Security
Raising the Bar on Gateway Device Security
Today, CableLabs® has publicly released a set of best common practices (BCP) to enhance the security of cable modems, integrated access points, and home routers (collectively, known as “gateway devices”) against malicious activity and other cyber threats. This work builds on and extends CableLabs’ and the cable industry’s longstanding leadership in cybersecurity to ensure a consistent and robust baseline for gateway device security, increased economies of scale, and an ontology for simplified communication and procurement between network operators and device manufacturers.
The BCP Working Group is comprised of security technologists from CableLabs, network operators from around the world, and gateway device manufactures, including representatives from CableOne, Charter, Cisco, Cogeco, Comcast, Commscope, Cox, Liberty Global, MaxLinear, MediaCom, Shaw and Technicolor. In developing the BCP, the Working Group drew heavily upon well-established and widely accepted security controls, recognized broadly by industry and government security experts.
The cable industry has long employed extensive network security practices to ensure the confidentiality, integrity and availability of broadband services, including gateway devices. The BCP expands and standardizes these network security practices for gateway devices and complements cable operators’ broader set of security practices. For instance, DOCSIS® Security testing is performed on all gateway devices to ensure DOCSIS protocol conformance, including the verification of the correct implementation of public key infrastructure (PKI) authentication and identity management, BPI+ encryption, and EAE (Early Authentication and Encryption) secure provisioning requirements.
The BCP document goes beyond DOCSIS Security requirements and provides a framework for the full range of security considerations applicable to gateway devices, including hardware and manufacturing considerations, default security settings, configuration procedures, secure boot, roots of trust, software/firmware development and verification, encryption requirements for both data in transit and data at rest, and physical security, among others. To further ensure the robustness of the BCP, the working group compared and mapped the BCP to NIST’s general guidance for connected devices used by the federal government, to help confirm the scope was fully comprehensive of applicable security considerations.
The BCP represents the industry coalescing around a common set of security baseline requirements that furthers the following critical goals:
- Provide a common framework for security elements and controls within gateway devices, including cable modems, integrated Wi-Fi access points, and home routers, to align the varied approaches to device security across the industry.
- Create a community of manufacturers and network operators collaborating to enhance gateway device security.
- Leverage well-established and well-vetted security controls and practices to minimize the risk of unknowingly introduced vulnerabilities or other security weaknesses.
- Harmonize security requirements across network operators to drive increased economies of scale, lowering the cost of broadband deployment.
- Further protect network resources and broadband service from malicious attacks.
- Provide a framework for network operator assurance that enables verification of testable practices and configurations.
- Enable alignment across standards, regulatory, and compliance regimes through a transparent and open set of best common practices.
- Establish a security framework for gateway devices that builds in flexibility and agility, so that manufacturers and network operators can address and adapt to new threats and changes in the cyber risk landscape.
While this initial release is an important achievement, one that strives to be comprehensive in terms of security posture for gateway devices, we all recognize that this field is constantly evolving and advancing. We see the BCP as a framework that must and will be updated and maintained as network technology, device security, and unfortunately, adversary techniques continue to evolve. To that end, we invite and welcome additional gateway and modem manufacturers as well as additional network operators to join the working group as we continue to progress this effort.
On October 13, 2021, at 3:00 pm ET, we invite you to join our virtual panel session at SCTE Cable-Tec Expo to discuss and further explore Gateway Device Security and our work to develop the BCP.
HFC Network
How Reliable Is Cable Internet? Here’s How Our Networks Are Performing
Starting in mid-March, the world experienced a sudden surge in internet usage driven by the widespread COVID-19 stay-at-home orders that caused many of us to switch to working and studying at home in a matter of days. Cable broadband networks not only withstood this sudden surge in internet usage; they excelled. For example, for the week of June 27–July 4, 99.9 percent of U.S. cable broadband users saw no material impact on customer experience. Looking to the future, cable networks are also well-positioned to remain ahead of sustained increases in consumer demand. Although internet usage appears to have plateaued recently, CableLabs and the broader cable industry continue to develop further network advancements to ensure that internet performance stays well ahead of even the most demanding home users’ needs for years to come.
Internet Usage During COVID-19 and Cable Broadband Services
Network monitoring provider OpenVault reveals just how much home internet usage jumped over the past few months:
- In the United States, average daily downstream consumption from 9 a.m. to 5 p.m. in the first week of April totaled about 6.35 GB per household, up 42 percent from 4.46 GB in January. Upstream average usage during business hours rose to 0.39 GB, up 83 percent compared with 0.22 GB in January.
- Worldwide, looking at a sample of 500 fixed, mobile and Wi-Fi network providers, networking equipment provider Sandvine found that overall traffic increased 40 percent between February 1 and April 19. It also found that upstream traffic rose 121 percent during this period.
Even considering these dramatic increases, home internet use remains heavily asymmetrical. The amount of data transmitted to the home (downstream) vastly outweighs the amount of data transmitted from the home (upstream). This is driven by the continued use of video streaming services (e.g., Netflix, YouTube) that require substantial amounts of data to be transmitted to the home to enable the user to view a movie, TV show or other video. These applications require very little data transmitted from the home.
Two-way video collaboration tools (e.g., Zoom, Microsoft Teams) do require more data to be transmitted from the home (upstream) in comparison with video streaming services due to two-way audio and video functionality. Even with the increased use of these collaboration tools, upstream data transmissions remain well below a tenth of total data transmitted over home internet connections.
The predominance of downstream use is further confirmed in the detailed examination of broadband use from a top-tier North American cable broadband operator, as set forth in Figures 1 and 2 below. Over the past 8 years, the proportion of downstream traffic has increased and plateaued at roughly 92–94 percent of total traffic at peak. Looking more closely at the most recent 5 months illustrates the rapid increase in internet use due to COVID-19. Even with upstream increasing at a faster rate than downstream, upstream use at peak maxed out at only 9 percent of total traffic, as illustrated in Figure 2. Additional metrics, trends and observations on cable internet usage can be found on NCTA’s COVID-19 Dashboard.
Cable Broadband’s Outlook Is Healthy
The asymmetric design of cable’s internet service tiers accurately matches how consumers have been using the internet, even with the increased use during stay-at-home orders. This is important both to ensure a high-quality user experience and to efficiently allocate available network capacity. Cable operators continually monitor their networks and engineer them to accommodate significant fluctuations. There are indications that these increased levels of usage will be foundational as new use cases emerge and as a significant segment of the population continues to work and learn from home. For example, many companies have found that their remote workers maintained or even improved productivity—so much so that they may make the arrangement permanent.
Cable network technology, more formally known as Data Over Cable Service Interface Specification (DOCSIS®), has the flexibility and performance capabilities to handle further increases in consumer demand in both downstream and upstream data transmissions. With DOCSIS 3.1 technology, the current widely deployed version of cable network technology, cable operators are making gigabit services broadly available. For example, cable gigabit services are now available to 80 percent of U.S. housing units.
And there are more performance enhancements on the horizon with the recently released DOCSIS 4.0 specification, which will readily enable multi-gigabit internet services. In addition, the 10G platform provides increased reliability, enhanced security and reduced latency.
Taking a peek into the future, cable broadband networks have not only excelled in the initial surge in internet usage caused by the COVID-19 pandemic, but they will be ready for the potential long-term changes in consumer behavior that will drive increased internet usage. To learn more about the technologies that power cable’s broadband internet services today and into the future, click the button below.
Policy
Driving Increased Security in All IoT Devices
CableLabs engages with the IoT industry and the broader stakeholder community, including governments, to help drive increased IoT device security. The rapid proliferation of IoT devices has the potential to transform and enrich our lives and to drive significant productivity gains in the broader economy. However, the lack of sufficient security in a meaningful number of these newly connected devices creates significant risk to consumers and to the basic functionality of the Internet. Insecure IoT devices often serve as building blocks for botnets and other distributed threats that in turn perform DDoS attacks, steal personal and sensitive data, send spam, propagate ransomware, and more generally, provide the attacker access to the compromised devices and their connections.
To help address the challenge of insecure IoT, CableLabs along with 19 other industry organizations came together to develop “The C2 Consensus on IoT Device Security Baseline Capabilities” released earlier this week. The broad industry consensus identifies cybersecurity baseline capabilities that all new IoT devices should have, as well additional capabilities that should be phased in over time. The development kicked off in March with a workshop hosted by the Consumer Technology Association (CTA). Over the past months, the group has coalesced around the identified cybersecurity capabilities. These include capabilities in the areas of device identity, secured access, data protection and patchability, among others.
CableLabs has also engaged with the National Institute of Standards and Technology (NIST) as it develops its recently released draft report, “Core Cybersecurity Feature Baseline for Securable IoT Devices: A Starting Point for IoT Device Manufacturers.” Both industry and governments largely agree on the capabilities that must be included to increase device security. Like the C2 Consensus, NIST focuses on foundational cybersecurity capabilities, including device identity, secure access, patchability of firmware and software, protection of device configuration and device data, and cybersecurity event logging.
The cybersecurity capabilities identified in the C2 Consensus and NIST will help prevent and minimize the potential for exploitation of IoT devices. Both documents provide a strong foundation and help point IoT manufacturers in the right direction on how to increase device security. However, cybersecurity is an ongoing journey, not a destination. Security practices must evolve and continue to improve to address new and emerging threats and changes in technology. This foundation must continue to be built on overtime.
CableLabs has long been a leader in the development of security technologies. For decades, CableLabs has helped guide the cable industry in incorporating many of the identified security capabilities into cable devices and has ensured the maintenance and advancement of these capabilities over time. For instance, since the first DOCSIS specification in 1997, CableLabs has helped ensure the protection of data: All traffic flows between each cable modem and the CMTS are encrypted to protect the confidentiality and integrity of those transmissions. This is not a once-and-done process; CableLabs has and must continue to advance the cryptography used in cable devices to protect against new and more powerful brute force attacks and other potential threats. Similarly, nearly 20 years ago, CableLabs adopted PKI-based digital certificates to support strong device identity and authentication for devices connecting directly to the cable network (e.g., cable modems, Internet gateways, set-top boxes). Since the initial implementation, CableLabs has continued to advance its PKI implementation to address new and emerging threats.
CableLabs has leveraged its experience and success in developing and implementing cybersecurity technologies in cable devices to help drive increased security in IoT devices. The underlying fundamentals, as well as many of the approaches to implementing, are transferable to IoT, as detailed in our white paper, “A Vision for Secure IoT”. We’ve not only engaged with the C2 Consensus and NIST’s IoT security efforts, but also in industry specification organizations, specifically the Open Connectivity Foundation (OCF)—to develop secure interoperability for IoT devices. OCF has implemented nearly all of the identified capabilities in its specification, tests for the capabilities in its certification regime, and provides the capabilities, free of charge, in its open source reference implementation – IoTivity.
Since publishing “A Vision for Secure IoT” in the summer of 2017, industry and the broader stakeholder community, including governments, recognize and have begun to address the challenge of insecure IoT.
Events
CableLabs Sponsors FCBA/IAPP “Data Is King”
Many of today’s most popular consumer products and services are powered by the exponential growth in the generation, collection and use of personal data, enabled by ever-increasing broadband capacity, processing power and storage. These products and services provide consumers with unparalleled personalization, efficiency and convenience. However, the technologies and practices surrounding personal data also create new dimensions of risk to individuals, institutions and society alike.
In response, governments both in the United States and around the world are under increasing pressure to develop new legislation and regulatory models to address these growing concerns. In the past year alone, we have seen the implementation of the European Union’s sweeping General Data Protection Regulation (GDPR), the passing of the California Consumer Privacy Act, and multiple hearings in the U.S. Congress stemming from numerous data breaches and other scandals involving the potential misuse of consumers’ personal data. Here at CableLabs, we recognize the interplay and potential impact of emerging privacy regulations on the direction of next-generation Internet applications.
In that spirit, CableLabs sponsored “Data Is King” – U.S. Privacy Developments and Implications for Global Markets and Technology Development, a recent event co-hosted by the Federal Communications Bar Association (FCBA) Rocky Mountain Chapter and the IAPP Denver/Boulder KnowledgeNet Chapter. The event gathered luminaries from across the policy and technology spectrum to explore trends and recent developments in privacy law and regulation, as well as the potential impact that these policies will have on the products and services of tomorrow.
The event was kicked off by Martin Katz (Chief Innovation Officer and Senior Advisor for Academic Innovation and Design at the University of Denver and the Executive Director at Project X-ITE). Katz discussed the existing gaps and fragmentation in today’s U.S. privacy regime and highlighted the drawbacks of the EU’s approach to comprehensive personal data protection legislation (GDPR). In Katz’s view, such an approach creates a significant and costly compliance regime that can stifle new startups and small businesses, and more generally, innovative new products and services. He emphasized that any comprehensive U.S. federal regime should recognize and seek to minimize compliance costs and ensure room for innovation while protecting consumer choice, trust and accountability.
Tracy L. Lechner (Attorney and Founder at the Law Offices of Tracy L. Lechner) moderated the first panel session, focused on trends and recent developments in privacy regulations domestically and internationally, with the following panelists: Beth Magnuson (Senior Legal Editor of Privacy and Data Security at Thomson Reuters Practical Law); Dale Skivington (Compliance and Privacy Consultant, Adjunct Professor at the University of Colorado, and Former Chief Privacy Officer at Dell); Erik Jones (Partner at Wilkinson, Barker, Knauer); and Scott Cunningham (Owner at Cunningham Tech Consulting and Founder of IAB Tech Lab).
The panelists agreed that the general position of industry has evolved from a preference for best practices with agency oversight to a recognized need for U.S. federal legislation. This shift has been spurred by a desire for a common compliance framework in light of developing differences in state laws and diverging international privacy regimes. The panelists emphasized that changing privacy regulatory requirements has forced organizations to make frequent and costly IT overhauls to ensure compliance that arguably create little to no value for consumers. For instance, GDPR’s expansive definition of “personal data” created a herculean project for large organizations to take the foundational step of identifying and classifying all the potentially covered data. The panelists agreed that state attorneys general could have a valuable and thoughtful role in enforcement, but they also believe that specific requirements should be standardized at the federal level and be based on an outcome- or risk-based approach, unlike GDPR’s highly prescriptive approach.
Mark Walker (Director of Technology Policy at CableLabs) led a second-panel discussion, focused on the interplay of privacy regulation and technology development. The panel featured Walter Knapp (CEO at Sovrn), Scott Cunningham and Danny Yuxing Huang (Postdoctoral Research Fellow at the Center for Information Technology Policy at Princeton University). Walker framed the panel discussion in historic terms, highlighting the privacy concerns generated through the widespread availability of the portable camera in the late 1800s, through the emergence of electronic eavesdropping capabilities in the 1960s and, more recently, through the broad adoption of RFID technology. For each of these examples, public concern drove legal and regulatory changes, but more fundamentally, the privacy “panic” subsided for each technology as society became more familiar and comfortable with each technology’s balance of benefits and drawbacks.
Through that lens, the panelists examined GDPR and highlighted the high associated compliance costs, from both a technical implementation and revenue perspective. Faced with these costs, many smaller publishers are choosing to cut off access to their content from covered geographies rather than trying to comply. In comparison, large Internet firms have the resources to ensure compliance even in a costly and highly fragmented regulatory environment. Until recently, the Internet has largely matured without defined geographic borders and has nearly eliminated global distribution costs for smaller publishers. However, this trend may be reversed in the face of an emerging fragmented and highly regulated environment, reducing the viability of smaller publishers and driving unintended market concentration.
Turning to emerging technologies, Huang described his research into the security and privacy implications of consumer Internet of Things (IoT). He provided an overview of a newly released research tool, Princeton IoT Inspector, that consumers can easily use to gain detailed insights into the network behaviors of their smart home IoT devices. Through this tool, consumers can gain a better understanding of how IoT devices share their personal information. He illustrated how IoT Inspector was able to identify the numerous ad networks and other domains a streaming video device communicated with while streaming a single television program; surprisingly, the streaming device communicated with more than 15 separate domains during that single streaming program.
The event closed with Phil Weiser, Colorado’s Attorney General, providing keynote remarks that outlined the current state of legislative efforts, explained potential approaches that address key privacy challenges and highlighted the role of state attorneys general in developing regulatory approaches and enforcing them. Attorney General Weiser recognized that although curbing a patchwork of state laws in favor of a single federal one would be the ideal outcome, it is unlikely to happen in a reasonable timeframe, saying:
A first best solution would be a comprehensive federal law that protected consumer privacy. Such a law, like the Dodd-Frank law, should authorize State AGs to protect consumers. When Congress starts working on such a law, I will be eager and willing to support such an effort. After all, differing laws and reporting requirements designed to protect privacy creates a range of challenges for companies and those working to comply with different—and not necessarily consistent—laws.
In today’s second-best world, I believe that States have an obligation to move forward. We should do so with a recognition that we need to collaborate with one another and develop approaches that recognize the challenges around compliance. We can use your help and engagement and we work towards just this end.
As CableLabs continues to focus on developing new and innovative network technologies, we must continue to ensure that we have a sound understanding of the rapidly evolving privacy landscape, both here and abroad. But, just as importantly, policymakers should have a sound understanding of how the various regulatory approaches may impact current and developing technologies. Events like this help bridge those gaps in understanding.
Policy
Driving Global Connectivity Well Beyond Cable Technology
CableLabs participates in more than 30 unique standards organizations, industry consortia, and open source efforts.
CableLabs is focused on developing innovative technologies, not only in the performance of cable’s hybrid fiber coax (HFC) networks, but also in many areas that extend beyond the traditional cable network, including wireless (both licensed and unlicensed), cybersecurity, network function virtualization (NFV), optical technologies for access networks, and the application of artificial intelligence (AI) and machine learning to network management and orchestration. To be successful, CableLabs recognizes that, in these areas beyond traditional cable technology, it must engage and work with the broader technology community to drive advancements. This effort is visible through CableLabs’ deep commitment to leading and contributing to standards organizations, industry consortia, and open source efforts in these broader areas.
Developing standards and industry specifications are at the core of CableLabs, which has been in the specification and standardization business since its inception over 30 years ago. In 1997, CableLabs released the initial version of the Data Over Cable Service Interface Specification (DOCSIS), the technology that enables broadband service to be provided over an HFC network. Standardization of the cable interface specification allowed the cable network operators to work at scale with the network equipment manufacturers to build the interoperable technology needed for cable to meet the exploding demand for broadband Internet access.
Ever since, CableLabs, along with its members and the vendor community, has continued to advance DOCSIS technology. Cable operators today have largely moved to DOCSIS 3.1 technology, enabling the availability of gigabit-speed broadband across nearly the entire cable footprint in the US, and driving towards a “10G” network capability. As cable has broadened its focus, CableLabs has responded by broadening its standards efforts and industry engagement.
Improving Wi-Fi and Enabling 5G through Wireless Standards Engagement
CableLabs contributes significantly to almost a dozen different standards organizations to improve wireless connectivity through standardization related mechanisms. Our work is not restricted to improvements in the traditionally separate spheres of in-home and mobile wireless and includes work toward a seamless network convergence for the future. Along those lines, CableLabs is engaged in the O-RAN Alliance, where we are leading an effort to establish an open virtualized RAN (“radio access network”) fronthaul specification which will allow for low-cost small cells with DOCSIS network backhaul.
At 3GPP, CableLabs is driving the Wireless-Wireline Convergence (WWC) effort to make the operation, management, and traversal of 5G wireless networks and 10G DOCSIS networks more seamless. CableLabs is also working to bring consumers a faster and safer in-home network experience through a next-generation adaptive security platform, CableLabs ® Micronets, which enables enterprise-level smart security at home. Beyond making home networks safer, we’re working to make them more powerful; exhibited by our role in achieving recent milestones with carrier-grade Wi-Fi certification through the Wi-Fi Alliance’s VantageTM and launch of the new EasyMeshTM certification program.
Driving Increased Performance of Optical Technologies in the Access Network through Broad Industry Collaboration
As cable drives its fiber infrastructure deeper into the HFC network, CableLabs has developed new technology for use of fiber in the access portion of the network and has promoted standardization of such technology. We are involved at several global standards development bodies—including IEEE, ESTI, O-RAN, and SCTE where we work to level-up all aspects of the fiber network. These efforts combine our internal specification development— work (such as Coherent Optics specifications) with broad industry collaboration in order to deliver dramatic improvements to the access network across all areas. This means that while working toward ever faster speeds through developing the next generations of PON protocols, the whole network ecosystem needs to be addressed, which includes innovation in network operations with projects such as Proactive Network Maintenance (PNM).
Building a Common, Secure, Foundation for IoT Devices of the Future
CableLabs envisions a future empowered by technologies that improve our lives—a future where augmented reality (AR)/ virtual reality (VR) head-mounted displays, video walls, AI-enabled media, ubiquitous Internet of Things (IoT) devices, light field holodecks and displays (as seen in our latest Near Future video) are just the beginning. However, in order for AR/VR devices to be populated with high-quality content, for video walls to connect seamlessly, or for our IoT devices to assist us securely, we will first need high-quality, secure, industry-driven standards on which the technology and applications can be built. This belief has led to our involvement in the Open Connectivity Foundation (OCF), an industry effort to develop a secure interoperability specification for IoT.
Catalyzing the Future of Immersive Media Experiences
Recognizing the importance of building consensus throughout the ecosystem, even beyond the broadband network, CableLabs is significantly involved in and contributing technical expertise toward a number of emerging technology areas, including significant projects in video, VR/AR, and immersive media. Essential to the actual adoption of standards, we recently played a founding role in establishing Media Coding Industry Forum (MC-IF) to address patent licensing of future MPEG codecs. In addition, we announced a new collaboration called IDEA (Immersive Digital Experiences Alliance) to establish and promote end-to-end delivery of immersive content, including light fields, over broadband networks.
To learn more about our work in standards, open source, and industry consortia please see our members-only (login required) Standards Strategy Update (April 2019) on current engagements.
Policy
The Gigabit Internet Dream Continues to Expand
Cable gigabit service availability continues to expand – as of June 2018, 63% of U.S. housing units – 74% of the cable broadband footprint – had gigabit service or better available from their local cable operator. This is up seven percentage points in just three months and has expanded by 16X in 18 months. Cable is making the gigabit Internet dream a reality. Coincident with this update of the cable industry’s gigabit deployment data, we are also releasing a new installment in our Inform[ED] Insights series that explains the technology that enables these gigabit networks.
Cable’s deployment of high-capacity broadband networks is enabling the gigabit services of today and the symmetric multi-gigabit services of tomorrow. With the wide availability of gigabit service and beyond, the broadband infrastructure is in place to power emerging technologies that will transform and enhance our lives through immersive entertainment, next-generation healthcare and a reimagination of education and work.
CableLabs and the cable industry are continuing to advance the capacity and performance in each segment of the cable broadband network to remain well-ahead of consumer demand. We are focused on developing innovative network technologies in the areas of coax (e.g., DOCSIS 3.1 and full duplex DOCSIS), fiber (e.g., coherent optics in the access network), and wireless (e.g., Wi-Fi and 5G), as well as defining optimal network architectures to provide the necessary capacity and performance in each segment of the network for today’s gigabit services and those anticipated in the future.
Ready to see how the cable industry is driving gigabit speeds from the lab to the consumer? Click on the link below to download our new Inform[ED] Insights white paper.
Innovation
Living the Gigabit Internet Dream
“Gigabit” is the Internet dream. It means connectivity at blazing-fast speeds, with enough bandwidth for any device imaginable, where the online world is your oyster. Cable is rapidly making this dream a reality by making gigabit Internet service available to consumers.
Looking back just a couple of years, the prospect of widely available gigabit service was unimaginable. As of December 2016, only 4% of US housing units had cable gigabit available. In just fifteen months, cable operators in the US have increased that number by 14X. CableLabs regularly surveys our members, and we know that as of March 2018, 56% of US housing units – 66% of the cable broadband footprint – had gigabit service or better available from their local cable operator. That number is poised to climb higher as DOCSIS 3.1 technology is deployed across cable networks.
But, This is Only the Beginning of the Story
CableLabs and the cable industry are investing in further network innovations to enable broadband technology to stay well ahead of customer demand for years to come.
Over the past 35 years, available consumer Internet speeds have followed what is known as Nielsen’s Law, increasing at roughly a 50% compound annual growth rate. Gigabit service is just the latest step in the history of ever-increasing speeds. If past is prologue, we can expect to see the availability of 10-gigabit service offerings around 2024, enabling experiences that are difficult to imagine today.
Pushing the Gigabit Internet Envelope
The cable industry is preparing for our ever-faster future. We’re examining each segment of the network and developing new technologies to advance the performance of cable networks. The main elements of our work to drive further capacity and performance are:
- DOCSIS: CableLabs is currently working to commercialize the next generation of DOCSIS technology. Full Duplex DOCSIS 3.1 will enable cable operators to provide symmetric gigabit service to customers – eliminating the upstream constraint and fully unleashing the power of cable.
- Fiber: To ensure sufficient capacity in the fiber portion of the cable network, CableLabs has focused on adapting coherent optics. Coherent optic technologies have the potential to increase the per-strand capacity in cable networks by orders of magnitude over currently available digital optics technologies. This is an essential element in cable’s fiber-rich networks to deliver greater performance for consumers.
- Wireless: We all experience our broadband service through our Wi-Fi connection. So, our ability to take full advantage of cable network advancements depends on the performance of that Wi-Fi connection. To ensure the reliability and improve the overall performance of Wi-Fi, CableLabs has developed protocols for Wi-Fi proactive network maintenance (Wi-Fi PNM) to quickly solve connectivity problems, advanced global standards for Wi-Fi to usher in next-generation technologies, and increased wireless bandwidth through spectrum policy engagement.
The continued innovations of CableLabs and the cable industry have enabled cable operators to provide broadband service that is well ahead of consumer demand. Cable networks are high-capacity, efficient, and future-ready to meet ever-increasing consumer demand for broadband performance.
For more information on how the cable industry is driving gigabit speeds from the lab to the consumer, please click below.
Events
CableLabs Hosts “Cyber Risks in an IoT World”
Security provides the fundamental trust that enables the growth of broadband, and as the number of connected devices grows rapidly, all actors must make it a priority. The cable industry’s security expertise and investment positions it to play a constructive role in this rapidly evolving, global challenge. Here at CableLabs, we continue to focus on cybersecurity in our innovation and R&D work, and we recognize the interdependence of public policy and technology developments in this area.
In that spirit, we recently hosted an event at our facilities in Colorado entitled Cyber Risks in an IoT World, which was co-presented by the Rocky Mountain Chapter of the Federal Communications Bar Association (FCBA) and Silicon Flatirons. Our primary goal was to shine a spotlight on key elements of federal cybersecurity policy and the evolving risk faced by enterprises in light of the rapid proliferation of Internet of Things (IoT) devices. The event featured Evelyn Remaley, Deputy Associate Administrator at the Office of Policy Analysis and Development of the National Telecommunications and Information Administration, U.S. Department of Commerce, among other notable speakers and attracted over 60 attendees from the local and regional technology policy and legal communities.
CableLabs’ Rob Alderfer kicked off the event by laying out the broader context, including the trends that are driving increased risk to consumers and the basic functionality of the Internet. With the constant barrage of new cyber incidents, often driven by IoT devices vulnerable to exploitation, governments at all levels are taking notice and grappling with the rapidly evolving threat. Cybersecurity is no longer the domain of the IT department, but rather a key area of governance for all enterprises. You can read more about our vision for improving IoT cybersecurity here.
Clete Johnson (Wilkinson Barker Knauer, LLP) provided a primer on federal cybersecurity policy that cast the Internet and enterprise networks as the battlefields, espionage platforms, and crime scenes of the 21st century. The current regulatory landscape can be subdivided into several broad areas: the threat environment, the policy environment, government activities, and the developing policy consensus across government and industry. The threat environment is characterized by the increasing number of more and more severe attacks. These attacks originate from both non-state actors (organized crime groups, proxies for nation-states, hacktivists, and, potentially, terrorists) as well as state actors (Tier I intelligence services and their allies and partners). However, the line between non-state and state actors often blurs and these groups often overlap. Johnson also detailed the developing policy consensus that centers around dynamic, flexible risk management; a shared responsibility across all stakeholders; mutually beneficial public-private partnerships; and a move beyond the “punish the victim” enforcement. This developing consensus is largely embodied in the Cybersecurity Executive Order and its implementation.
Evelyn Remaley (NTIA) delivered the keynote presentation on the Cybersecurity Executive Order, the developing Botnet Report required by the Order, and, more broadly, the NTIA’s work in cybersecurity through the multi-stakeholder process. Remaley emphasized that NTIA recognizes the complexity of the ecosystem and sees it as a multi-textured and evolving global system that requires an agile, inclusive cyber policy approach. Two truths underlay that perspective:
- To protect innovation, there must be stakeholder-driven policy outcomes that are flexible enough to adapt quickly to changes in technology
- No single industry sector or the government will be able to solve the challenges facing the Internet ecosystem, because while the Internet is largely managed by the private sector, governments, civil society, and individuals all have key roles. Successfully addressing cyber threats requires collaborative efforts from across the Internet ecosystem. The ongoing effort to produce the Botnet Report is an example of this collaborative approach in action.
Panel Discussion with Evelyn Remaley
The panel discussion following Remaley’s presentation tackled both baseline questions around the incentives at play in the current IoT ecosystem and the upcoming Botnet Report’s role in addressing the risk of distributed threats, as well as practical questions about where the policy development process goes after the final report is released. Mark Walker moderated the panel discussion between Evelyn Remaley (NTIA), Michael Bergman (Consumer Technology Association), and Tracy L. Lechner (Brownstein Hyatt Farber Schreck, LLP). The panelists discussed the incentives misalignment that keeps a significant number of IoT providers from investing in better device security, including the perception that consumers do not place a significant value on security and that increased security comes at a significant cost (time and/or money). They also discussed the availability of effective security controls and the various industry efforts to drive increased adoption of those controls.
Panel Discussion on Risk Landscape for Enterprises
The final session entitled The Risk Landscape for Enterprises: Attacks, Recovery, Liability, and Compliance covered the cybersecurity threat landscape from the enterprise perspective. This panel was moderated by Blake Reid (University of Colorado Law School; Silicon Flatirons) who lead the discussion with Paul Diamond (CenturyLink), John Diana (LogRhythm, Inc.), Ryan Howe (Webroot, Inc.), and Deborah Shinbein Howitt (Lewis, Bess, Williams & Weese, P.C.). The discussion focused on the challenges enterprises of all sizes face when tackling the rapidly changing cybersecurity risk landscape, including limitations on resources and talent, as well as the task of understanding and complying with the numerous legal obligations coming onto the scene. Much like developing a cybersecurity program, building up the required legal policies begins with identifying the most critical data a business handles (e.g., healthcare information, social security numbers, credit card information) and then creating incident response plans that meet the most stringent obligations in those areas first. The NIST Cybersecurity Framework was highlighted as providing an enterprise with a structured approach to assessing cybersecurity risks and developing a robust cybersecurity program that matches its unique needs.
As CableLabs continues to focus on developing new and innovative security technologies, we must continue to ensure we have a sound understanding of the rapidly evolving cybersecurity policy landscape, both here and abroad. But, just as importantly, policymakers should have a sound understanding of current and developing technologies. Events like this help bridge those gaps in understanding.
Security
Cable’s Role in Cybersecurity
The cable industry does more than just provide internet connectivity for millions of customers: it also plays an active role in driving security in the broader internet ecosystem. Cable operators have a long history of successfully defending against attackers seeking to steal service, customer data and video content. The cable industry has been protecting the delivery of high-value video content for over 30 years through technology that has never been breached in a successful, scalable manner. Moreover, the industry has been setting fundamental broadband security features through cable internet access standards for over 20 years to ensure the confidentiality, integrity and availability of cable broadband services globally. As the details and motivations of attacks continue to evolve, so does the security incorporated by cable operators.
Of particular focus for CableLabs is the urgent need to address the risks associated with insecure internet-connected devices (“Internet of Things” or “IoT”). IoT represents the next major axis of growth for the internet. But, without a significant change in how IoT providers approach security, the explosion of connected devices increases the risk to consumers and to the basic functionality of the internet. The consensus forecast has the number of devices connected to the internet doubling (or more) between 2016 and 2020. To the extent these devices do not contain sufficient security, the number of potential attack vectors will multiply rapidly as IoT proliferates.
A Comprehensive Approach to Addressing Insecure IoT
A combination of mitigation and prevention is necessary to fully address the current and emerging threats posed by insecure IoT. The cable industry recognizes that addressing these security risks (e.g., botnets) is a shared responsibility across the entire internet ecosystem. To this end, cable operators have invested substantially in developing and deploying measures to reduce the risks associated with insecure IoT, including DDoS and other botnet attacks, with a primary focus on protecting networks to ensure the availability of broadband service.
Mitigation
Cable industry efforts to improve measures that seek to mitigate attacks against their networks and their customers include both individual and collaborative measures:
- The development and advancement of compromised-device detection and identification systems
- Customer notification and remediation programs
- Distributed denial of service (DDoS) monitoring and mitigation systems
- IP-address spoofing prevention technologies and cybersecurity information sharing systems
In addition to maintaining and expanding these existing techniques, CableLabs and cable operators are also working on next-generation networking technologies to help reduce these risks.
Prevention
Although Internet Service Providers (ISPs), including cable operators, have been working on mitigating the effects of compromised and insecure devices for more than 15 years, these efforts ultimately only address the symptoms and not the root cause of the problem. The challenge of this task has already begun to outpace current and anticipated techniques. Unfortunately, IoT providers have not generally incorporated the needed security measures or committed to maintaining the security of their IoT devices. To fully address the risks posed by insecure IoT devices, IoT providers must drive increased security into future connected devices. Preventing compromised devices must be a substantial part of the industry’s shared responsibility in addressing the risks posed by insecure IoT to consumers and the internet.
Increasing IoT Security through an Industry-Led, Standards-Based Approach
Industry-led standards represent the most promising approach to increase IoT security. Given the global and constantly evolving nature of threats, the industry must utilize its expertise with a goal to develop, adopt and enforce fundamental IoT security measures. To achieve the needed level of security, an IoT security standard must address:
- Device identity
- Authentication, authorization, and accountability (onboarding)
- Confidentiality
- Integrity
- Availability
- Lifecycle management
- Future (upgradable) security
A robust technical standard is necessary, but not sufficient. To establish value and credibility in the marketplace, an open and balanced development organization must be established to ensure due process and consensus, drive widespread adoption of the standard, address the intellectual property rights of participants and ensure conformity through strong certification testing and enforcement of the standard.
To this end, CableLabs and a number of cable operators are actively engaged in the Open Connectivity Foundation (OCF). The OCF is an industry effort to develop an open specification to enable connected devices to securely communicate with one another regardless of manufacturer, operating system, chipset or physical transport. OCF membership is broad-based with over 300 members, including leading companies at all levels of the IoT space – silicon, software, platform and finished-goods. CableLabs and Comcast hold board seats and CableLabs chairs the Security Work Group of OCF. In addition, CableLabs contributes to IoTivity, a Linux Foundation Collaborative Project sponsored by OCF, which provides an open source reference implementation of the OCF specification that will further enable broad adoption.
Engaging with the Broader Internet Ecosystem
CableLabs and the cable industry have enabled cable-based security technologies to be leveraged in the wider internet ecosystem, including in Wi-Fi hotspots, smart grid devices and medical communications, through CableLabs’ subsidiary, Kyrio. The cable industry also provides broad-based technology thought leadership on security through substantial contributions to the Internet Engineering Task Force (IETF), the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), Wi-Fi Alliance and the Broadband Internet Technical Advisory Group (BITAG), among other leading technical bodies.
Broadband service continues to become more integral to economic activity and social connectivity. The number of connected people and devices continues to grow, as does broadband network capacity and performance. Security provides the fundamental trust that enables these trends, and as the internet ecosystem grows, all actors must make it a priority.
You can find more information about CableLabs' role in securing the future in our Inform[ED] Insight papers "A Vision for Secure IoT" and "Securing Networks in the Broadband Age."
Education
Enabling the Transformation of Education
Education, like every other part of life, is being fundamentally transformed by the ubiquity of connectivity and inexpensive computing and storage. Technology is enabling this transformation, but it is driven by the much broader trend in the economy — the transition of the workforce from a manufacturing economy to a knowledge economy.
On July 19-20, CableLabs hosted an Education Summit that brought together thought leaders from across the education sphere and the cable industry to explore the current challenges facing education as well as those of the future. The education system is beginning to see the transformative potential of technology — whether through "one-to-one" initiatives, integration of virtual reality, or gamification. Through the two-day event, three trends stood out in driving a fundamental transformation of education.
Fundamental Shift Toward Experiential and Problem-based Learning
Not surprising to anyone, the need to memorize facts has been largely replaced by Internet search, but unfortunately, the education system is still catching up. The skills for the jobs of today and tomorrow require problem solving, critical thinking, creativity, communication, and collaboration, all skills that are most readily developed through experiential and problem-based learning.
Experiential and problem-based learning can take many forms — "curriculum built on inquiry, project-based learning, internships, service-learning, and entrepreneurial innovation bring the relevance of academic content and simultaneously develop" the necessary skills for the workforce of tomorrow. The current emphasis to more broadly include the development of computer programming skills melds well with a project-based focus, whether developing apps, games, or websites, applying computer science to solve a real world problem is the key. Project-based learning is not limited to the digital world. Makerspaces enable students to create and solve physical world problems using the latest in prototyping and machining technology — 3D printers, CNCs, laser cutters, etc. The key is enabling students to meaningfully contribute to addressing real world problems in their communities.
One amazing example of community-relevant, problem-based learning is the Global Earthquake Forecasting System, which teamed NASA researchers with Alaska high school students in Ketchikan, Kodiak and Old Harbor — where earthquakes and tsunamis pose a significant risk. "Using new cutting edge sensing instruments, the students collect and analyze data used to detect early signals that occur prior to an actual earthquake event. Their findings are then reported to NASA project managers." For their earthquake forecasting work, the Kodiak high school team was awarded first place in 2015 NASA World Wind Europa Challenge, “an annual university-level competition that provides an opportunity for the world's 'best and brightest' to deliver sustainable solutions that serve local, regional, national or international interests.” Not only were they the first ever submission from a high-school team, but they won.
Disruption of Institutions and Curriculum Creation
Learning is no longer limited to the classroom and technology is enabling a fundamental shift of the role of the teacher – from that of "lecturer" to that of "coach." This new paradigm takes many forms and is often referred to as personalized learning, blended learning, or flipped classroom and all have a similar theme of turning the traditional education model inside out and putting the student at the center of an individualized experience.
This new paradigm allows variation, innovation, and “student input into (and even control of) the time, pace, path, and place of learning.” Only with advances in technology and widespread access to connectivity will this new paradigm be able to be implemented effectively, affordably, and equitably.
Ubiquitous connectivity, devices, and inexpensive computing and storage along with low-cost and easy to use tools are also enabling a decentralized approach to curriculum and content creation. Teachers are now able to easily create their own curriculum and content — free from the confines of the traditional text book. The tools for creating and integrating media rich content are readily available. Moreover, platforms, like “Teachers Pay Teachers” enable a market for teachers to exchange the lesson plans and other content they create with other teachers.
Transformative Experience - Immersive and Interactive Virtual Agents
Artificial intelligence (AI) and virtual agents also promise to transform the education experience, just as they will transform entertainment and work. AI and virtual agents will create a platform to preserve and provide history in an engaging format, never before possible. One example is the natural language AI created based on the holocaust survivor Pinchas Gutter. His story will now live on forever through an interactive hologram that can respond to questions about the holocaust and ensure this part of history is never lost.
The promise of AI goes well beyond just preserving history. It will facilitate an individualized and customized interactive experience that has the potential of providing just the right engagement at just the right time to ensure students can successfully achieve the desired education outcome – true personalized learning. AI will not only be able to react to the words we use, but will also be able to read and react to our emotions to facilitate a more comfortable and conducive environment for learning. Using facial and other non-verbal data, the virtual agent will be able to detect fear, frustration, and confusion, among other emotions, to better guide the student’s experience.
All of these trends will drive the network and service requirements necessary to serve the education market of tomorrow – a more decentralized, collaborative, and interactive environment. CableLabs and the cable industry continue to work to develop the technologies required to support a transforming education system — whether that is through increasing network capacity, improving performance, or enhancing network security, to name just a few of our efforts.