possible or preferable on those fronts that will need to be evaluated. That process is one of many that will involve others within the organization. This document helps lay out who should be considered in each step.

The Importance of Having a Plan

Everyone hopes that this aspect of the global economy will come to a decisive end but, in reality, that’s neither the trend nor the expectation. In a dangerous world, it’s best to have a plan for how your company will act in a multitude of situations — even the unpleasant ones.

The Best Common Practices document is a tool for checking existing policies, technologies and the people involved in the prevention plans, but it can also be a cheat sheet for those who have had to balance other needs against external threats and suddenly find themselves in a difficult situation.

Read the “M³AAWG Ransomware Active Attack Response Best Common Practices” document to learn more about the options that are available for victims of ransomware attacks. The document is one resource in a broader cross-sector toolkit that helps defend against and manage the risk of ransomware threats. For more, check out:

• A Cybersecurity Framework 2.0 Community Profile from the National Institute of Standards and Technology (NIST)
• StopRansomware.gov from CISA

Winston Churchill famously said, “If you’re going through hell, keep going.”

These resources can show you how.

Last month’s Hacker Summer Camp brought together hackers, researchers, practitioners and leaders in cybersecurity to review the cutting edge of security research, share tools and techniques, and find out what’s at the front of everyone’s mind in the security space.

So, what was at the forefront of the conversation this year in Las Vegas, and what trends in cybersecurity do you need to be aware of?

We outline our takeaways from Black Hat USA and DEF CON in a new CableLabs technical brief, available exclusively for our member operators. We’ll also dive into the conferences further during a members-only webinar on Wednesday, Sept. 17. Members can register here to join us.

For now, some of our high-level insights are summarized here.

What’s Old Is New Again: Hacking Like It’s the 90s

With the rapid adoption of tooling like generative AI and its agentic variants, the implications of overlooking the basics in security are more impactful than ever. Many different presentations at Hacker Summer Camp focused on this theme, in which researchers consistently demonstrated how classic cyberattacks are still thriving, now applied to modern contexts like agentic AI. The takeaway? AI-centric software is still software; thus, the basics apply: applying least privilege, separation of interests, thorough input sanitization and more.

AI: Your New, Non-Deterministic, Insecure Execution Environment

Unsurprisingly, AI remains at the forefront of the discussion. Novel from recent years was the notion that AI is no longer simply a chatbot interface added to your architecture, but a whole new execution environment. Many presentations and demonstrations showcased how large language model (LLM)-powered applications and agentic AI constructions can be abused or confused, with several undesirable outcomes. While there’s a great deal of work to be done to secure emerging AI technologies, many strategies for mitigating attacks were recommended. AI is being adopted in cybersecurity too, from both the adversarial and defender perspectives, which makes it clear that another cybersecurity arms race is underway.

Automation Pitfalls: Deploy Fast, Break Faster — With a Bigger Blast Radius

Automation tooling, such as continuous integration and continuous delivery (CI/CD), took center stage for many discussions, where simple and subtle misconfigurations resulted in significant consequences, from initial access and lateral movement. With one of the killer use cases of agentic AI being coding assistants and source code reviews, today’s relationship between AI and automation tooling is a close one. The aforementioned attack surface of those AI components thus has direct implication to that of the automation tooling.

Initial Access: CI/CD, Developers and Supply Chain Attacks

Finally, the conferences this year demonstrated the increasing burden of developers to act as bastions of security. However, the attack surface faced by the average developer is also increasing. This is due in part to the addition and management of AI assistants with access to code as well as the use of plugins for Integrated Developer Environments (IDEs) like Visual Studio Code that are ubiquitous across the industry. Developers and the tools they interact with are increasingly valuable for adversaries to target, creating opportunities for initial access and even executing supply chain attacks.

Cybersecurity Evolution Continues Moving Forward

Hacker Summer Camp 2025 made it clear that the rapid shifts we’re seeing in technologies like AI have left significant gaps in ensuring that the basics of security remain covered. It also demonstrated that cybersecurity professionals and enthusiasts are doing the work required to address those gaps, as well as adopting new and adapting classic approaches to bolster cybersecurity controls.

To learn more about the content and themes covered during the conferences, download our members-only tech brief and plan to join us Wednesday, Sept. 17, for the Lessons from Hacker Summer Camp 2025 webinar.

If you’re an employee of a CableLabs member operator and don’t yet have an account, register for access to the tech brief and much more member-exclusive content.

Residential proxies and decentralized physical infrastructure networks (DePINs) are technologies that enable end users to participate in semi-anonymous communications similar in function to virtual private networks (VPNs) by essentially sharing their broadband connection with anonymous third-party users. These types of networks are not new, but they have become more popular, easier to set up (sometimes even inadvertently) and are advertised to subscribers to make passive income, remove geo-blocking restrictions, and increase their privacy and security.

In this blog, we’ll look at how these networks function, why subscribers are implementing them on their home networks, and finally the security and privacy risks presented by these types of networks to both subscribers and internet service providers (ISPs).

What Are Overlay Networks?

Generally speaking, overlay networks are logical networks built on top of existing physical networks. Residential proxies and DePINs are examples of overlay networks that consist of software or hardware that runs on the subscriber’s home network or mobile device.

Many of these networks include a crypto token (bitcoin, Ethereum, etc.) that allows the end user to earn a financial stake by sharing their bandwidth in the overlay network. These networks are marketed to subscribers to earn passive income, with catchphrases like, “Get paid for your unused internet” or “Turn your unused internet into cash,” and companies offering these services often have signup bonuses, specials, referral incentive programs and pyramid schemes.

Harms to the Subscriber

End users believe that they will get extra security and privacy by participating in these types of networks. However, they often face a very different reality.

To participate, users must put their trust in the proxy provider, which has strong incentives to monetize their access to end-user data and online activity by selling user information to data brokers or other third parties. For example, privacy violations can occur by leaking sensitive information, such as what sites the subscriber is visiting, to third parties for targeted ads and profiling.

By sharing their broadband connection with these proxy networks, subscribers may unwittingly participate in botnets, distributed denial-of-service (DDoS) attacks and other illegal activities such as copyright violations or, even worse, facilitating the transfer of child sexual abuse material.

The broadband subscriber simply cannot know what undesirable or illegal traffic they are allowing to transit their broadband connection. This can harm the reputation of the subscriber’s IP address, which could result in the subscriber’s access to legitimate services being blocked. It could even result in legal actions against the subscriber as government authorities will track down the often-unwitting subscriber by their IP address.

Additional ways that a broadband subscriber may suffer harm is through the unintentional installation of malware or info-stealing software. For example, a cybercrime campaign by a group named Void Arachne uses a malicious installer for virtual private networks (VPNs) to embed deepfake and artificial intelligence (AI) software to enhance its operations. End users may believe they are installing software that will enhance their privacy and security but are actually installing malware that tracks them and feeds sensitive data to bad actors.

Harms to the Broadband Network

Residential proxies consume bandwidth and produce traffic that is not directed to or originates from the broadband subscriber. This extra bandwidth consumption could adversely affect the subscribers' perceptions of their service and may increase costs for the network operator. There can be implications to peering agreements between operators as well. A residential proxy that facilitates the transfer of certain traffic may lead to lowered reputations of the IP addresses in use and potential blocking by external services.

ISPs face a much broader risk when it comes to IP reputation. The reputation of one IP that has been damaged due to running an overlay network can affect not just one subscriber but multiple subscribers as the IP address is reassigned through Dynamic Host Configuration Protocol (DHCP). If operators use network address translation (NAT), all addresses behind the NAT can be affected. This not only causes disruption in service for the subscribers but can also cause reputational harm to the ISP and its brand.

Some overlay networks require that static inbound port forwarding be set up to fully participate in the network. These ports are then easily scanned and recorded in databases such as Shodan, making participating nodes easy to discover. DePIN hardware will inevitably be deprecated and no longer receive firmware updates and security patches. This will lead to a higher risk of the devices being compromised and exploited for other purposes, such as participating in a botnet.

Improving Capabilities to Counter Threats

In summary, decentralized overlay networks such as residential proxies and DePINs pose real and significant security and privacy concerns for both subscribers and their ISPs. These technologies enable semi-anonymous communications but also increase the risk of reputational harm, disruption in service and potential malicious use.

As these networks become more widespread and are increasingly exploited by malicious actors, it is essential to improve detection capabilities and develop effective mitigation strategies to address these risks.

To effectively mitigate these risks, a multi-stakeholder approach is necessary, involving collaboration between civil society, ISPs, overlay network providers, regulatory bodies and law enforcement agencies. This can include implementing robust network monitoring and security protocols and developing guidelines for educating subscribers on safe usage practices. By taking a proactive and coordinated approach, we can minimize the risks associated with overlay networks and promote a safer and more secure online environment for all users.

If you are a CableLabs member or a vendor and are interested in collaborating with us on solutions for safer, more secure online experiences, explore our working groups and contact us using the button below.

Threats to internet routing infrastructure are diverse, persistent and changing — leaving critical communications networks susceptible to severe disruptions, such as data leakage, network outages and unauthorized access to sensitive information. Securing core routing protocols — including the Border Gateway Protocol (BGP) and the Resource Public Key Infrastructure (RPKI) — is an integral facet of the cybersecurity landscape and a focus of current efforts in the United States government’s strategy to improve the security of the nation’s internet routing ecosystem.

CableLabs has released an update to the “Cybersecurity Framework Profile for Internet Routing” (Routing Security Profile or RSP). The profile serves as a foundation for improving the security of the internet’s routing system. An actionable and adaptable guide, the RSP is aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), which enables internet service providers (ISPs), enterprise networks, cloud service providers and organizations of all sizes to proactively identify risks and mitigate threats to enhance routing infrastructure security.

The RSP is an extension of CableLabs’ and the cable industry’s longstanding leadership and commitment to building and maintaining a more secure internet ecosystem. It was developed in response to a call to action by NIST to submit examples of “profiles” mapped to the CSF that are aimed at addressing cybersecurity risks associated with a particular business activity or operation.

Improvement Through Feedback and Alignment

The first version of the RSP (v1.0) was released in January 2024 in conjunction with an event co-hosted with NCTA — the Internet & Television Association, featuring technical experts and key government officials from NIST, the Federal Communications Commission (FCC), the National Telecommunications and Information Administration (NTIA), the Cybersecurity and Infrastructure Security Agency (CISA) and the White House Office of the National Cyber Director (ONCD).

Following the release of the first version of the RSP, CableLabs conducted outreach to other relevant stakeholders within the broader internet community to raise awareness about this work and to seek feedback to help improve the profile. In addition, NIST released its updated CSF 2.0 in February 2024.

The RSP update reflects stakeholder input received to date and accounts for changes in the NIST CSF 2.0. In particular, the RSP v2.0:

• Aligns with NIST CSF 2.0’s addition of a “Govern” function and revisions of subcategories in the RSP’s mapping of routing security best practices and standards to the applicable key categories and subcategories of the NIST CSF 2.0’s core functions.
• Adds routing security considerations for most subcategories that previously did not include such information.
• Incorporates informative and relevant references within the context of the mapping rather than as a separate column of citations.

Advancing Routing Security Through Public-Private Partnership

Since its release, the RSP has been cited as a resource by various government stakeholders in recent actions and initiatives, including NTIA's Communications Supply Chain Risk Information Partnership (C-SCRIP)’s BGP webpage, the FCC’s proposed BGP rules and ONCD’s Roadmap to Enhancing Internet Routing Security.

In addition, CableLabs continues to closely engage in public-private stakeholder working groups. They include the joint working group recently established by CISA and ONCD, in collaboration with the Communications and IT Sector Coordinating Councils. The working group was created, according to the ONCD roadmap, “under the auspices of the Critical Infrastructure Partnership Advisory Council to develop resources and materials to advance ROA and ROV implementation and Internet routing security.”

The Ever-Evolving Cybersecurity Puzzle

The RSP remains a framework for improving security and managing risks for internet routing, which is just one key piece of a larger critical infrastructure cybersecurity puzzle. As with any endeavor in security, the RSP will evolve over time to reflect changes to the NIST CSF, advances in routing security technologies and the rapidly emerging security threat landscape.

The RSP was developed by CableLabs’ Cable Routing Engineering for Security and Trust Working Group (CREST WG). The group is composed of routing security technologists from CableLabs and NCTA, as well as network operators from around the world.

Learn more about all CableLabs’ working groups, including the CREST WG, and how to join us in this critical work. Download the profile here, or view it using the button below.

In recent years, the U.S. government has undertaken efforts to adopt a zero trust architecture strategy for security to protect critical data and infrastructure across federal systems. It has also urged critical infrastructure sectors — including the broadband industry — to implement zero trust concepts within their networks.

The industry plays a key role in managing the National Critical Functions (NCFs) as a part of the Cybersecurity and Infrastructure Security Agency (CISA) critical infrastructures sections. Therefore, cable operators need to embrace zero trust concepts and do their best to apply them to their infrastructure elements.

What Is Zero Trust?

For quite a long time, some critical infrastructure elements have been considered as trusted because they happen to be physically located within the operator’s perimeter (e.g., back offices, trust domains). However, this approach can’t prevent these infrastructure elements from threat vectors that exist within the operator’s perimeter, such as illegal lateral movements. Additionally, conventional solid, hardware-based network perimeters are vanishing as the industry shifts toward software-define, virtualized and cloud networks.

As specified in the NIST "Zero Trust Architecture" document (NIST SP 800-207), “zero trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location (i.e., local area networks versus the internet) or based on asset ownership (enterprise or personally owned).”

What Is the Zero Trust Best Common Practices Document?

The Zero Trust Best Common Practices (ØTIS BCP), which will be released on September 24, was developed as a joint effort by CableLabs and steering committee members in the Zero Trust and Infrastructure Security (ØTIS) working group. Taking the aforementioned NIST SP 800-207 document and the CISA Zero Trust Maturity Model (ZTMM) into account during its development, the ØTIS BCP addresses security gaps that our members have identified and develops a zero trust security framework that covers the following areas:

• Credential protection and secure storage
• Identity security and data protection
• Asset and inventory management
• Supply chain risk management
• Secure automation
• Security monitoring and incident responses
• Boot security
• Policy-based access management
• Consistent security control

The ØTIS BCP is intended to serve as a guideline for cable operators and vendors as they implement zero trust concepts and support network convergence and automation. Cybersecurity professionals and decision-makers involved in the security of access networks may also find the ØTIS BCP informational because the document shows the broadband industry’s consensus on how to provide consistent security baselines for infrastructure access networks.

What Is the Next Step?

After releasing this initial version of the ØTIS BCP, we plan to expand the ØTIS working group so that it includes CableLabs’ vendor partners, who will review and further refine the recommendations. Notably, we’ll continue the process of mapping the ØTIS BCP to current and future guidance from relevant government agencies to identify potential gaps in the BCP and address those as appropriate.

How Can You Engage in the Zero Trust Effort?

If you’re a cable operator or vendor interested in taking part in this work, learn more about the ØTIS working group and how to join.

This year has been a particularly interesting one for cybersecurity. Notable incidents and other areas of focus in cybersecurity set the backdrop for “Hacker Summer Camp 2024” in Las Vegas in August. Topics frequently alluded to during this year’s conferences included:

• Increased focus on critical infrastructure — Critical infrastructure is increasingly complex, distributed and difficult to characterize in terms of security. This year’s conferences accordingly brought an increased attention to securing critical infrastructure.
• Echoes of the CrowdStrike incident — Although the now-infamous CrowdStrike Windows outage in July was a mistake, allusions to lessons that could be learned from the event were often made from the perspective of critical infrastructure security. The outage — and its fallout —prompted discussions about what the impact could be if bad actors were behind a similar incident.
• The XZ Utils (almost) backdoor — The discovery of the XZ Utils backdoor in early 2024 — the focus of a dedicated talk at DEF CON — serves as a reminder of the growing sophistication of adversaries.

I’ve published a CableLabs Technical Brief to share my key takeaways from this mega cybersecurity event that combined the Black Hat USA 2024 and DEF CON 32 conferences. In addition to covering the highlights of talks and demos I attended, this Tech Brief delves deeply into the discussions I found to be most insightful and the commonalities I observed across several areas of the conferences.

There’s no denying that “Hacker Summer Camp” offers more than any one person could hope to see or do on the conference floor in a single day. Each conference was packed with a wealth of new research and perspectives, demonstrations and much more. Still, the key highlights in my Tech Brief provide a solid and in-depth overview of some of the most talked-about topics and issues existing today in the field of cybersecurity.

I’ve included more quick takeaways below, and CableLabs members looking for a more comprehensive debrief can download the Tech Brief.

Common Ties at Black Hat USA and DEF CON

I found that topics from the presentations, demonstrations and conversations at Black Hat and DEF CON fell into three overarching themes. I expand on the implications of these in the tech brief.

Deep (human) learning: A need for more pervasive understanding

Doing rigorous background research is key to gaining an upper hand in innovating and building strong security postures. Especially in light of rapid adoption of advanced technologies, security experts need to deepen their knowledge to better secure their infrastructure. Collaboration is also a crucial element of building deeper bases of knowledge on technical topics.

Back to basics: Returning to and applying core principles

The core principles of cybersecurity are foundational to maintaining a strong security posture when implementing, deploying or maintaining any technology. As security researchers and practitioners, part of our role is to see through the use cases toward the misuse cases as a first step to ensuring the fundamentals are there and to educate and empower others to do the same.

Inevitabilities and cybersecurity: What we must embrace and why

My Tech Brief elaborates on examples in which adversaries will adopt and take advantage of new technologies, regardless of our own adoption. There are always caveats and important details that must be accounted for to ensure the secure use of new technologies as they are adopted. However, the Tech Brief discusses how the potential benefits to bolster security that come with the thoughtful adoption of new technologies often significantly outweigh the risks that they introduce.

AI’s Rapid Adoption, Potential and Pitfalls

AI once again took center stage (including at Black Hat’s inaugural AI Summit). Particularly in focus were agentic AI, assistants and RAG-enhanced LLMs. Like last year, these tools were looked at through the (mostly mutually exclusive) lenses of “AI for security applications” and considerations of “the security of AI,” both of which present immense opportunities for research and innovation.

Download the Tech Brief to read my takeaways from notable talks about this from the conferences.

Building More Secure Networks Together

It’s a thrilling time in cybersecurity! With all of the innovations, perspectives and calls to action seen at Black Hat USA and DEF CON this year, it’s clear that there’s a lot of work to be done.

To read more from my debrief, download our members-only Tech Brief. Our member and vendor community can get involved in this work by participating in CableLabs’ working groups.

Did you know?

In addition to in-depth tech briefs covering events like this, CableLabs publishes short event recap reports — written by our technologists, exclusively for our members. Catch up on recent recaps (member login required).

We are witnessing a transformation in the security landscape across all aspects of our digital world. As cyber threats become increasingly sophisticated and frequent, they pose new challenges for individuals and organizations alike. A single security breach can have crippling consequences for potentially millions of internet users — from the disruption of daily life and loss of access to everyday services to identity theft and loss of privacy.

A silver lining, though, is that these threats are driving a wave of cutting-edge innovations and solutions that can help safeguard our sensitive data and ensure continuity of operations. At the forefront of this evolution are artificial intelligence and machine learning (AI/ML). These technologies are equipping cybersecurity professionals with tools to identify and mitigate threats more effectively than ever before with unprecedented speed and accuracy.

It’s no surprise that the proliferation of AI/ML has become a central focus at industry conferences and among cybersecurity professionals. This was evident at this year’s RSA Conference, where tracks focused on automation using AI/ML, as well as the benefits and threats due to generative AI and large language models (LLMs).

Other key topics included increased usage of software bills of materials (SBOMs) and security threats associated with it, and zero-trust sessions focused on policy-based authentication. In case you missed it, CableLabs covers these topics and provides more detailed key findings from the RSA Conference 2024 in a recent tech brief, available exclusively to members. Below are a few general observations from the conference.

A Double-Edged Sword

Generative AI and LLM came up in summits hosted by organizations including the Cloud Security Alliance (CSA), the Open Worldwide Application Security Project (OWASP) and the Techstrong Group. Among the topics were:

• The use of LLM and generative AI to accelerate code analysis and patch code vulnerabilities, speed up incident responses, detect multimodal malware as well as improvements in threat detection, continuous vulnerability and risk management for organizations.
• Demonstrations of LLM attacks that can produce outputs that are entirely or partially incorrect and/or harmful. Common attacks presented in various sessions included prompt injection, insecure output handling, poisoning of training data, denial of service on the LLM, exfiltration, etc.

The OWASP Foundation provided a summary of their work on the “Top 10 for LLM” project that addresses common LLM security risks and provides guidance and checklists when implementing and managing LLMs.

There are also several policy-related challenges of generative AI like copyright protection of AI-generated work and tracing back the training data to the original owners, lack of recommendations or regulations from the United States Patent and Trademark Office regarding AI and human inventorship and also around privacy of personal data shared with generative AI vendors with the risk of such data being reidentified by the AI tools.

Long Live Shorter Certificates

An ongoing trend in the public key infrastructure (PKI) world is the shortening of the lifespan of operational certificates. Specifically for web and cloud infrastructure environments, Google published a roadmap that limits the TLS certificates’ validity period from 398 days to 90 days. The primary benefits touted for shorter validity certificates include reduced exploitation time of compromised certificates and crypto-agility, collectively termed as certificate agility.

However, this also poses challenges for access network operators and certificates meant for device identities whose validity period can extend into decades. Typically, the purpose of such device certificates is to provide immutability, attestability and uniqueness and, they are primarily used for access network authentication. In this context, providing a consistent identity using rotating certificates necessitates a change from existing deployment models. It highlights the need for implementing automated certificate management tools and incorporates the additional costs and time to deploy it as part of the network infrastructure upgrade.

Software and Cryptographic Bills of Materials

SBOMs are gaining traction as one of the key ingredients of the software development lifecycle. The RSA Conference also included some interesting sessions and demonstrations of adversarial use of SBOMs and developing guidance on how to correctly use them.

From the security perspective, cryptographic bills of materials (CBOMs) provide a mechanism to track cryptographic assets and their dependencies. It also provides a path toward introducing and tracking quantum-safe solutions by making it easier to track deprecated ciphers.  This is one area with rapid development and many vendors demonstrating SBOM tools and SBOM best practices.

Other Hot Topics

Other notable technologies and topics covered at the conference included:

• Zero Trust and Identity Protection — Identity compromise continues to be a top threat and the root cause of data breaches. With the current trends around remote work, virtualization and cloud deployments, data and identities are now stored outside of corporate perimeters. Incorporating a zero-trust model (never trust, always verify) plays a crucial role in protecting identity and corporate assets.
• Multi-Factor Authentication — More and more companies are moving towards MFA to reduce account compromises. However, different attack methods to bypass MFA — like MFA fatigue, SIM swapping and session hijacking — complicate this.
• Post Quantum Cryptography (PQC) — The discussion around PQC continues with the general guidance that the industry incorporate a “hybrid mode” of deployment for any new cryptographic solutions. As of August 2024, there is not yet a stable quantum computer capable of widespread practical use; however, cybercriminals continue to steal encrypted data with the expectation of decrypting it in the future. NIST plans to publish the first set of PQC standards by the end of this summer.

The RSA Conference is the flagship conference for cybersecurity experts. This year it brought together 41,000+ professionals, 650 speakers across 425 sessions and over 600 exhibitors in San Francisco. Read more about these cybersecurity trends and more RSA Conference topics in the tech brief, available exclusively to CableLabs member operators.

Did you know?

In addition to in-depth tech briefs covering events like the RSA Conference, CableLabs publishes short event recap reports — written by our technologists, exclusively for our members. Catch up on recent recaps (member login required).

The sudden rise of highly capable artificial intelligence (AI) has brought immense opportunities for beneficial innovation and advancement. However, alongside its benefits, AI also presents unique challenges concerning online abuse and threats to security and privacy. Recognizing the urgency of addressing these issues, the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG) has taken a proactive stance by forming a dedicated AI Committee. The M3AAWG AI Committee, co-chaired by CableLabs, underscores M3AAWG’s commitment to fostering a safer and more secure online environment for users worldwide.

Tackling Abuse Facilitated by AI Systems

One of the primary objectives of the M3AAWG AI Committee is to address the growing concern surrounding malicious actions facilitated by AI systems. To bolster spam and phishing attacks, fraud, and online harassment, nefarious actors are increasingly leveraging AI-powered tools to amplify and accelerate their harmful activities. By studying the tactics employed by abusers and evaluating countermeasures, the committee aims to develop best common practices to help mitigate the impact of AI-facilitated abuse on individuals and organizations alike.

Public Policy and AI Abuse

The landscape of AI policy is in varying stages of development, with governmental and intergovernmental bodies around the globe proposing and enacting their own models of regulation and oversight. These efforts include the recent Executive Order in the United States aiming for "Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence," and the European Union’s proposed AI Act establishing stricter regulations for high-risk applications. The M3AAWG AI Committee is establishing an initiative to track policy developments and advocate for public policy promoting responsible and secure AI development.

Best Common Practices for Securing the AI Lifecycle and AI Systems

As AI technologies become more pervasive across various sectors, they also become prime targets for cyberattacks and exploitation. Vulnerabilities in AI algorithms and frameworks can be exploited to manipulate outcomes, compromise data integrity, and undermine trust in AI-driven solutions. In addition to combating malicious use, the M3AAWG AI Committee is focused on enhancing the security of AI systems and the AI lifecycle from training to deployment of AI models through the development of best common practices.

Harnessing AI to Counter Abuse

Although AI has been weaponized for nefarious purposes, it also holds immense potential as a tool for combating abuse and safeguarding online ecosystems. The M3AAWG AI Committee recognizes this dichotomy and is exploring innovative ways to harness AI for good. From proactive content moderation and anomaly detection to sentiment analysis and behavioral profiling, AI technologies offer many possibilities for enhancing online safety and security. By developing AI-driven solutions for detecting and mitigating abuse in real-time, the committee aims to empower service providers, platforms, and other stakeholders in their efforts to combat online threats effectively.

Why M3AAWG: Collaboration and Engagement

M3AAWG recently celebrated 20 years of combating online abuse and making the internet a safer place. The last 20 years of combating spam, malware, DDoS and many other forms of abuse has only been possible through collaboration and engagement with industry leaders, academic institutions, government agencies, and advocacy groups. The M3AAWG AI Committee will leverage and build upon these relationships within the unique trusted forum of M3AAWG to address the complex challenges posed by AI-driven abuse and innovate towards AI-enabled solutions. Through open dialogue, knowledge sharing, and collaborative initiatives, the M3AAWG AI Committee aims to foster a community-driven approach to combating online abuse and promoting responsible AI usage.

Looking Ahead: The Next 20 Years

As AI continues to evolve at a rapid pace, the importance of proactive measures to address its implications for online abuse and security cannot be overstated. With the establishment of the AI Committee at its 60th meeting in San Francisco this February, M3AAWG has taken a significant step towards addressing these pressing issues head-on. By leveraging collective expertise and resources, the committee is poised to drive meaningful progress in safeguarding the digital landscape against emerging threats.

Stay tuned for updates and insights from M3AAWG as we continue our journey towards a safer digital future, and please consider joining M3AAWG and the AI Committee to do your part.

Reliable and secure routing is essential for the connectivity of critical communications networks, ensuring that data packets reach their intended destinations without being intercepted, altered or dropped. Inadequate routing security can make the entire network susceptible to attacks such as Internet Protocol (IP) spoofing, route hijacking and man-in-the-middle attacks.

With the increasing complexity and ubiquity of IP network infrastructures across the globe, the security of core routing protocols — including the Border Gateway Protocol (BGP) and the Resource Public Key Infrastructure (RPKI) — is an integral facet of the cybersecurity landscape. Malicious actors and threat vectors that target the network routing layer can lead to severe disruptions, such as data leakage, network outages and unauthorized access to sensitive information.

To address the issue, CableLabs has just released a “Cybersecurity Framework Profile for Internet Routing” (Routing Security Profile, or RSP) that serves as a foundation for improving the security of the internet’s routing system. The RSP is an actionable and adaptable guide, aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), that enables Internet Service Providers (ISPs), enterprise networks, cloud service providers and organizations — large and small — to proactively identify risks and mitigate threats to enhance routing infrastructure security.

The RSP was developed as an extension of CableLabs’ and the cable industry’s longstanding leadership and commitment to building and maintaining a more secure internet ecosystem. It also was developed in response to NIST’s call to action to submit examples of “profiles” mapped to the CSF that are aimed at addressing cybersecurity risks associated with a particular business activity or operation.

What Is the Routing Security Profile, and Who Can Use It?

Network engineers, IT managers, cybersecurity professionals and decision-makers involved in network security risk management are prime candidates for using the RSP — with its exclusive focus on routing protocols and services — as one tool in an overall network strategy to enhance existing security policies and risk management procedures within their organizations.

The RSP describes various technologies and techniques used for internet routing security, including BGP, Internet Routing Registries (IRRs), Autonomous System (AS) path filtering and RPKI. In addition, it outlines several key recommendations for improving BGP security that include Route Origin Authorizations (ROAs), Route Origin Validation (ROV), BGP peer authentication, prefix filtering and monitoring for anomalies.

What Can the Routing Security Profile Do?

By mapping routing security best practices and standards to the applicable key categories and subcategories of the NIST CSF 1.1’s Core Functions — Identify, Protect, Detect, Respond and Recover — the RSP can help organizations with the following tasks:

• Identifying systems, assets, data and risks that pertain to IP networks.
• Protecting IP networks by performing self-assessments and adhering to cybersecurity principles.
• Detecting cybersecurity-related disturbances or corruption of IP network services and data.
• Responding to IP network service or data anomalies in a timely, effective and resilient manner.
• Recovering the IP network to proper working order after a cybersecurity incident.

The RSP is a framework for improving security and managing risks for internet routing, which is one key piece of a larger critical infrastructure cybersecurity puzzle. As with any endeavor in security, the RSP will evolve over time to reflect changes to the NIST CSF, including the CSF 2.0 update coming in early 2024, advances in routing security technologies and the rapidly emerging security threat landscape.

The RSP was developed by CableLabs’ Cable Routing Engineering for Security and Trust Working Group (CREST WG). The CREST WG is composed of routing security technologists from CableLabs, NCTA — The Internet & Television Association, as well as network operators from around the world, including representatives from Armstrong, Charter, Comcast, Cox, Eastlink, Liberty Global, Midco, Rogers/Shaw and Videotron. For more information on the CREST WG, please contact us.

We welcome feedback on the RSP from other internet ecosystem stakeholders as we continue to advance this work. Please send comments to Tao Wan. We will also engage with the broader internet community through forums such as M 3AAWG to drive awareness and to further improve the profile for the benefit of all AS operators, including ISPs, cloud service providers, government agencies, universities and other organizations.