Cybersecurity is often looked at as a necessary evil and a burden to be endured, but instead it should be considered an opportunity to improve customer experience.
"No one wants to pay for different security products unless they have to or if they were affected by an incident. What they will pay for is a better user experience," said Michael Glenn, VP of cybersecurity at CableLabs.
What businesses should take into account is that a security breach degrades the customer experience, Glenn wrote in a recent blog. For cable operators, an attack could affect the infrastructure, operator-supplied equipment or third-party purchased equipment. One infected computer could impact all the devices on a network and lead to increased truck rolls and customer dissatisfaction.
The top level, optimal situation is strong security that is "really well-designed," and fades into the background part of the consumer experience, Glenn said. Password-based security does not meet this requirement. Consumers find it cumbersome to remember passwords and use the same combinations repeatedly, which reduces the level of security.
"The (most) common passwords are 'password' or '123456'," Glenn said. "This clearly says it's not a matter of education around consumer behavior. We have to change the experience for users so they don't have to remember those passwords."
Public key infrastructure (PKI) certificates use a protected private key stored on a device and a public key. In the cable industry, the certificate is able to validate device identity and authenticate onto the network, with authorization level and modem identity.
"We are a strong advocate for using PKI and certificates for all kinds of devices," Glenn said. "This can be cost effective for most IoT (Internet of Things) devices. Then you don't have to worry about user name and password for authentication."
The revamping of the process begins with getting people to think differently about security. "Complexity is the enemy of security," Glenn said. "If you make procedures for employees too complicated, they will ignore it or bypass it …. If you make processes too hard, you get a lower level of security than if you had simplified processes."
It is similar in a way to designing a good, simple-to-use, user interface, which can be difficult to do. "It takes a lot of work. This is true for security as well. You want it to appear that it is unseen, almost not there. To do that takes a lot of effort," Glenn said.
CableLabs is advocating the use of PKI certificates on other devices and areas. For example, Passport 2.0 allows a computer or a smartphone to have a certificate in it that allows it to authenticate to a WiFi hotspot without having to enter a user password. The standard also enables a device to determine if there is a less congested hotspot available and switch to it if warranted, Glenn said.
Additionally, private keys and certificates could allow for a secure boot on devices to enable validation of software updates to avoid malicious downloads.
"We are at the point where these types of technologies can be cost effective for a large range of devices," Glenn said.