Today and for the foreseeable future, Wi-Fi is the technology most devices and applications use to connect to the internet. As technology advances, those devices and applications will require more data to deliver high-quality experiences for increasingly immersive, compute-intensive applications. To further support the emergence of high-fidelity video conferencing, cloud gaming, virtual reality (VR)/augmented reality (AR) and other immersive applications, widespread availability of 10 gigabit and 25 gigabit internet services is just over the horizon.

The real-time nature of these cutting-edge applications will require even faster and higher-performing Wi-Fi, with greater throughput, lower latency and better reliability. Also, because consumers primarily rely on Wi-Fi to connect to the internet — demonstrated by 10 times the amount of data going over Wi-Fi compared with mobile networks and the roughly 80 percent of data from mobile devices going over Wi-Fi — consumers now expect wall-to-wall Wi-Fi coverage in their homes, businesses and wherever they are (e.g., airports, coffee shops, civic centers). More unlicensed spectrum is key to ensuring that Wi-Fi performance keeps pace with consumer expectations and needs.

Identifying and allocating additional unlicensed spectrum for Wi-Fi is critical to ensuring the ready distribution of increasingly capable internet services throughout the home and enterprise. Such efforts will enable the increased performance of today’s and tomorrow’s critical applications in terms of coverage, throughput, latency and reliability, and will support new Wi-Fi features and functionality. In opening the 6 GHz band to Wi-Fi and other unlicensed use in 2020, the FCC took a necessary step toward enhancing the performance and capabilities of Wi-Fi and ensuring the future growth of broadband. However, opening 6 GHz isn’t a one-and-done solution. Additional unlicensed spectrum is needed to enable continued Wi-Fi performance enhancements to stay ahead of both the increasing performance of broadband networks and the growing performance requirements of devices and applications.

Background

Since its inception, Wi-Fi has been designed to use spectrum efficiently and to co-exist with other spectrum users. Wi-Fi uses a contention-based protocol and seeks to transmit data opportunistically in short bursts, when the frequency channel is available, enabling coexistence with other users. Moreover, Wi-Fi devices use a half-duplex access protocol (transmitting and receiving on the same channel) to further economize on available frequency channels.

In 1997, IEEE released the first 802.11 standard, which is the basis for Wi-Fi. From that humble beginning, we’ve seen the adoption of Wi-Fi explode. Today, there are more than 21 billion Wi-Fi devices in use globally. Initially, Wi-Fi used the 2.4 GHz band and provided a data rate of up to 2 Mbps. Over time, Wi-Fi devices began using the 5 GHz band and larger channel sizes to drive increased data rates. With Wi-Fi 6E and the incorporation of channel sizes up to 160 MHz, Wi-Fi devices can support data rates over 1 Gbps.

With the opening of the 6 GHz band (5.925–7.125 GHz), the FCC enabled for the first time 320-MHz Wi-Fi channels. Doing so required the FCC to craft an innovative three-part sharing framework to enable coexistence with the incumbent licensees:

• Low Power Indoor (LPI) requires the use of a contention-based protocol, permits only indoor access points (APs), restricts those APs to a power spectral density limit of 5 dBm/MHz and total power limit of 30 dBm EIRP on a 320-MHz channel, and is available across the entire 6 GHz band.
• Standard Power, enabled by Automated Frequency Coordination (AFC), allows outdoor access points and higher power, up to 36 dBm EIRP (or 23 dBm/MHz on 20 MHz channel), when under the control of an AFC system, and is only available in the UNII-5 (5.925–6.425 GHz) and UNII-7 (6.525–6.875 GHz) portions of the band.
• Very Low Power (VLP) requires the use of a contention-based protocol and enables indoor and outdoor operations at an even lower power limit of -5 dBm/MHz and is only available in the UNII-5 and UNII-7 portions of the band.

The Wi-Fi Alliance officially released Wi-Fi 7 on January 8, 2024. With the available 320 MHz channels in 6 GHz, Wi-Fi can now deliver speeds over 10 Gbps (using four MIMO streams), helping to ensure that Wi-Fi keeps pace with advances in internet service speeds and increasing application requirements.

Driving the Need for Additional Unlicensed Spectrum

U.S. and other governments must continue to allocate additional spectrum for unlicensed use not only to keep pace with the growing demand for Wi-Fi and other unlicensed technologies but also to remain ahead of the technology curve. Allocating additional unlicensed spectrum will fully enable and maximize the benefits of emerging applications and functionality, which will translate to an expected $5 trillion in annual global economic value by 2025. The drivers of necessary additional unlicensed spectrum are discussed below.

Increasingly capable broadband services and growing consumer demand for more connected devices, higher throughput, lower latency and increased reliability. History has made clear that total data usage and bandwidth requirements will only grow in coming years and most of that data will be carried over Wi-Fi, as noted above. This growth will be enabled by the ubiquitous availability of increasingly capable broadband services: 10 gigabit and beyond (e.g., DOCSIS 4.0, 10G-EPON, XGS-PON, 25G-PON). To this end, the U.S. government is investing well over $40 billion to deploy highly capable fiber-based networks. Data and bandwidth usage growth will also be driven by more connected devices and increased use of real-time and data-intensive applications such as new interactive VR/AR experiences. We’ve seen the average number of connected devices per home grow from 13 in 2021 to 17 in Q3 2023 — an increase of over 30 percent in less than two years and a trend we expect to continue. We also continue to see average fixed broadband residential data usage increase — currently, on average, over 640 GB per month. Moreover, the COVID-19 pandemic accelerated the adoption and use of video conferencing and other cloud-based tools. As the FCC has explained, “video conferencing has grown from a niche product to a central pillar of our communications infrastructure.” Because consumers no longer connect devices using an ethernet cable, but rather rely on Wi-Fi to connect to the internet, the government must also continue to make additional unlicensed spectrum available to ensure the government’s investment in broadband deployment actually reaches end-devices and enables the critical applications of today and tomorrow.

Supporting new features and functionality of Wi-Fi 7 and beyond. Additional unlicensed spectrum is also needed to make room for the coming features and functionality of Wi-Fi 7 and beyond. The release of Wi-Fi 7 introduced new features and functionality; of note, Wi-Fi 7 now includes support for 320 MHz channels and Multi-Link Operation (MLO). Both features enable higher throughput and lower latency through the use of wider channels and multiple channels — features not available in prior generations of Wi-Fi. Moreover, IEEE is already working on 802.11bn, the standard that will underpin Wi-Fi 8. The emerging focus is on Ultra High Reliability (UHR) where additional spectrum becomes even more critical to meet performance goals in light of potential channel contention from high-density client environments, adjacent Wi-Fi networks or other unlicensed use.

The technical limitations enabling the 6 GHz innovative sharing framework. The FCC’s innovative unlicensed sharing framework in 6 GHz is a huge success, protecting mission-critical incumbents and allowing for expanded Wi-Fi use at the same time. Moreover, this sharing framework eliminated the need to relocate incumbents, enabling the rapid realization of the benefits of this additional unlicensed spectrum to consumers and enterprise users alike.

To ensure safe coexistence, the FCC established a detailed unlicensed spectrum sharing framework, including Low Power Indoor-only (LPI) restrictions across the band and more recently Very Low Power (VLP) restrictions and database-controlled (by an AFC database) standard-power capabilities available in certain parts of the band, as detailed above. To accommodate these restrictions, Wi-Fi requires more bandwidth to deliver high speeds and employs more spectrum-intensive techniques, such as mesh networking, to achieve the needed coverage. For example, mesh networking requires additional overhead to backhaul and coordinate the mesh traffic, reducing the overall data-carrying capacity of the available channels. One approach to avoid mesh networking is to use a higher-power channel. However, under the current FCC rules, Wi-Fi can access, at most, only one standard-power 320 MHz wide channel through an AFC system.

Between the power limits and other regulatory restrictions placed on LPI and VLP operations and the limited availability of standard power channels under an AFC, the 1,200 MHz available for unlicensed use in the 6 GHz band is unable to provide the needed coverage, throughput, capacity and latency performance that will be expected and required by consumers and enterprise users in the near future. Additional unlicensed spectrum will allow consumers and enterprise users to more fully benefit from Wi-Fi 7’s new features, enabling better user experiences.

It’s Up to Government

Taking all these drivers into account and considering the value that unlicensed spectrum will continue to deliver to global economies, the United States and other governments around the world should waste no time identifying meaningful additional unlicensed spectrum, particularly given that any additional unlicensed spectrum will likely have similar regulatory technical limits as 6 GHz unlicensed use.

Today, CableLabs® has publicly released a set of best common practices (BCP) to enhance the security of cable modems, integrated access points, and home routers (collectively, known as “gateway devices”) against malicious activity and other cyber threats. This work builds on and extends CableLabs’ and the cable industry’s longstanding leadership in cybersecurity to ensure a consistent and robust baseline for gateway device security, increased economies of scale, and an ontology for simplified communication and procurement between network operators and device manufacturers.

The BCP Working Group is comprised of security technologists from CableLabs, network operators from around the world, and gateway device manufactures, including representatives from CableOne, Charter, Cisco, Cogeco, Comcast, Commscope, Cox, Liberty Global, MaxLinear, MediaCom, Shaw and Technicolor. In developing the BCP, the Working Group drew heavily upon well-established and widely accepted security controls, recognized broadly by industry and government security experts.

The cable industry has long employed extensive network security practices to ensure the confidentiality, integrity and availability of broadband services, including gateway devices. The BCP expands and standardizes these network security practices for gateway devices and complements cable operators’ broader set of security practices. For instance, DOCSIS® Security testing is performed on all gateway devices to ensure DOCSIS protocol conformance, including the verification of the correct implementation of public key infrastructure (PKI) authentication and identity management, BPI+ encryption, and EAE (Early Authentication and Encryption) secure provisioning requirements.

The BCP document goes beyond DOCSIS Security requirements and provides a framework for the full range of security considerations applicable to gateway devices, including hardware and manufacturing considerations, default security settings, configuration procedures, secure boot, roots of trust, software/firmware development and verification, encryption requirements for both data in transit and data at rest, and physical security, among others. To further ensure the robustness of the BCP, the working group compared and mapped the BCP to NIST’s general guidance for connected devices used by the federal government, to help confirm the scope was fully comprehensive of applicable security considerations.

The BCP represents the industry coalescing around a common set of security baseline requirements that furthers the following critical goals:

1. Provide a common framework for security elements and controls within gateway devices, including cable modems, integrated Wi-Fi access points, and home routers, to align the varied approaches to device security across the industry.
2. Create a community of manufacturers and network operators collaborating to enhance gateway device security.
3. Leverage well-established and well-vetted security controls and practices to minimize the risk of unknowingly introduced vulnerabilities or other security weaknesses.
4. Harmonize security requirements across network operators to drive increased economies of scale, lowering the cost of broadband deployment.
5. Further protect network resources and broadband service from malicious attacks.
6. Provide a framework for network operator assurance that enables verification of testable practices and configurations.
7. Enable alignment across standards, regulatory, and compliance regimes through a transparent and open set of best common practices.
8. Establish a security framework for gateway devices that builds in flexibility and agility, so that manufacturers and network operators can address and adapt to new threats and changes in the cyber risk landscape.

While this initial release is an important achievement, one that strives to be comprehensive in terms of security posture for gateway devices, we all recognize that this field is constantly evolving and advancing. We see the BCP as a framework that must and will be updated and maintained as network technology, device security, and unfortunately, adversary techniques continue to evolve. To that end, we invite and welcome additional gateway and modem manufacturers as well as additional network operators to join the working group as we continue to progress this effort.

On October 13, 2021, at 3:00 pm ET, we invite you to join our virtual panel session at SCTE Cable-Tec Expo to discuss and further explore Gateway Device Security and our work to develop the BCP.

Starting in mid-March, the world experienced a sudden surge in internet usage driven by the widespread COVID-19 stay-at-home orders that caused many of us to switch to working and studying at home in a matter of days. Cable broadband networks not only withstood this sudden surge in internet usage; they excelled. For example, for the week of June 27–July 4, 99.9 percent of U.S. cable broadband users saw no material impact on customer experience. Looking to the future, cable networks are also well-positioned to remain ahead of sustained increases in consumer demand. Although internet usage appears to have plateaued recently, CableLabs and the broader cable industry continue to develop further network advancements to ensure that internet performance stays well ahead of even the most demanding home users’ needs for years to come.

Internet Usage During COVID-19 and Cable Broadband Services 

Network monitoring provider OpenVault reveals just how much home internet usage jumped over the past few months:

• In the United States, average daily downstream consumption from 9 a.m. to 5 p.m. in the first week of April totaled about 6.35 GB per household, up 42 percent from 4.46 GB in January. Upstream average usage during business hours rose to 0.39 GB, up 83 percent compared with 0.22 GB in January.
• Worldwide, looking at a sample of 500 fixed, mobile and Wi-Fi network providers, networking equipment provider Sandvine found that overall traffic increased 40 percent between February 1 and April 19. It also found that upstream traffic rose 121 percent during this period.

Even considering these dramatic increases, home internet use remains heavily asymmetrical. The amount of data transmitted to the home (downstream) vastly outweighs the amount of data transmitted from the home (upstream). This is driven by the continued use of video streaming services (e.g., Netflix, YouTube) that require substantial amounts of data to be transmitted to the home to enable the user to view a movie, TV show or other video. These applications require very little data transmitted from the home.

Two-way video collaboration tools (e.g., Zoom, Microsoft Teams) do require more data to be transmitted from the home (upstream) in comparison with video streaming services due to two-way audio and video functionality. Even with the increased use of these collaboration tools, upstream data transmissions remain well below a tenth of total data transmitted over home internet connections.

The predominance of downstream use is further confirmed in the detailed examination of broadband use from a top-tier North American cable broadband operator, as set forth in Figures 1 and 2 below. Over the past 8 years, the proportion of downstream traffic has increased and plateaued at roughly 92–94 percent of total traffic at peak. Looking more closely at the most recent 5 months illustrates the rapid increase in internet use due to COVID-19. Even with upstream increasing at a faster rate than downstream, upstream use at peak maxed out at only 9 percent of total traffic, as illustrated in Figure 2. Additional metrics, trends and observations on cable internet usage can be found on NCTA’s COVID-19 Dashboard.

Figure 1: 2012 through June 2020, Average Downstream and Upstream Peak Use (kbps and %) per Subscriber from a Top-Tier North American Cable Broadband Operator

Figure 2: Mid-February 2020 through June 2020, Average Downstream and Upstream Peak Use (kbps and %) per Subscriber from a Top-Tier North American Cable Broadband Operator

Cable Broadband’s Outlook Is Healthy

The asymmetric design of cable’s internet service tiers accurately matches how consumers have been using the internet, even with the increased use during stay-at-home orders. This is important both to ensure a high-quality user experience and to efficiently allocate available network capacity. Cable operators continually monitor their networks and engineer them to accommodate significant fluctuations. There are indications that these increased levels of usage will be foundational as new use cases emerge and as a significant segment of the population continues to work and learn from home. For example, many companies have found that their remote workers maintained or even improved productivity—so much so that they may make the arrangement permanent.

Cable network technology, more formally known as Data Over Cable Service Interface Specification (DOCSIS®), has the flexibility and performance capabilities to handle further increases in consumer demand in both downstream and upstream data transmissions. With DOCSIS 3.1 technology, the current widely deployed version of cable network technology, cable operators are making gigabit services broadly available. For example, cable gigabit services are now available to 80 percent of U.S. housing units.

And there are more performance enhancements on the horizon with the recently released DOCSIS 4.0 specification, which will readily enable multi-gigabit internet services. In addition, the 10G platform provides increased reliability, enhanced security and reduced latency.

Taking a peek into the future, cable broadband networks have not only excelled in the initial surge in internet usage caused by the COVID-19 pandemic, but they will be ready for the potential long-term changes in consumer behavior that will drive increased internet usage. To learn more about the technologies that power cable’s broadband internet services today and into the future, click the button below.

CableLabs engages with the IoT industry and the broader stakeholder community, including governments, to help drive increased IoT device security.  The rapid proliferation of IoT devices has the potential to transform and enrich our lives and to drive significant productivity gains in the broader economy. However, the lack of sufficient security in a meaningful number of these newly connected devices creates significant risk to consumers and to the basic functionality of the Internet. Insecure IoT devices often serve as building blocks for botnets and other distributed threats that in turn perform DDoS attacks, steal personal and sensitive data, send spam, propagate ransomware, and more generally, provide the attacker access to the compromised devices and their connections.   

To help address the challenge of insecure IoT, CableLabs along with 19 other industry organizations came together to develop “The C2 Consensus on IoT Device Security Baseline Capabilities” released earlier this week.  The broad industry consensus identifies cybersecurity baseline capabilities that all new IoT devices should have, as well additional capabilities that should be phased in over time.  The development kicked off in March with a workshop hosted by the Consumer Technology Association (CTA). Over the past months, the group has coalesced around the identified cybersecurity capabilities.  These include capabilities in the areas of device identity, secured access, data protection and patchability, among others.   

CableLabs has also engaged with the National Institute of Standards and Technology (NIST) as it develops its recently released draft report, “Core Cybersecurity Feature Baseline for Securable IoT Devices: A Starting Point for IoT Device Manufacturers.” Both industry and governments largely agree on the capabilities that must be included to increase device security. Like the C2 Consensus, NIST focuses on foundational cybersecurity capabilities, including device identity, secure access, patchability of firmware and software, protection of device configuration and device data, and cybersecurity event logging.    

The cybersecurity capabilities identified in the C2 Consensus and NIST will help prevent and minimize the potential for exploitation of IoT devices.  Both documents provide a strong foundation and help point IoT manufacturers in the right direction on how to increase device security. However, cybersecurity is an ongoing journey, not a destination. Security practices must evolve and continue to improve to address new and emerging threats and changes in technology. This foundation must continue to be built on overtime.   

CableLabs has long been a leader in the development of security technologies. For decades, CableLabs has helped guide the cable industry in incorporating many of the identified security capabilities into cable devices and has ensured the maintenance and advancement of these capabilities over time. For instance, since the first DOCSIS specification in 1997, CableLabs has helped ensure the protection of data: All traffic flows between each cable modem and the CMTS are encrypted to protect the confidentiality and integrity of those transmissions. This is not a once-and-done process; CableLabs has and must continue to advance the cryptography used in cable devices to protect against new and more powerful brute force attacks and other potential threats. Similarly, nearly 20 years ago, CableLabs adopted PKI-based digital certificates to support strong device identity and authentication for devices connecting directly to the cable network (e.g., cable modems, Internet gateways, set-top boxes). Since the initial implementation, CableLabs has continued to advance its PKI implementation to address new and emerging threats.   

 CableLabs has leveraged its experience and success in developing and implementing cybersecurity technologies in cable devices to help drive increased security in IoT devices.  The underlying fundamentals, as well as many of the approaches to implementing, are transferable to IoT, as detailed in our white paper, “A Vision for Secure IoT”. We’ve not only engaged with the C2 Consensus and NIST’s IoT security efforts, but also in industry specification organizations, specifically the Open Connectivity Foundation (OCF)—to develop secure interoperability for IoT devices. OCF has implemented nearly all of the identified capabilities in its specification, tests for the capabilities in its certification regime, and provides the capabilities, free of charge, in its open source reference implementation – IoTivity.         

 Since publishing “A Vision for Secure IoT” in the summer of 2017, industry and the broader stakeholder community, including governments, recognize and have begun to address the challenge of insecure IoT.

Many of today’s most popular consumer products and services are powered by the exponential growth in the generation, collection and use of personal data, enabled by ever-increasing broadband capacity, processing power and storage. These products and services provide consumers with unparalleled personalization, efficiency and convenience. However, the technologies and practices surrounding personal data also create new dimensions of risk to individuals, institutions and society alike.

In response, governments both in the United States and around the world are under increasing pressure to develop new legislation and regulatory models to address these growing concerns. In the past year alone, we have seen the implementation of the European Union’s sweeping General Data Protection Regulation (GDPR), the passing of the California Consumer Privacy Act, and multiple hearings in the U.S. Congress stemming from numerous data breaches and other scandals involving the potential misuse of consumers’ personal data. Here at CableLabs, we recognize the interplay and potential impact of emerging privacy regulations on the direction of next-generation Internet applications.

In that spirit, CableLabs sponsored “Data Is King” – U.S. Privacy Developments and Implications for Global Markets and Technology Development, a recent event co-hosted by the Federal Communications Bar Association (FCBA) Rocky Mountain Chapter and the IAPP Denver/Boulder KnowledgeNet Chapter. The event gathered luminaries from across the policy and technology spectrum to explore trends and recent developments in privacy law and regulation, as well as the potential impact that these policies will have on the products and services of tomorrow.

The event was kicked off by Martin Katz (Chief Innovation Officer and Senior Advisor for Academic Innovation and Design at the University of Denver and the Executive Director at Project X-ITE). Katz discussed the existing gaps and fragmentation in today’s U.S. privacy regime and highlighted the drawbacks of the EU’s approach to comprehensive personal data protection legislation (GDPR). In Katz’s view, such an approach creates a significant and costly compliance regime that can stifle new startups and small businesses, and more generally, innovative new products and services. He emphasized that any comprehensive U.S. federal regime should recognize and seek to minimize compliance costs and ensure room for innovation while protecting consumer choice, trust and accountability.

Tracy L. Lechner (Attorney and Founder at the Law Offices of Tracy L. Lechner) moderated the first panel session, focused on trends and recent developments in privacy regulations domestically and internationally, with the following panelists: Beth Magnuson (Senior Legal Editor of Privacy and Data Security at Thomson Reuters Practical Law); Dale Skivington (Compliance and Privacy Consultant, Adjunct Professor at the University of Colorado, and Former Chief Privacy Officer at Dell); Erik Jones (Partner at Wilkinson, Barker, Knauer); and Scott Cunningham (Owner at Cunningham Tech Consulting and Founder of IAB Tech Lab).

The panelists agreed that the general position of industry has evolved from a preference for best practices with agency oversight to a recognized need for U.S. federal legislation. This shift has been spurred by a desire for a common compliance framework in light of developing differences in state laws and diverging international privacy regimes. The panelists emphasized that changing privacy regulatory requirements has forced organizations to make frequent and costly IT overhauls to ensure compliance that arguably create little to no value for consumers. For instance, GDPR’s expansive definition of “personal data” created a herculean project for large organizations to take the foundational step of identifying and classifying all the potentially covered data. The panelists agreed that state attorneys general could have a valuable and thoughtful role in enforcement, but they also believe that specific requirements should be standardized at the federal level and be based on an outcome- or risk-based approach, unlike GDPR’s highly prescriptive approach.

Mark Walker (Director of Technology Policy at CableLabs) led a second-panel discussion, focused on the interplay of privacy regulation and technology development. The panel featured Walter Knapp (CEO at Sovrn), Scott Cunningham and Danny Yuxing Huang (Postdoctoral Research Fellow at the Center for Information Technology Policy at Princeton University). Walker framed the panel discussion in historic terms, highlighting the privacy concerns generated through the widespread availability of the portable camera in the late 1800s, through the emergence of electronic eavesdropping capabilities in the 1960s and, more recently, through the broad adoption of RFID technology. For each of these examples, public concern drove legal and regulatory changes, but more fundamentally, the privacy “panic” subsided for each technology as society became more familiar and comfortable with each technology’s balance of benefits and drawbacks.

Through that lens, the panelists examined GDPR and highlighted the high associated compliance costs, from both a technical implementation and revenue perspective. Faced with these costs, many smaller publishers are choosing to cut off access to their content from covered geographies rather than trying to comply. In comparison, large Internet firms have the resources to ensure compliance even in a costly and highly fragmented regulatory environment. Until recently, the Internet has largely matured without defined geographic borders and has nearly eliminated global distribution costs for smaller publishers. However, this trend may be reversed in the face of an emerging fragmented and highly regulated environment, reducing the viability of smaller publishers and driving unintended market concentration.

Turning to emerging technologies, Huang described his research into the security and privacy implications of consumer Internet of Things (IoT). He provided an overview of a newly released research tool, Princeton IoT Inspector, that consumers can easily use to gain detailed insights into the network behaviors of their smart home IoT devices. Through this tool, consumers can gain a better understanding of how IoT devices share their personal information. He illustrated how IoT Inspector was able to identify the numerous ad networks and other domains a streaming video device communicated with while streaming a single television program; surprisingly, the streaming device communicated with more than 15 separate domains during that single streaming program.

The event closed with Phil Weiser, Colorado’s Attorney General, providing keynote remarks that outlined the current state of legislative efforts, explained potential approaches that address key privacy challenges and highlighted the role of state attorneys general in developing regulatory approaches and enforcing them. Attorney General Weiser recognized that although curbing a patchwork of state laws in favor of a single federal one would be the ideal outcome, it is unlikely to happen in a reasonable timeframe, saying:

A first best solution would be a comprehensive federal law that protected consumer privacy. Such a law, like the Dodd-Frank law, should authorize State AGs to protect consumers. When Congress starts working on such a law, I will be eager and willing to support such an effort. After all, differing laws and reporting requirements designed to protect privacy creates a range of challenges for companies and those working to comply with different—and not necessarily consistent—laws.

In today’s second-best world, I believe that States have an obligation to move forward. We should do so with a recognition that we need to collaborate with one another and develop approaches that recognize the challenges around compliance. We can use your help and engagement and we work towards just this end.

As CableLabs continues to focus on developing new and innovative network technologies, we must continue to ensure that we have a sound understanding of the rapidly evolving privacy landscape, both here and abroad. But, just as importantly, policymakers should have a sound understanding of how the various regulatory approaches may impact current and developing technologies. Events like this help bridge those gaps in understanding.

CableLabs participates in more than 30 unique standards organizations, industry consortia, and open source efforts. 

CableLabs is focused on developing innovative technologies, not only in the performance of cable’s hybrid fiber coax (HFC) networks, but also in many areas that extend beyond the traditional cable network, including wireless (both licensed and unlicensed), cybersecurity, network function virtualization (NFV), optical technologies for access networks, and the application of artificial intelligence (AI) and machine learning to network management and orchestration. To be successful, CableLabs recognizes that, in these areas beyond traditional cable technology, it must engage and work with the broader technology community to drive advancements. This effort is visible through CableLabs’ deep commitment to leading and contributing to standards organizations, industry consortia, and open source efforts in these broader areas.  

Developing standards and industry specifications are at the core of CableLabs, which has been in the specification and standardization business since its inception over 30 years ago. In 1997, CableLabs released the initial version of the Data Over Cable Service Interface Specification (DOCSIS), the technology that enables broadband service to be provided over an HFC network. Standardization of the cable interface specification allowed the cable network operators to work at scale with the network equipment manufacturers to build the interoperable technology needed for cable to meet the exploding demand for broadband Internet access.

Ever since, CableLabs, along with its members and the vendor community, has continued to advance DOCSIS technology. Cable operators today have largely moved to DOCSIS 3.1 technology, enabling the availability of gigabit-speed broadband across nearly the entire cable footprint in the US, and driving towards a “10G” network capability. As cable has broadened its focus, CableLabs has responded by broadening its standards efforts and industry engagement.

Improving Wi-Fi and Enabling 5G through Wireless Standards Engagement

CableLabs contributes significantly to almost a dozen different standards organizations to improve wireless connectivity through standardization related mechanisms. Our work is not restricted to improvements in the traditionally separate spheres of in-home and mobile wireless and includes work toward a seamless network convergence for the future. Along those lines, CableLabs is engaged in the O-RAN Alliance, where we are leading an effort to establish an open virtualized RAN (“radio access network”) fronthaul specification which will allow for low-cost small cells with DOCSIS network backhaul.

At 3GPP, CableLabs is driving the Wireless-Wireline Convergence (WWC) effort to make the operation, management, and traversal of 5G wireless networks and 10G DOCSIS networks more seamless. CableLabs is also working to bring consumers a faster and safer in-home network experience through a next-generation adaptive security platform, CableLabs ® Micronets, which enables enterprise-level smart security at home. Beyond making home networks safer, we’re working to make them more powerful; exhibited by our role in achieving recent milestones with carrier-grade Wi-Fi certification through the Wi-Fi Alliance’s Vantage^TM and launch of the new EasyMesh^TM certification program.

Driving Increased Performance of Optical Technologies in the Access Network through Broad Industry Collaboration

As cable drives its fiber infrastructure deeper into the HFC network, CableLabs has developed new technology for use of fiber in the access portion of the network and has promoted standardization of such technology. We are involved at several global standards development bodies—including IEEE, ESTI, O-RAN, and SCTE where we work to level-up all aspects of the fiber network. These efforts combine our internal specification development— work (such as Coherent Optics specifications) with broad industry collaboration in order to deliver dramatic improvements to the access network across all areas. This means that while working toward ever faster speeds through developing the next generations of PON protocols, the whole network ecosystem needs to be addressed, which includes innovation in network operations with projects such as Proactive Network Maintenance (PNM).

Building a Common, Secure, Foundation for IoT Devices of the Future

CableLabs envisions a future empowered by technologies that improve our lives—a future where augmented reality (AR)/ virtual reality (VR) head-mounted displays, video walls, AI-enabled media, ubiquitous Internet of Things (IoT) devices, light field holodecks and displays (as seen in our latest Near Future video) are just the beginning. However, in order for AR/VR devices to be populated with high-quality content, for video walls to connect seamlessly, or for our IoT devices to assist us securely, we will first need high-quality, secure, industry-driven standards on which the technology and applications can be built. This belief has led to our involvement in the Open Connectivity Foundation (OCF), an industry effort to develop a secure interoperability specification for IoT.

Catalyzing the Future of Immersive Media Experiences

Recognizing the importance of building consensus throughout the ecosystem, even beyond the broadband network, CableLabs is significantly involved in and contributing technical expertise toward a number of emerging technology areas, including significant projects in video, VR/AR, and immersive media. Essential to the actual adoption of standards, we recently played a founding role in establishing Media Coding Industry Forum (MC-IF) to address patent licensing of future MPEG codecs. In addition, we announced a new collaboration called IDEA (Immersive Digital Experiences Alliance) to establish and promote end-to-end delivery of immersive content, including light fields, over broadband networks.

To learn more about our work in standards, open source, and industry consortia please see our members-only (login required) Standards Strategy Update (April 2019) on current engagements.

Cable gigabit service availability continues to expand – as of June 2018, 63% of U.S. housing units – 74% of the cable broadband footprint – had gigabit service or better available from their local cable operator. This is up seven percentage points in just three months and has expanded by 16X in 18 months. Cable is making the gigabit Internet dream a reality. Coincident with this update of the cable industry’s gigabit deployment data, we are also releasing a new installment in our Inform[ED] Insights series that explains the technology that enables these gigabit networks.

Cable’s deployment of high-capacity broadband networks is enabling the gigabit services of today and the symmetric multi-gigabit services of tomorrow. With the wide availability of gigabit service and beyond, the broadband infrastructure is in place to power emerging technologies that will transform and enhance our lives through immersive entertainment, next-generation healthcare and a reimagination of education and work.

CableLabs and the cable industry are continuing to advance the capacity and performance in each segment of the cable broadband network to remain well-ahead of consumer demand. We are focused on developing innovative network technologies in the areas of coax (e.g., DOCSIS 3.1 and full duplex DOCSIS), fiber (e.g., coherent optics in the access network), and wireless (e.g., Wi-Fi and 5G), as well as defining optimal network architectures to provide the necessary capacity and performance in each segment of the network for today’s gigabit services and those anticipated in the future.

Ready to see how the cable industry is driving gigabit speeds from the lab to the consumer? Click on the link below to download our new Inform[ED] Insights white paper.

“Gigabit” is the Internet dream. It means connectivity at blazing-fast speeds, with enough bandwidth for any device imaginable, where the online world is your oyster. Cable is rapidly making this dream a reality by making gigabit Internet service available to consumers.

Looking back just a couple of years, the prospect of widely available gigabit service was unimaginable. As of December 2016, only 4% of US housing units had cable gigabit available. In just fifteen months, cable operators in the US have increased that number by 14X. CableLabs regularly surveys our members, and we know that as of March 2018, 56% of US housing units – 66% of the cable broadband footprint – had gigabit service or better available from their local cable operator. That number is poised to climb higher as DOCSIS 3.1 technology is deployed across cable networks.

But, This is Only the Beginning of the Story

CableLabs and the cable industry are investing in further network innovations to enable broadband technology to stay well ahead of customer demand for years to come.

Over the past 35 years, available consumer Internet speeds have followed what is known as Nielsen’s Law, increasing at roughly a 50% compound annual growth rate. Gigabit service is just the latest step in the history of ever-increasing speeds. If past is prologue, we can expect to see the availability of 10-gigabit service offerings around 2024, enabling experiences that are difficult to imagine today.

Pushing the Gigabit Internet Envelope

The cable industry is preparing for our ever-faster future. We’re examining each segment of the network and developing new technologies to advance the performance of cable networks. The main elements of our work to drive further capacity and performance are:

• DOCSIS: CableLabs is currently working to commercialize the next generation of DOCSIS technology. Full Duplex DOCSIS 3.1 will enable cable operators to provide symmetric gigabit service to customers – eliminating the upstream constraint and fully unleashing the power of cable.
• Fiber: To ensure sufficient capacity in the fiber portion of the cable network, CableLabs has focused on adapting coherent optics. Coherent optic technologies have the potential to increase the per-strand capacity in cable networks by orders of magnitude over currently available digital optics technologies. This is an essential element in cable’s fiber-rich networks to deliver greater performance for consumers.
• Wireless: We all experience our broadband service through our Wi-Fi connection. So, our ability to take full advantage of cable network advancements depends on the performance of that Wi-Fi connection. To ensure the reliability and improve the overall performance of Wi-Fi, CableLabs has developed protocols for Wi-Fi proactive network maintenance (Wi-Fi PNM) to quickly solve connectivity problems, advanced global standards for Wi-Fi to usher in next-generation technologies, and increased wireless bandwidth through spectrum policy engagement.

The continued innovations of CableLabs and the cable industry have enabled cable operators to provide broadband service that is well ahead of consumer demand. Cable networks are high-capacity, efficient, and future-ready to meet ever-increasing consumer demand for broadband performance.

For more information on how the cable industry is driving gigabit speeds from the lab to the consumer, please click below. 

Security provides the fundamental trust that enables the growth of broadband, and as the number of connected devices grows rapidly, all actors must make it a priority. The cable industry’s security expertise and investment positions it to play a constructive role in this rapidly evolving, global challenge. Here at CableLabs, we continue to focus on cybersecurity in our innovation and R&D work, and we recognize the interdependence of public policy and technology developments in this area.

In that spirit, we recently hosted an event at our facilities in Colorado entitled Cyber Risks in an IoT World, which was co-presented by the Rocky Mountain Chapter of the Federal Communications Bar Association (FCBA) and Silicon Flatirons. Our primary goal was to shine a spotlight on key elements of federal cybersecurity policy and the evolving risk faced by enterprises in light of the rapid proliferation of Internet of Things (IoT) devices. The event featured Evelyn Remaley, Deputy Associate Administrator at the Office of Policy Analysis and Development of the National Telecommunications and Information Administration, U.S. Department of Commerce, among other notable speakers and attracted over 60 attendees from the local and regional technology policy and legal communities.

CableLabs’ Rob Alderfer kicked off the event by laying out the broader context, including the trends that are driving increased risk to consumers and the basic functionality of the Internet.  With the constant barrage of new cyber incidents, often driven by IoT devices vulnerable to exploitation, governments at all levels are taking notice and grappling with the rapidly evolving threat. Cybersecurity is no longer the domain of the IT department, but rather a key area of governance for all enterprises. You can read more about our vision for improving IoT cybersecurity here.

Clete Johnson (Wilkinson Barker Knauer, LLP) provided a primer on federal cybersecurity policy that cast the Internet and enterprise networks as the battlefields, espionage platforms, and crime scenes of the 21^st century. The current regulatory landscape can be subdivided into several broad areas: the threat environment, the policy environment, government activities, and the developing policy consensus across government and industry. The threat environment is characterized by the increasing number of more and more severe attacks. These attacks originate from both non-state actors (organized crime groups, proxies for nation-states, hacktivists, and, potentially, terrorists) as well as state actors (Tier I intelligence services and their allies and partners). However, the line between non-state and state actors often blurs and these groups often overlap. Johnson also detailed the developing policy consensus that centers around dynamic, flexible risk management; a shared responsibility across all stakeholders; mutually beneficial public-private partnerships; and a move beyond the “punish the victim” enforcement. This developing consensus is largely embodied in the Cybersecurity Executive Order and its implementation.

Evelyn Remaley (NTIA) delivered the keynote presentation on the Cybersecurity Executive Order, the developing Botnet Report required by the Order, and, more broadly, the NTIA’s work in cybersecurity through the multi-stakeholder process. Remaley emphasized that NTIA recognizes the complexity of the ecosystem and sees it as a multi-textured and evolving global system that requires an agile, inclusive cyber policy approach. Two truths underlay that perspective:

1. To protect innovation, there must be stakeholder-driven policy outcomes that are flexible enough to adapt quickly to changes in technology
2. No single industry sector or the government will be able to solve the challenges facing the Internet ecosystem, because while the Internet is largely managed by the private sector, governments, civil society, and individuals all have key roles. Successfully addressing cyber threats requires collaborative efforts from across the Internet ecosystem. The ongoing effort to produce the Botnet Report is an example of this collaborative approach in action.

Panel Discussion with Evelyn Remaley

The panel discussion following Remaley’s presentation tackled both baseline questions around the incentives at play in the current IoT ecosystem and the upcoming Botnet Report’s role in addressing the risk of distributed threats, as well as practical questions about where the policy development process goes after the final report is released. Mark Walker moderated the panel discussion between Evelyn Remaley (NTIA), Michael Bergman (Consumer Technology Association), and Tracy L. Lechner (Brownstein Hyatt Farber Schreck, LLP). The panelists discussed the incentives misalignment that keeps a significant number of IoT providers from investing in better device security, including the perception that consumers do not place a significant value on security and that increased security comes at a significant cost (time and/or money). They also discussed the availability of effective security controls and the various industry efforts to drive increased adoption of those controls.

Panel Discussion on Risk Landscape for Enterprises

The final session entitled The Risk Landscape for Enterprises: Attacks, Recovery, Liability, and Compliance covered the cybersecurity threat landscape from the enterprise perspective. This panel was moderated by Blake Reid (University of Colorado Law School; Silicon Flatirons) who lead the discussion with Paul Diamond (CenturyLink), John Diana (LogRhythm, Inc.), Ryan Howe (Webroot, Inc.), and Deborah Shinbein Howitt (Lewis, Bess, Williams & Weese, P.C.). The discussion focused on the challenges enterprises of all sizes face when tackling the rapidly changing cybersecurity risk landscape, including limitations on resources and talent, as well as the task of understanding and complying with the numerous legal obligations coming onto the scene. Much like developing a cybersecurity program, building up the required legal policies begins with identifying the most critical data a business handles (e.g., healthcare information, social security numbers, credit card information) and then creating incident response plans that meet the most stringent obligations in those areas first. The NIST Cybersecurity Framework was highlighted as providing an enterprise with a structured approach to assessing cybersecurity risks and developing a robust cybersecurity program that matches its unique needs.

As CableLabs continues to focus on developing new and innovative security technologies, we must continue to ensure we have a sound understanding of the rapidly evolving cybersecurity policy landscape, both here and abroad. But, just as importantly, policymakers should have a sound understanding of current and developing technologies. Events like this help bridge those gaps in understanding.

The cable industry does more than just provide internet connectivity for millions of customers: it also plays an active role in driving security in the broader internet ecosystem. Cable operators have a long history of successfully defending against attackers seeking to steal service, customer data and video content. The cable industry has been protecting the delivery of high-value video content for over 30 years through technology that has never been breached in a successful, scalable manner. Moreover, the industry has been setting fundamental broadband security features through cable internet access standards for over 20 years to ensure the confidentiality, integrity and availability of cable broadband services globally. As the details and motivations of attacks continue to evolve, so does the security incorporated by cable operators.

Of particular focus for CableLabs is the urgent need to address the risks associated with insecure internet-connected devices (“Internet of Things” or “IoT”). IoT represents the next major axis of growth for the internet. But, without a significant change in how IoT providers approach security, the explosion of connected devices increases the risk to consumers and to the basic functionality of the internet. The consensus forecast has the number of devices connected to the internet doubling (or more) between 2016 and 2020. To the extent these devices do not contain sufficient security, the number of potential attack vectors will multiply rapidly as IoT proliferates.

A Comprehensive Approach to Addressing Insecure IoT

A combination of mitigation and prevention is necessary to fully address the current and emerging threats posed by insecure IoT. The cable industry recognizes that addressing these security risks (e.g., botnets) is a shared responsibility across the entire internet ecosystem. To this end, cable operators have invested substantially in developing and deploying measures to reduce the risks associated with insecure IoT, including DDoS and other botnet attacks, with a primary focus on protecting networks to ensure the availability of broadband service.

Mitigation

Cable industry efforts to improve measures that seek to mitigate attacks against their networks and their customers include both individual and collaborative measures:

• The development and advancement of compromised-device detection and identification systems
• Customer notification and remediation programs
• Distributed denial of service (DDoS) monitoring and mitigation systems
• IP-address spoofing prevention technologies and cybersecurity information sharing systems

In addition to maintaining and expanding these existing techniques, CableLabs and cable operators are also working on next-generation networking technologies to help reduce these risks.

Prevention

Although Internet Service Providers (ISPs), including cable operators, have been working on mitigating the effects of compromised and insecure devices for more than 15 years, these efforts ultimately only address the symptoms and not the root cause of the problem. The challenge of this task has already begun to outpace current and anticipated techniques. Unfortunately, IoT providers have not generally incorporated the needed security measures or committed to maintaining the security of their IoT devices. To fully address the risks posed by insecure IoT devices, IoT providers must drive increased security into future connected devices. Preventing compromised devices must be a substantial part of the industry’s shared responsibility in addressing the risks posed by insecure IoT to consumers and the internet.

Increasing IoT Security through an Industry-Led, Standards-Based Approach

Industry-led standards represent the most promising approach to increase IoT security. Given the global and constantly evolving nature of threats, the industry must utilize its expertise with a goal to develop, adopt and enforce fundamental IoT security measures. To achieve the needed level of security, an IoT security standard must address:

1. Device identity
2. Authentication, authorization, and accountability (onboarding)
3. Confidentiality
4. Integrity
5. Availability
6. Lifecycle management
7. Future (upgradable) security

A robust technical standard is necessary, but not sufficient. To establish value and credibility in the marketplace, an open and balanced development organization must be established to ensure due process and consensus, drive widespread adoption of the standard, address the intellectual property rights of participants and ensure conformity through strong certification testing and enforcement of the standard.

To this end, CableLabs and a number of cable operators are actively engaged in the Open Connectivity Foundation (OCF). The OCF is an industry effort to develop an open specification to enable connected devices to securely communicate with one another regardless of manufacturer, operating system, chipset or physical transport. OCF membership is broad-based with over 300 members, including leading companies at all levels of the IoT space – silicon, software, platform and finished-goods. CableLabs and Comcast hold board seats and CableLabs chairs the Security Work Group of OCF. In addition, CableLabs contributes to IoTivity, a Linux Foundation Collaborative Project sponsored by OCF, which provides an open source reference implementation of the OCF specification that will further enable broad adoption.

Engaging with the Broader Internet Ecosystem

CableLabs and the cable industry have enabled cable-based security technologies to be leveraged in the wider internet ecosystem, including in Wi-Fi hotspots, smart grid devices and medical communications, through CableLabs’ subsidiary, Kyrio. The cable industry also provides broad-based technology thought leadership on security through substantial contributions to the Internet Engineering Task Force (IETF), the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), Wi-Fi Alliance and the Broadband Internet Technical Advisory Group (BITAG), among other leading technical bodies.

Broadband service continues to become more integral to economic activity and social connectivity. The number of connected people and devices continues to grow, as does broadband network capacity and performance. Security provides the fundamental trust that enables these trends, and as the internet ecosystem grows, all actors must make it a priority.

You can find more information about CableLabs' role in securing the future in our Inform[ED] Insight papers "A Vision for Secure IoT" and "Securing Networks in the Broadband Age."