Security
Black Hat USA and DEF CON: A Lot to Unpack After “Hacker Summer Camp”
Key Points
- Pervasive and deep understanding is critical for security practitioners in securing their infrastructure.
- Core principles in security are paramount; their ubiquitous application and adherence to both existing and emerging technologies is crucial.
- Advanced technologies and techniques are being adopted by adversaries. To maintain our upper hand, we must carefully embrace the adoption of new technologies as well.
- AI adoption is not slowing down, nor is its application to security use cases or new ways to undermine its security. There continues to be immense potential here.
This year has been a particularly interesting one for cybersecurity. Notable incidents and other areas of focus in cybersecurity set the backdrop for “Hacker Summer Camp 2024” in Las Vegas in August. Topics frequently alluded to during this year’s conferences included:
- Increased focus on critical infrastructure — Critical infrastructure is increasingly complex, distributed and difficult to characterize in terms of security. This year’s conferences accordingly brought an increased attention to securing critical infrastructure.
- Echoes of the CrowdStrike incident — Although the now-infamous CrowdStrike Windows outage in July was a mistake, allusions to lessons that could be learned from the event were often made from the perspective of critical infrastructure security. The outage — and its fallout —prompted discussions about what the impact could be if bad actors were behind a similar incident.
- The XZ Utils (almost) backdoor — The discovery of the XZ Utils backdoor in early 2024 — the focus of a dedicated talk at DEF CON — serves as a reminder of the growing sophistication of adversaries.
I’ve published a CableLabs Technical Brief to share my key takeaways from this mega cybersecurity event that combined the Black Hat USA 2024 and DEF CON 32 conferences. In addition to covering the highlights of talks and demos I attended, this Tech Brief delves deeply into the discussions I found to be most insightful and the commonalities I observed across several areas of the conferences.
There’s no denying that “Hacker Summer Camp” offers more than any one person could hope to see or do on the conference floor in a single day. Each conference was packed with a wealth of new research and perspectives, demonstrations and much more. Still, the key highlights in my Tech Brief provide a solid and in-depth overview of some of the most talked-about topics and issues existing today in the field of cybersecurity.
I’ve included more quick takeaways below, and CableLabs members looking for a more comprehensive debrief can download the Tech Brief.
Common Ties at Black Hat USA and DEF CON
I found that topics from the presentations, demonstrations and conversations at Black Hat and DEF CON fell into three overarching themes. I expand on the implications of these in the tech brief.
Deep (human) learning: A need for more pervasive understanding
Doing rigorous background research is key to gaining an upper hand in innovating and building strong security postures. Especially in light of rapid adoption of advanced technologies, security experts need to deepen their knowledge to better secure their infrastructure. Collaboration is also a crucial element of building deeper bases of knowledge on technical topics.
Back to basics: Returning to and applying core principles
The core principles of cybersecurity are foundational to maintaining a strong security posture when implementing, deploying or maintaining any technology. As security researchers and practitioners, part of our role is to see through the use cases toward the misuse cases as a first step to ensuring the fundamentals are there and to educate and empower others to do the same.
Inevitabilities and cybersecurity: What we must embrace and why
My Tech Brief elaborates on examples in which adversaries will adopt and take advantage of new technologies, regardless of our own adoption. There are always caveats and important details that must be accounted for to ensure the secure use of new technologies as they are adopted. However, the Tech Brief discusses how the potential benefits to bolster security that come with the thoughtful adoption of new technologies often significantly outweigh the risks that they introduce.
AI’s Rapid Adoption, Potential and Pitfalls
AI once again took center stage (including at Black Hat’s inaugural AI Summit). Particularly in focus were agentic AI, assistants and RAG-enhanced LLMs. Like last year, these tools were looked at through the (mostly mutually exclusive) lenses of “AI for security applications” and considerations of “the security of AI,” both of which present immense opportunities for research and innovation.
Download the Tech Brief to read my takeaways from notable talks about this from the conferences.
Building More Secure Networks Together
It’s a thrilling time in cybersecurity! With all of the innovations, perspectives and calls to action seen at Black Hat USA and DEF CON this year, it’s clear that there’s a lot of work to be done.
To read more from my debrief, download our members-only Tech Brief. Our member and vendor community can get involved in this work by participating in CableLabs’ working groups.
Did you know?
In addition to in-depth tech briefs covering events like this, CableLabs publishes short event recap reports — written by our technologists, exclusively for our members. Catch up on recent recaps (member login required).
DOCSIS
DOCSIS 4.0 Interop Dives Deeper Into Upstream Speed and SCTE TechExpo24 Prep
Key Points
- The latest DOCSIS® 4.0 Interop·Labs event took a deeper look at upstream speeds.
- The event provided suppliers an opportunity to sharpen their products — and pitches — for the upcoming SCTE®️ TechExpo conference in Atlanta.
At the latest DOCSIS 4.0 Interop·Labs event, a record number of modem suppliers were on hand to delve deep into upstream speed and other aspects of the DOCSIS 4.0 specifications. We want to thank the participants who helped make the event successful and once again helped us achieve a high level of productivity.
We cannot highlight enough how CableLabs provides a neutral testing ground for suppliers and operators to come together and showcase compatibility across interfaces defined in our DOCSIS 4.0 specifications. The gathering of suppliers and products in one location is extremely valuable to the participants to see how the technology is being implemented across multiple platforms. The DOCSIS 4.0 specifications are proscriptive, yet there’s plenty of room for innovation to differentiate products and offerings.
Combining interoperability events for these technologies drives home the fact that compatibility across all system components is a high priority for the industry.
To recap:
- Everything is coming up gigabits!
- Downstream speeds faster than 9 Gbps through a DOCSIS 4.0 modem are the new normal, limited only by the availability of a single 10 Gbps interface on the modems.
- Upstream speeds now exceed 2 Gbps on DOCSIS 4.0 modems and can go higher.
- We continue to examine the copious data available from the modems — in particular, DOCSIS 4.0 cable modem Proactive Network Maintenance (PNM) functions.
- DOCSIS 4.0 security technologies are coming along nicely, and their recent availability showcases the advancing maturity of the products.
DOCSIS 4.0 technology is putting down a marker. These products are delivering on the promise of multi-gigabit speeds that will benefit consumers around the world. Among suppliers and operators in our labs, we’re seeing unprecedented passion for interoperability, for unrivaled speeds and for getting these products to market.
Record Supplier Participation
Attendance at the interop was high, including new suppliers and products. Three operators joined us to observe demonstrations, interact with the suppliers and talk about their own DOCSIS 4.0 network progress.
Among the suppliers were CommScope and Harmonic, which brought DOCSIS 4.0 cores to the interop. For the first time, we saw three 1.8 GHz Remote PHY Devices (RPDs) from separate suppliers including CommScope, Harmonic and Vecima Networks. Also, for the first time, eight DOCSIS 4.0 modem suppliers — Arcadyan, Askey, Gemtek, Hitron Technologies, Sagemcom, Sercomm, Ubee Interactive and Vantiva — brought multiple cable modem models. Microchip Technology participated with its clock and timing system. The availability of record numbers of both DOCSIS 4.0 RPDs and DOCSIS 4.0 cable modems shows that products continue to proliferate as these suppliers prepare for SCTE TechExpo 2024 later this month.
Testing scenarios involved using a virtual core from one supplier, and RPDs and DOCSIS 4.0 cable modems from various other suppliers. The products were mixed and matched to verify interoperability scenarios and speeds through the system. As before, DOCSIS 3.1 and DOCSIS 4.0 devices were combined to demonstrate the cross-compatibility of existing and new technology. Suppliers providing test equipment used these setups to verify their solutions.
Sustained Speed
Achieving a rate of 9 Gbps (or faster) downstream through a DOCSIS 4.0 cable modem is now the new normal. Multigigabit speed is a core pillar of the 10G platform. At this interop, all modems achieved that downstream rate of speed — testament to the work achieved at previous interops.
At the August interop, we looked at upstream speed — that is, the stability of very high-speed traffic on upstream channels. Using a DOCSIS 4.0 ultra-high split, the modems in attendance consistently achieved more than 2 Gbps upstream. Upstream is trickier than the downstream: Whereas downstream is a continuous broadcast from one transmitter (the RPD), upstream is bursty, consisting of multiple modems contributing to the orthogonal frequency-division multiple access (OFDMA) signals that the RPD has to “catch” and accurately demodulate. That upstream burst receiver in the RPD is arguably the most complicated component of the system, especially considering the data rates in play.
So, we’ve arrived at a point where a DOCSIS 4.0 modem is pairing download speeds faster than 9 Gbps with upload speeds faster than 2 Gbps (and with the capability to go even faster). And we’re talking about a single modem. The service group can achieve even more capacity and speed, which means individual modems can also go higher.
Additional DOCSIS 4.0 Cable Modem Operations
Beyond speed, three other aspects of DOCSIS 4.0 technology stood out, offering a look at the maturity of the products at the interop.
PNM
PNM is an important function for cable modems. It’s a proven tool that engineers and technicians use for maintenance, troubleshooting and improvement of the cable plant. More and more, the signals on the plant are OFDM and OFDMA, which provide higher speeds and capacities than traditional quadrature amplitude modulation (QAM) signals.
At this event, we looked at five PNM tests that were run on all the modems. And because DOCSIS 4.0 modems generate more OFDM and OFDMA signals, more data is available. This is a sign of product maturity, responding to these data requests. And the modems have this down. This PNM data will enable the most efficient operation of the coaxial cable network, keeping the data levels at their peak by using the more efficient OFDM and OFDMA signals.
Security
Cable broadband is widely deployed. Hundreds of millions of consumers use DOCSIS technology every day as they live, work, learn and play. DOCSIS 4.0 technology includes strengthened measures to meet the threats that come with online activity. Suffice it to say, new security features are now appearing in products in the labs, and they’re being tested for both functionality and interoperability.
Remote PHY Interoperability
Although modems were the focus, the event also looked at the interoperability between DOCSIS 4.0 cores and RPDs. We branched into more and different configurations, moving beyond “one size fits all” configurations. These products are going to be deployed in many scenarios, and going deeper into these various configurations will ensure flexibility as DOCSIS 4.0 technology moves into the field.
Join Us Next Time
The next DOCSIS 4.0 interop is planned for the week of Nov. 4 at CableLabs’ headquarters in Louisville, Colorado. The event will provide an opportunity for both new suppliers and new products as we all prepare for the new calendar year.
Right around the corner in March 2025 are CableLabs Winter Conference and Smaller Market Conference.
Wired
Square Pegs, Round Holes and Sandboxes: Working Together for PON Interoperability
Key Points
- Establishing robust interoperability standards for emerging passive optical network (PON) technologies is critical for the broadband industry.
- The Broadband Forum (BBF) provides detailed guidelines and test plans to ensure reliable and consistent interoperability in various network scenarios.
- In partnership with BBF, CableLabs will host a Plugfest event in October to address real-world PON interoperability challenges.
In the world of passive optical networks (PON), achieving seamless interoperability has been a long-standing challenge, leaving operators trying to fit square pegs into round holes. This legacy is largely due to the intentional flexibility in PON standards, designed to foster innovation by avoiding overly prescriptive implementations. However, this flexibility often leaves too much room for interpretation, leading to interoperability issues.
In the PON world, standards like IEEE 802.3, ITU-T G.9807.1 and ITU-T G.9804.3 define operation at the physical layer and data link layer. Similarly, CableLabs’ DOCSIS®️ Provisioning of EPON (DPoE) specifications, IEEE 1904.1 and ITU-T G.988 define operations in the optical network unit (ONU) management layer.
These standards are the starting point for interoperability at these layers. However, the absence of industry cooperation to converge on common interpretations and use cases leads to complex and vendor-specific integrations that add cost to business operations and increase time to market for new products.
DPoE took the specification effort a step further by establishing a certification program that rigorously tests interoperability between ONUs and optical line terminals (OLTs). This program set a precedent, proving that clear, detailed specifications combined with collaborative industry efforts can result in high levels of interoperability across different vendors' PON equipment. The lessons learned from DPoE offer a valuable roadmap for advancing interoperability in the broader PON landscape.
While DPoE's success showcases what is possible, the rapid deployment of XGS-PON — now on the way to being the most widely adopted PON technology globally — underscores that significant challenges remain. With new technologies like 25GS-PON and 50G-PON emerging, the need for robust, consistent interoperability is more pressing than ever.
BBF Test Plans Support Certification Program
The Broadband Forum (BBF) has been instrumental in bridging the gaps left by broad ITU-T PON specifications. Through detailed guidelines and comprehensive test plans, BBF plays a crucial role in driving the industry toward more reliable and consistent interoperability. These test plans cover a wide range of scenarios, including various traffic types, fault conditions and different configurations.
The result of these efforts is the BBF's TR-255 "GPON Interoperability Test Plan," TR-309 "PON TC Layer Interoperability Test Plan" and TP-247 "G-PON & XG-PON & XGS-PON ONU Conformance Test Plan." These specifications are the foundation of the BBF.247 Certification Program.
As part of the BBF.247 Certification Program, vendors submit their equipment to an independent testing laboratory to be tested according to these specifications.
Well over 150 ONUs are certified under the BBF.247 Certification Program. Still, operators experience interoperability challenges. In addition, new technologies like 25GS-PON and 50G-PON are being introduced to the market and have not yet been tested in the BBF.247 Certification Program.
October Plugfest to Help Pave Road to Greater PON Interoperability
To resolve these real-world interoperability concerns and to inform further development of the certification program, it is necessary for the industry to come together in a sandbox environment to test interoperability outside of a formal certification program.
Recognizing the need for hands-on collaboration, the Broadband Forum has reinitiated its PON Plugfest series — an essential platform for the industry to tackle real-world interoperability issues head-on. CableLabs and BBF will host a Plugfest event Oct. 28–Nov. 1 at the CableLabs headquarters in Louisville, Colorado.
The event will provide a collaborative environment where OLT, ONU and test equipment vendors can rigorously test and improve their solutions. Vendors will be paired together for a series of tests to evaluate the level of interoperability between their devices. In turn, the Plugfest will help the industry chart the next phase of interoperability specification development.
While the state of interoperability between OLTs and ONUs has improved, there is still work to be done. The upcoming Broadband Forum PON Plugfest at CableLabs will be a critical opportunity to drive this progress forward.
As the industry gathers at the Broadband Forum PON Plugfest, the path forward is clear: By doubling down on collaboration and embracing certification programs like BBF.247, we can overcome the interoperability hurdles that remain. Together, we will unlock the full potential of PON technologies, ensuring that high-speed, symmetrical broadband reaches every corner of the globe.
Energy
Gold Medal Efficiency: Energy Wins Add Up for Voluntary Agreement Programs
Key Points
- Energy-efficiency voluntary agreements aim to balance the energy consumption of home networking equipment with ever-increasing demands for faster, more reliable and more secure services.
- Annual reports reveal that, since their inception, voluntary agreement programs in the United States and Canada have resulted in considerable energy savings.
Just as our athletes strived for gold this summer at the Paris Olympics, our industry is striving for peak energy efficiency with home networking equipment and set-top boxes (STBs). The annual reports for energy-efficiency voluntary agreements were recently released, and it feels like these programs are setting new world records every year!
The Balance Beam
The Small Network Equipment Voluntary Agreement (SNE VA) is an initiative that addresses SNE devices such as modems and routers. It strives to balance energy consumption with the ever-evolving demand for faster downloads, better Wi-Fi coverage, increased security and reliability. The U.S. 2023 SNE VA Annual Report reveals that the energy efficiency of products purchased or sold in 2023 has improved by 89 percent since the program began.
These figures were calculated by dividing the weighted average power of devices purchased or sold each year by the mean fixed wireline consumer broadband download speed for each year as measured by Ookla.
The High Dive
The energy consumption of STBs continues to dive lower. According to the most recent STB VA Annual Report, the national footprint energy consumption of set-top boxes has plunged from 32 terawatt-hours per year (TWh/year) to 10.3 TWh/year over the course of the program!
The 21.7 TWh savings in 2023 equates to over $3.4 billion in savings to consumers and 15.2 million metric tons of CO2 avoided. The energy saved during the 11-year period is more than enough to power every home in California, Oregon and Nevada for a year.
Energy consumption of set-top boxes has declined 68 percent since 2012.
Synchronized Diving
Canada is in sync with the U.S. in its energy efficiency programs, too. The Canadian Energy Efficiency Voluntary Agreement (CEEVA) 2023 Annual Report covers both STBs and SNE devices, and demonstrates nearly identical efficiency trends over the years.
The CEEVA program expanded the team when it added TELUS as a signatory this year, raising the market coverage of the CEEVA signatories to over 96 percent of both the pay TV and residential broadband markets in Canada.
Shutterstock
Team Sport
CableLabs is proud to be part of the team that makes these voluntary agreement programs successful, saves consumers money, and continues to deliver innovative products and services. Customers across the U.S. and Canada cheered on their Olympic teams this year more efficiently, whether via an STB or streaming on a smart device.
The energy savings achieved aren’t just technical achievements; they’re like winning medals for the planet, helping to ensure that we pass the torch of a sustainable future to the next generation.
You can read more about energy efficiency on our blog and learn more about the voluntary agreements for the U.S. and Canada.
Wireless
An Inside Look: Creating Seamless Networks with David Debrecht
Key Points
- CableLabs works with its member operators and the vendor community to advance wireless network technologies and enable high-performing wireless connections.
What will it take to achieve adaptive, seamless connectivity across networks? CableLabs is leading the charge to reach this goal through new technology development, technology specifications and standards, and working groups that promote industry alignment.
In a new “Inside Look” video, David Debrecht, vice president of Wireless Technologies, talks about how the CableLabs Technology Vision seeks to drive industry alignment and interoperability across networks.
“The Tech Vision brings the industry together and defines where we're going. It gives us targets in technology and network usage so we can develop strategies to meet network needs of the future,” Debrecht said.
As the industry transitions from the speed era to the adaptive era, one of the key focus areas in the Technology Vision is Fixed-Mobile Convergence & Wireless. Together with operators and vendors, we are working to provide stable, interoperable wireless connections that deliver a consistent connectivity experience for the user.
Check out the video to learn how we’re bringing industry stakeholders together with CableLabs working groups that help us get more done, share ideas and innovation and create viable solutions that move us closer to seamless connectivity.
“I would definitely encourage people to get involved in the working groups that we have set up,” Debrecht said.
Join us!
Events
Get Connected, Get Inspired, Get Ready… for SCTE TechExpo 2024
Key Points
- SCTE TechExpo 2024 — the Americas’ largest broadband event — takes place Sept. 24–26 in Atlanta.
- CableLabs operator members receive complimentary Full Access passes, giving you entry to all sessions and a lounge.
Get ready for a broadband event like no other! Each year, SCTE TechExpo sets the agenda for what’s next in broadband technology with a packed three-day agenda including a line-up of inspiring headliners and technical speakers, thousands of influential global attendees to connect with and the latest technology to explore.
Practical Insights to Inspire Your Innovation Agenda
Nearly 100 hours of content spread across nine dedicated conference tracks will ensure you get the most out of the conference, on the topics that matter to you. Here are some highlights of CableLabs sessions that you won’t want to miss:
- The Opening Headliners kick off the conference on Tuesday, Sept. 24. CableLabs’ CEO Phil McKinney joins executives from Cable One, Cox Communications, Liberty Latin America and SCTE to set a bold vision for the future of broadband.
- Artificial intelligence (AI) is all around us so it’s no surprise it features heavily in the agenda. Catch CableLabs sessions on Making the Most of AI in Broadband Networks with Karthik Sundaresan, distinguished technologist and director of hybrid fiber coax (HFC) solutions at CableLabs, along with AWS, Cox and Rogers; and Driving a Proactive Approach to AI-Powered Security with Dr. Kyle Haefner, Ph.D., principal architect at CableLabs, and Charter Communications.
- Shining the spotlight on Wireless & Convergence, John Bahr, a CableLabs distinguished technologist, joins Cox, Nokia and Rogers to uncover Seamless Connectivity: Anytime, Anyplace, Anywhere, and CableLabs’ Dr. Roy Sun, Ph.D., principal architect, and Dorin Viorel, distinguished technologist, tell you Everything You Ever Wanted to Know About Fixed Wireless Access (FWA)… but Were Afraid to Ask!
- NaaS is where it's at! Hear how to grow revenues by fostering a new approach to connectivity in the API-Powered NaaS session with CableLabs’ Shafi Khan, lead software engineer, along with Charter, Comcast and Izzi.
- Hear how to leverage cost savings with the latest technology with Charter, Comcast and Teleste in The What, Why and How of Using Digital Twins, moderated by Greg White, distinguished technologist, also of CableLabs.
- Technology policy takes center stage in A Year After the Artificial Intelligence Executive Order: Current Status & What’s Ahead as Priya Shrinivasan, CableLabs’ director of Technology Policy, and a panel of government experts lift the lid on what President Joe Biden’s executive order on AI means for the broadband industry.
- In CMO Insights: The North American Perspective, hear how the industry is meeting the demands of new users and building marketing strategies to suit a changing audience.
- In Growth & Transformation—Lessons from the Video Game Industry, Anju Ahuja, CableLabs’ vice president of Product Strategy Insights, talks with Sony Interactive Entertainment about what can be learned from the gaming industry on competitive differentiation, launching new products and entering new markets.
- Lastly, don’t miss the CableLabs-hosted Masterclass: Cultivating Your Ideation Toolkit and Innovation Mindset, on Monday, Sept. 23, as part of SCTE TechExpo’s newly launched Human Factor track.
Explore the detailed agenda here.
Stay Informed, Get Connected
SCTE TechExpo is a unique opportunity to fuel innovation, discover the latest trends and advancements in broadband technology, and explore new opportunities for growth and collaboration with peers who share a passion for the industry.
CableLabs operator members receive complimentary Full Access passes, which include entry to all sessions and a lounge for meetings and networking, away from the buzz of the main conference.
Plus, visit us on the show floor at booth #1547 to learn more about CableLabs’ Technology Vision and the benefits of CableLabs and SCTE membership. In our booth theater, sit in on demos covering topics ranging from AI and security to SCTE chapters and standards.
Be part of the community shaping the future of connectivity, and register today!
Network as a Service
Quality by Design Streamlines Network Management for Improved User Experience
Key Points
- Quality by Design, a part of CableLabs’ Network as a Service framework, leverages standardized APIs to facilitate communication between applications and the network.
- The specification provides real-time visibility into customer service issues and enables quick resolution.
Service providers and application developers are always striving to deliver the best possible experience for their end users. Optimizing network performance is critical. But in an era of isolated architectures — DOCSIS®️, optical and mobile — traditional network management can be challenging.
In addition, a lack of visibility between applications and the underlying network can make troubleshooting potential network impairments incredibly difficult at an individual user level. The situation is further complicated for application developers, who must navigate varying network conditions and limitations, potentially causing issues that may originate from within the applications themselves.
Recognizing these challenges, CableLabs has introduced Quality by Design (QbD) within the Network as a Service (NaaS) framework. Our goal is to unify and streamline network management.
What is Quality by Design?
The QbD specification is designed to enhance network performance and user experience through real-time monitoring and automated issue resolution. By leveraging a set of standardized APIs, QbD facilitates two-way communication between applications and the network. Applications can therefore act as network monitoring tools, sharing real-time key performance indicators (KPIs) with the network. Figure 1 shows the QbD design.
Figure 1: QbD Overview
This approach not only provides visibility into user experiences but also enables quick identification and resolution of network issues by correlating application KPIs with network performance data. In this way, QbD swiftly addresses any problems, whether rooted in the network or the application. Customer events are triggered based on a quality score, as Figure 2 shows.
Figure 2: Sample Thresholds for Video Conferencing Applications
QbD enables the swift diagnosis and resolution of network impairments. Automated solutions can then be deployed to address these issues promptly, minimizing disruptions and maintaining high service quality. The inclusion of automated solutions reduces the incidence of excessive network alarms and ensures rapid response to suboptimal application performance.
Impact on End Users
Many factors can lead to end users experiencing degraded quality and suboptimal application performance. QbD helps to address these potential situations by correlating application events with potential underlying network events to determine where the root cause of the problem is occurring through the exchange of KPIs between the application and the network.
This approach allows both applications and networks to dynamically respond to changing conditions, enhancing the customer experience. By turning applications into network quality monitoring agents that actively participate in network management, QbD fosters a more seamless and high-quality user experience.
CableLabs' Role in Quality by Design
CableLabs has been at the forefront of advancing network technologies and standards, and our role in the development and implementation of QbD is a testament to our commitment to innovation. We recognized the limitations of traditional network management, where disparate DOCSIS, optical and mobile networks were often managed on separate platforms with different operations, leading to difficulties in identifying when an individual customer is not getting the level of service they desire.
The QbD APIs have been contributed back to CAMARA, a Linux Foundation Project aligning these intent-based APIs for the broader telco industry. We hope to have the first version published in the near future. This capability transforms applications into proactive participants in network monitoring and management, providing a more granular and accurate view of network performance.
Furthermore, CableLabs has led the charge in integrating automated response mechanisms within the QbD framework. This automation is crucial for reducing the time and effort required to identify and resolve network issues. By leveraging machine learning algorithms and advanced analytics, QbD can correlate application KPIs with network telemetry data, pinpointing potential problems with high precision.
Another key aspect of CableLabs' role in QbD is fostering a collaborative ecosystem among network operators and application developers. By providing a standardized framework and tools, CableLabs encourages these stakeholders to work together, share insights and develop best practices for network and application performance optimization. This collaboration not only enhances the capabilities of individual entities but also contributes to a more robust and resilient overall network infrastructure.
How to Get Engaged
As the digital landscape continues to evolve, ensuring optimal network performance and seamless user experiences becomes increasingly crucial. We invite network operators, application developers and other stakeholders to explore QbD’s transformative potential. Members can request to join our NaaS working group.
By adopting QbD, you can revolutionize your network management practices, deliver unparalleled user experiences and stay ahead in a competitive market.
Visit CableLabs to learn more about how you can implement QbD within your network infrastructure and join the movement toward a more integrated, efficient and responsive digital future. Let's work together to set new standards in network quality and user satisfaction!
Security
AI and Cybersecurity: Innovation Trends Evolve with Threats
Key Points
- The increasing sophistication of cyber threats poses challenges for individuals and organizations, but it is also driving opportunities for innovation in cybersecurity.
- Specifically, AI/ML-based security and compliance frameworks, such as large language models (LLM) and generative AI, continue to be hot topics after dominating the agenda at RSA Conference 2024.
- A technology brief from CableLabs details more takeaways from the conference, including generative AI-based automation and its impact on SBOM, crypto-agility and zero trust.
We are witnessing a transformation in the security landscape across all aspects of our digital world. As cyber threats become increasingly sophisticated and frequent, they pose new challenges for individuals and organizations alike. A single security breach can have crippling consequences for potentially millions of internet users — from the disruption of daily life and loss of access to everyday services to identity theft and loss of privacy.
A silver lining, though, is that these threats are driving a wave of cutting-edge innovations and solutions that can help safeguard our sensitive data and ensure continuity of operations. At the forefront of this evolution are artificial intelligence and machine learning (AI/ML). These technologies are equipping cybersecurity professionals with tools to identify and mitigate threats more effectively than ever before with unprecedented speed and accuracy.
It’s no surprise that the proliferation of AI/ML has become a central focus at industry conferences and among cybersecurity professionals. This was evident at this year’s RSA Conference, where tracks focused on automation using AI/ML, as well as the benefits and threats due to generative AI and large language models (LLMs).
Other key topics included increased usage of software bills of materials (SBOMs) and security threats associated with it, and zero-trust sessions focused on policy-based authentication. In case you missed it, CableLabs covers these topics and provides more detailed key findings from the RSA Conference 2024 in a recent tech brief, available exclusively to members. Below are a few general observations from the conference.
A Double-Edged Sword
Generative AI and LLM came up in summits hosted by organizations including the Cloud Security Alliance (CSA), the Open Worldwide Application Security Project (OWASP) and the Techstrong Group. Among the topics were:
- The use of LLM and generative AI to accelerate code analysis and patch code vulnerabilities, speed up incident responses, detect multimodal malware as well as improvements in threat detection, continuous vulnerability and risk management for organizations.
- Demonstrations of LLM attacks that can produce outputs that are entirely or partially incorrect and/or harmful. Common attacks presented in various sessions included prompt injection, insecure output handling, poisoning of training data, denial of service on the LLM, exfiltration, etc.
The OWASP Foundation provided a summary of their work on the “Top 10 for LLM” project that addresses common LLM security risks and provides guidance and checklists when implementing and managing LLMs.
There are also several policy-related challenges of generative AI like copyright protection of AI-generated work and tracing back the training data to the original owners, lack of recommendations or regulations from the United States Patent and Trademark Office regarding AI and human inventorship and also around privacy of personal data shared with generative AI vendors with the risk of such data being reidentified by the AI tools.
Long Live Shorter Certificates
An ongoing trend in the public key infrastructure (PKI) world is the shortening of the lifespan of operational certificates. Specifically for web and cloud infrastructure environments, Google published a roadmap that limits the TLS certificates’ validity period from 398 days to 90 days. The primary benefits touted for shorter validity certificates include reduced exploitation time of compromised certificates and crypto-agility, collectively termed as certificate agility.
However, this also poses challenges for access network operators and certificates meant for device identities whose validity period can extend into decades. Typically, the purpose of such device certificates is to provide immutability, attestability and uniqueness and, they are primarily used for access network authentication. In this context, providing a consistent identity using rotating certificates necessitates a change from existing deployment models. It highlights the need for implementing automated certificate management tools and incorporates the additional costs and time to deploy it as part of the network infrastructure upgrade.
Software and Cryptographic Bills of Materials
SBOMs are gaining traction as one of the key ingredients of the software development lifecycle. The RSA Conference also included some interesting sessions and demonstrations of adversarial use of SBOMs and developing guidance on how to correctly use them.
From the security perspective, cryptographic bills of materials (CBOMs) provide a mechanism to track cryptographic assets and their dependencies. It also provides a path toward introducing and tracking quantum-safe solutions by making it easier to track deprecated ciphers. This is one area with rapid development and many vendors demonstrating SBOM tools and SBOM best practices.
Other Hot Topics
Other notable technologies and topics covered at the conference included:
- Zero Trust and Identity Protection — Identity compromise continues to be a top threat and the root cause of data breaches. With the current trends around remote work, virtualization and cloud deployments, data and identities are now stored outside of corporate perimeters. Incorporating a zero-trust model (never trust, always verify) plays a crucial role in protecting identity and corporate assets.
- Multi-Factor Authentication — More and more companies are moving towards MFA to reduce account compromises. However, different attack methods to bypass MFA — like MFA fatigue, SIM swapping and session hijacking — complicate this.
- Post Quantum Cryptography (PQC) — The discussion around PQC continues with the general guidance that the industry incorporate a “hybrid mode” of deployment for any new cryptographic solutions. As of August 2024, there is not yet a stable quantum computer capable of widespread practical use; however, cybercriminals continue to steal encrypted data with the expectation of decrypting it in the future. NIST plans to publish the first set of PQC standards by the end of this summer.
The RSA Conference is the flagship conference for cybersecurity experts. This year it brought together 41,000+ professionals, 650 speakers across 425 sessions and over 600 exhibitors in San Francisco. Read more about these cybersecurity trends and more RSA Conference topics in the tech brief, available exclusively to CableLabs member operators.
Did you know?
In addition to in-depth tech briefs covering events like the RSA Conference, CableLabs publishes short event recap reports — written by our technologists, exclusively for our members. Catch up on recent recaps (member login required).
Technology Vision
Shaping the Future: Developing a Healthy Ecosystem That Drives Technology Innovation
Key Points
- CableLabs invites our members, the vendor community and other industry stakeholders to join us in working to achieve the three pillars of our Technology Vision: seamless connectivity, network platform evolution and pervasive intelligence, security and privacy.
- Working groups bring members and others together to focus on industry challenges, priorities and technologies.
- We regularly host interoperability events to enable participants to work together on specific solutions and goals.
The future of broadband hinges on seamless, adaptive connectivity. CableLabs’ Technology Vision establishes the framework that will get us there by driving innovation and collaboration among our members, industry vendors and other stakeholders.
As we take the next step toward a future of context-aware connectivity and adaptive networks, the industry needs a healthy, collaborative ecosystem built on a shared vision of interoperability.
What will that look like? It starts with working together toward common goals.
What Should a Healthy Ecosystem Look Like?
As technology has evolved, user experience has become the most important driver of customer satisfaction. Users want networks that work effortlessly, anywhere and all the time. To achieve this vision of seamless connectivity, industry stakeholders must work together to:
Drive and Develop New Technologies
The technology to support seamless user experiences is still being developed, and there is still much work to be done in areas like individual network performance, optimal hand-offs between networks, responsive self-configuration and pervasive sensing. The industry still faces complex challenges in these areas, and these issues must be solved before we can realize the promise of true interoperability and seamless connectivity.
For example, one of the most exciting technologies emerging today is Network as a Service (NaaS), a solution that creates consistency across operators using a common set of APIs. At this year’s MWC Barcelona, we saw many examples of NaaS including the CableLabs demonstration of potential use cases.
With NaaS still in its early stages, CableLabs seeks to leverage working groups and collaborative projects to build on these developments to achieve the goal of unconstrained, intelligent networks that fade into the background of the user experience.
Build a Robust, Reliable Infrastructure
Seamless connectivity requires an extensive infrastructure that can maintain optimal network performance no matter where a user is. For example, coherent passive optical network (CPON), DOCSIS, 5G and Wi-Fi 6 and 7 technologies have all made significant progress, empowering faster speeds, lower latency and better reliability. However, advancements are still needed in areas like fixed network architectures, optics solutions, network telemetry and automation.
Encourage Collaboration to Ensure Alignment, Interoperability and Scalability
The new era of intelligent, adaptive networks and seamless user experiences will only be possible if industry stakeholders work together to solve key challenges. Collaboration lies at the heart of CableLabs’ Technology Vision with a focus on seamless connectivity, network platform evolution and pervasive intelligence, security and privacy. Our working groups and collaborative projects bring industry stakeholders together to address these challenges, ensure alignment, and create scalable, interoperable solutions.
Agree on Standards to Facilitate Ecosystem Integration
Interoperable devices require common standards and specifications. In cooperation with cable companies and equipment manufacturers, CableLabs works to develop publicly available specifications that help facilitate deployment of new technologies. As technology continues to evolve, the industry will need to continue operating with an agreed-upon set of standards to deliver the seamless experiences customers expect.
How Is CableLabs Working to Establish a Healthy Ecosystem?
Since its earliest days, CableLabs has remained committed to establishing long-term, cooperative technology innovation. Our founding mission was to plan and fund strategic research and development projects that require cooperative effort and to serve as a central source of information about technology development and innovation for the industry. That mission is still in place today.
The CableLabs Technology Vision builds on this rich history by defining a high-impact framework that will bring together CableLabs members, vendors, and others in the industry to advance the way we connect.
Together, we are working to improve the user experience by collaborating across key focus areas:
- Interoperability
- Fixed Network Evolution
- Advanced Optics
- Security & Privacy
- Specifications & Standards
- Network as a Service
- Fixed Mobile Convergence & Wireless
- Intelligence, Reliability & Performance
- Advanced Research
How You Can Get Involved
The future is bright for the broadband industry. We’re standing on the brink of a technology revolution that will change the way we live, work, learn and play. Here’s how you can join us in shaping the future:
CableLabs Working Groups
Working groups bring members and other stakeholders together to focus on specific industry challenges, priorities and technologies. The following working groups are accepting new participant applications:
Fixed Mobile Convergence & Wireless
- 3GPP Wi-Fi Tech (members only)
- 5G FMC Phase II (members and vendors)
- Next-Gen Wi-Fi (members only)
- Seamless Connectivity (members only)
Fixed Network Evolution
- 100G CPON (members and vendors)
- Common Provisioning and Management of PON (members and vendors)
- CPON Operator Advisory Group (members only)
- DOCSIS 4.0 ATP MAC (members and vendors)
- DOCSIS 4.0 MAC (members and vendors)
- DOCSIS 4.0 MSO (members only)
- DOCSIS 4.0 PHY (members and vendors)
- DOCSIS Technology OSS (members and vendors)
- DOCSIS Proactive Network Maintenance (members and vendors)
- Latency Measurement MSO (members only)
- Low Latency DOCSIS MSO (members only)
- Remote PHY (members and vendors)
Network as a Service (NaaS)
- NaaS (members only)
Security & Privacy
- Device Identification and Authentication (members only)
- Device Management and Identity Security (DMIS) (members only)
- DDoS Mitigation (members only)
- DOCSIS 4.0 Security (members and vendors)
- Future of Cryptography (members only)
- Gateway Device Security (GDS) (members and vendors)
- Mobile/Wireless Security (members only)
- Routing Security (members and NCTA)
- Zero Trust Infrastructure Security (members only)
Interop•Labs Events
These interoperability events provide opportunities for participants to work together on a specific technology solution or goal. Recent events have focused on DOCSIS 4.0 technology, zeroing in on areas like reliability, security and interoperability. Future events will include passive optical networking technologies and Open RAN.
Ready to take the next step? We invite you to engage with CableLabs’ Technology Vision, join a working group or attend our next Interop•Labs event. Join us in our mission to advance the way we connect!
Events
Join the Community Shaping the Future of Connectivity at SCTE TechExpo 2024
Key Points
- SCTE TechExpo, the largest broadband event in the Americas, is September 24–26, 2024, in Atlanta, Georgia.
- Broadband operators who are CableLabs members can receive complimentary full-access passes to the event.
Where will the industry be by 2030? Anticipating the future and creating a strategy to ensure resilience is challenging, with ever-increasing customer demands and new technologies continually reshaping the landscape. The next generation of connectivity must be fast, reliable, ubiquitous and inclusive.
Broadband providers are looking to deploy new technologies such as fiber and mobile services and leverage application programming interfaces (APIs), data and artificial intelligence (AI) to create smart, secure and dynamic networks that improve reliability and performance. These tools will also enable increased energy efficiency and faster launches of new services.
Setting the Stage for Industry Growth
Much more than just a conference, SCTE TechExpo is where the industry meets to spark inspiration, catalyze innovation and impact the future of broadband. TechExpo is the largest and most influential broadband event in the Americas.
The brightest minds in the industry will provide ground-breaking insights on use cases and cutting-edge innovations, organized into nine dedicated conference tracks:
- Wireline Network Evolution
- Wireless & Convergence
- AI & Automation
- Operations, Construction & Network Planning
- Network as a Service (NaaS)
- Security & Privacy
- Growth & Transformation
- Technology Policy
- The Human Factor
As well as the enriching practical knowledge to be gained from the sessions, TechExpo attendees can explore the latest innovations and technology transforming the industry in the exhibition. AI is prolific on the agenda, and a dedicated “AI Zone” will make its debut this year, with content appearing on two stages on the show floor, the Tech Talk Stage and The Loft.
CableLabs members can receive complimentary full-access TechExpo passes, which include all headliner and conference sessions as well as entrance to the exhibition and a private lounge. Members will have the opportunity to connect with other global operators, policy leaders, vendors, associations and visionaries, and collectively foster debate and dialogue around the industry’s most pressing topics.
Exhibitor and sponsorship opportunities are also still available.
Fuel the Future at SCTE TechExpo
“TechExpo will deliver an unparalleled opportunity to engage with industry CEOs, CTOs and decision-makers and to see emerging technologies and applications that will transform the industry,” says SCTE President and CEO Maria Popo. She will kick things off on the main stage, sharing the strategy and vision for SCTE.
Opening day headliners will set the bold vision to shape the world of broadband connectivity and the workforce powering it, featuring CableLabs President and CEO Phil McKinney and the co-chairs of this year’s TechExpo, Cox Communications President Mark Greatrex, and President and CEO of Liberty Latin America Balan Nair.
Appearing together to discuss workforce development, following Greatrex and Nair, will be the CEO and COO of Cable One. Rounding out the headliners on day one will be Deloitte’s global Future of Work leader, who will share her passion for making work better for humans and making humans better at work, using technology to enable and elevate human experiences, performance and outcomes.
Taking to the main stage on Wednesday, September 25, will be a CTO Town Hall set to include executives from Charter Communications, Comcast Cable and Cox Communications. Day two will also feature a Chief Strategy Officer panel featuring Liberty Global, Liberty Latin America and Rogers Communications executives.
Where Ideas Become the Blueprint for the Future
For over 40 years, SCTE TechExpo has been bringing the broadband community together to share, inspire and innovate. Join thousands of global attendees at TechExpo in Atlanta, Georgia, September 24–26, 2024, to discover cutting-edge innovation and experience thought leadership that unlocks new possibilities, ignites change and energizes the industry around a shared vision of advancing the way we connect the world.