SCTE•ISBE's Role in Setting Cybersecurity Standards Across the Industry
As National Cybersecurity Month continues throughout the month of October, NCTA caught up with Chris Bastian, Senior Vice President of Engineering and Chief Technology Officer at SCTE•ISBE, to find out how the organization is making an impact in the cybersecurity space across the cable industry, and ultimately, on consumers. Bastian's work at SCTE•ISBE, where he heads up technology and engineering, is very network focused and includes leading the charge for standardizing and operationalizing security procedures for the industry geared towards protecting networks and consumers from cybersecurity attacks. In the Q&A below, Bastian shares insights on how cybersecurity is evolving and how multiple stakeholders across the industry are working to prevent and mitigate these attacks as quickly and efficiently as possible:
What kind of work does SCTE•ISBE do related to cybersecurity?
At SCTE•ISBE, we have security ingrained in all of our offerings. This breaks down into the following four major services that we provide to the industry:
- Standards and operating practices. We have a standards group program, with over 140 companies that are involved and over 1100 networking professionals. This group is dedicated to creating standards and operating practices that are focused on the cable industry, and we're the only standards group that does that. Security comes up in all of our documentation. We have an IoT working group dedicated to developing IoT security best practices.
Another one is DOCSIS. We have a close relationship with CableLabs and their security group. CableLabs creates all of the specifications and performs the interoperability testing, and we turn those specifications into nationally and internationally recognized standards. Our role is to stay embedded with what CableLabs is doing so that we can take the most up-to-date standards to the global stage.
- Training and certification. We're focused on getting our workforce trained up on the best practices. We have a broadband wireless specialist certification program that has modules devoted to security and on the most common cyber threats out there, and we are always refreshing the training with the latest information and developments that CableLabs is seeing and working on as well. Examples of this are our white paper co-authored with CableLabs, "A Future Worth Protecting," and our "Cybersecurity Essentials" training course.
- SCTE•ISBE Cable-Tec Expo. At Cable-Tec Expo, we always address security in our workshops. This year we had 10 security papers presented. We're always looking for additional abstracts on security.
- Chapters and membership. Part of our membership benefits is participation in the local chapters. We hold monthly webinars for education and security is a constant topic. The local chapters provide education by holding meetings that allow the workforce to get together to discuss current issues.
Why is cybersecurity important to networks and to users?
It's so topical today. It comes up constantly on the news. Cybersecurity crime is rising, and the attacks are getting much more sophisticated. It's coming up daily. I live outside of Philadelphia, and our local school district was the victim of a ransomware attack. Their system had to be taken offline for over three weeks because the attack was so effective. IT had to reload everything from scratch and put the system back up piece by piece. These types of cybercrimes are attacks on our customers, our industry, and the network itself. Bad actors like to mess things up and take things down and it can be targeted against the network, the customers, or both, so we definitely need to focus on cybersecurity in every aspect of our work. It's similar to the fight against health viruses, in which the nature of the attack and the disease is always evolving and getting more difficult to extinguish.
The cable industry is working on delivering the 10G platform to consumers. How will 10G impact cybersecurity?
On the one hand, speeds are increasing and latencies are decreasing. That's great, but it's also a benefit to the attacker because they can attack that much faster. That's why that security leg is a focus of the 10G program. CableLabs is doing a lot of work with the Micronets approach by using a framework that identifies the source locally and extinguishes it. The goal is to get as close as possible to the source of the attack before it spreads. Going back to the health analogy, it's like when you try to find the cancer source on a patient and from there prevent the spread to other parts of the body.
How is SCTE•ISBE doing its part to combat these sophisticated attacks on the network and consumers?
We [SCTE•ISBE] are a conduit. We bring people together in the community through a number of platforms, through the standards we establish, through Cable-Tec Expo, and the learning and development courses we provide. You can have the equipment sitting there with the best security defenses, but if they are not maintained properly, they could leave vulnerabilities. If the industry's workforce is not proficient, they leave vulnerabilities. Our job is to get the word out about best practices as far and as wide as we can. We are the applied science resource for the industry on this, and we connect the experts with the workforce at large so that they're up to date on the latest information and on the latest attacks. We aggregate this info into a digestible format so that the workforce can take the appropriate steps to mitigate against vulnerabilities.