How the Cable Industry is Securing the Network Against Cyberattacks


To check the latest findings on nationwide broadband network performance during the pandemic, go to the NCTA COVID-19 dashboard.

October may mark Cybersecurity Month, but the cable industry’s work to secure its networks against evolving cyberattacks happens every single second of every single day. With more people working remotely more than ever due to the COVID-19 pandemic, and with more devices in the home now, the industry is always monitoring traffic to identify potential threats that could compromise consumer devices, businesses, and personal information. As the annual Cable-Tec Expo continues throughout the week (virtually) with many sessions geared towards cybersecurity, NCTA caught up with CableLabs Lead Architect Kyle Haefner, whose work has a particular emphasis on artificial intelligence (A.I.) in cybersecurity. Looking ahead, Haefner shared how CableLabs is working with cable operators and numerous organizations to not only navigate the industry through the security risk landscapes of today, but to also prepare networks for the unknown threats of tomorrow. 

With the growing number of connected devices every year, how is CableLabs helping to mitigate cybersecurity threats? 

Well, the industry experienced a big wake up call in 2016, when the Mirai cybersecurity attack took place. Basically, a group of devices were compromised and the wireless service attack took down large parts of the internet. Ever since then, there has been a change in attitude towards security from the government and from a lot of different sectors. At CableLabs, we look at how to secure devices through the development of specifications. A big initiative that we've been involved in to develop these includes our work on the Open Connectivity Foundation (OCF) specification. In the last five years, over 450 companies have contributed to this specification. These companies include cable operators, manufactures, and security companies. The OCF applies best security practices to IoT devices, and guides IoT interoperability. 

The ultimate goal at CableLabs is to come up with a common way for devices to securely talk to each other. This will help both consumers and people that operate large internet networks to reduce the bad traffic on the network that compromise IoT devices. 

Can you offer an example of a cybersecurity solution that CableLabs has in the works?

Our Micronets project, which has been ongoing for the last couple of years, takes the premise of isolating traffic from the network to a single device. [The framework of Micronets would have prevented the Mirai attack through quick identification of the attack and then the quarantine of the vulnerable IoT devices.] When we start seeing the capabilities of these types of projects, then we can also start to see the promise of using A.I. in security defense. There are A.I. solutions out there that cable operators are using right now. Many projects at CableLabs are furthering these kinds of solutions. A lot of what we do here at CableLabs is what you call "early on proof of concept." We come up with solutions that lead to clean networks, and we're getting there by focusing on the sources of bad traffic.

How are the security models / solutions you've been working on in A.I. going to enable better security for IoT devices?

A.I. is being used in security models to predict how devices behave by allowing your modem or gateway to monitor IoT devices and decide if they are acting outside of normal behavior. Machine learning and A.I. are moving closely to the "edge. " And by the "edge," I'm referring to cable modems, routers, and gateways—the devices themselves. These algorithms and computing models are increasingly being built into hardware and chipsets of devices close to the edge. This leads to a good opportunity to doing analysis right there in the gateway close to the IoT devices. This creates several advantages. For example, the idea is that data isn't being sent to the cloud. This means there is much better privacy, because all of the network traffic isn't being sent to a single provider in the cloud. 

A consumer would then receive a notification from their phone alerting them that their connected light bulb, for example, is acting differently. So my work, specifically, involves performing this sophisticated behavioral analysis on these devices based on their network traffic. My work looks at measuring the complexity of a device and building machine learning and A.I. models that use that complexity to determine how accurately the device's behavioral pattern can be predicted. Simple devices like lightbulbs can be more accurately modeled than more complex devices like your laptop. These simple devices cannot run any kind of anti-malware to protect themselves, and so they depend on the network and on technologies like Micronets and A.I. running on your home router to provide that protection.

In looking towards the future, will we see some of the same cybersecurity threats we're seeing today continue, or new ones come around? And how is the cable industry preparing to face these unknown security threats? 

There has been an uptick in ransomware, and specific attacks on hospitals and places with sensitive data and deep pockets. In the future, we don't see ransomware generally targeting individuals, but we could see ransomware targeting specific devices and ecosystems. And let's say in a scenario you found a vulnerability in an HVAC system that's deployed in hundreds of buildings across the U.S. A bad actor would take advantage of that vulnerability and lock the devices. Then that bad actor demands that the manufacturer pay a ransom in order to unlock all of those devices for their subscribers. That is what an evolution of a ransomware attack could look like. While we can't predict what actual security threats will be out there in the next few years, we can recognize those types of models and prepare our devices for them, and take steps to prevent the malware from infecting them in the first place. 

How will the emergence of the 10G platform bring heightened security (as well as faster speeds, more reliability)? 

It all goes back to DOCSIS, which is the technology behind cable internet. 10G builds on DOCSIS. DOCSIS is a pioneer in public key cryptography as applied to devices. The cable industry has built one of the largest public key infrastructure systems in the world. Essentially, this kind of system is what enables trust and authentication between devices and the cable network. There are approximately half a billion security certificates that have been issued to date. From a security perspective, this is a huge success, and again, 10G will continue to build on that. We've been working hard to ensure the future specifications that we build can adapt their cryptography through future risk landscapes, and making sure that cryptography is flexible enough to adapt 10 years down the line.