CableLabs releases best common practices document for gateway device security

Nov. 4, 2021
The product of a CableLabs Working Group convened earlier this year, the document provides a baseline for gateway device security as well as a set of terminology for operators and vendors to discuss security requirements and solutions.

CableLabs has published Gateway Device Security Best Common Practices, a document that describes how manufacturers, operators, and others can reduce the risk of cyberattacks on leased and retail cable modems, integrated access points, and home routers. The product of a CableLabs Working Group convened earlier this year, the document provides a baseline for gateway device security as well as a set of terminology for operators and vendors to discuss security requirements and solutions, according to a CableLabs executive who was part of the Working Group.

The group developed a best practices document instead of a set of standards because of the wide range of elements, stakeholders, and existing standards and practices that had to be considered, according to Brian Scriber, vice president, security technologies at CableLabs. For example, the Working Group discussed security aspects of hardware and manufacturing, software and firmware development and verification, default security settings and configuration procedures, secure boot and root of trust, encryption requirements for data transmission and storage, physical security, and other elements. The working group also wanted to provide the industry with the flexibility to continue security innovation, particularly as threats evolve, Scriber said.

Therefore, the members of the working group – which included representatives from CableOne, Charter, Cisco, Cogeco, Comcast, Commscope, Cox, Liberty Global, MaxLinear, MediaCom, Shaw, and Technicolor, according to a CableLabs blog on the subject – set out to establish a framework through which operators and vendors could collaborate to improve gateway device security now and in the future. Their work focused on eight areas:

  1. Development of a common framework for gateway device security elements and controls.
  2. Harmonization of requirements among network operators.
  3. Creation of an environment for collaboration on security between manufacturers and network operators.
  4. Leveraging of existing, trusted security controls.
  5. Construction of a practices and configurations verification framework.
  6. Alignment of security efforts with existing standards, regulatory, and compliance regimes.
  7. Increased protection of network resources and broadband services from attacks.
  8. Establishment of flexible security approaches for gateway devices that can adapt to new threats.

The framework the document describes is intended to be updated as circumstances and security techniques and technologies evolve, Scriber emphasized. Meanwhile, he expects that operators will leverage the practices within the document when discussing security requirements with their technology suppliers. While he doesn’t envision CableLabs creating a certification process based on the document, he anticipates that Kyrio will be able to provide resources to enable operators and vendors to evaluate the security of products.

Sponsored Recommendations

Data Center Network Advances

April 2, 2024
Lightwave’s latest on-topic eBook, which AFL and Henkel sponsor, will address advances in data center technology. The eBook looks at various topics, ranging from AI backend networks...

From 100G to 1.6T: Navigating Timing in the New Era of High-Speed Optical Networks

Feb. 19, 2024
Discover the dynamic landscape of hyperscale data centers as they embrace accelerated AI/ML growth, propelling a transition from 100G to 400G and even 800G optical connectivity...

AI’s magic networking moment

March 6, 2024
Dive into the forefront of technological evolution with our exclusive webinar, where industry giants discuss the transformative impact of AI on the optical and networking sector...

Coherent Routing and Optical Transport – Getting Under the Covers

April 11, 2024
Join us as we delve into the symbiotic relationship between IPoDWDM and cutting-edge optical transport innovations, revolutionizing the landscape of data transmission.