CableLabs releases best common practices document for gateway device security

Nov. 4, 2021
The product of a CableLabs Working Group convened earlier this year, the document provides a baseline for gateway device security as well as a set of terminology for operators and vendors to discuss security requirements and solutions.

CableLabs has published Gateway Device Security Best Common Practices, a document that describes how manufacturers, operators, and others can reduce the risk of cyberattacks on leased and retail cable modems, integrated access points, and home routers. The product of a CableLabs Working Group convened earlier this year, the document provides a baseline for gateway device security as well as a set of terminology for operators and vendors to discuss security requirements and solutions, according to a CableLabs executive who was part of the Working Group.

The group developed a best practices document instead of a set of standards because of the wide range of elements, stakeholders, and existing standards and practices that had to be considered, according to Brian Scriber, vice president, security technologies at CableLabs. For example, the Working Group discussed security aspects of hardware and manufacturing, software and firmware development and verification, default security settings and configuration procedures, secure boot and root of trust, encryption requirements for data transmission and storage, physical security, and other elements. The working group also wanted to provide the industry with the flexibility to continue security innovation, particularly as threats evolve, Scriber said.

Therefore, the members of the working group – which included representatives from CableOne, Charter, Cisco, Cogeco, Comcast, Commscope, Cox, Liberty Global, MaxLinear, MediaCom, Shaw, and Technicolor, according to a CableLabs blog on the subject – set out to establish a framework through which operators and vendors could collaborate to improve gateway device security now and in the future. Their work focused on eight areas:

  1. Development of a common framework for gateway device security elements and controls.
  2. Harmonization of requirements among network operators.
  3. Creation of an environment for collaboration on security between manufacturers and network operators.
  4. Leveraging of existing, trusted security controls.
  5. Construction of a practices and configurations verification framework.
  6. Alignment of security efforts with existing standards, regulatory, and compliance regimes.
  7. Increased protection of network resources and broadband services from attacks.
  8. Establishment of flexible security approaches for gateway devices that can adapt to new threats.

The framework the document describes is intended to be updated as circumstances and security techniques and technologies evolve, Scriber emphasized. Meanwhile, he expects that operators will leverage the practices within the document when discussing security requirements with their technology suppliers. While he doesn’t envision CableLabs creating a certification process based on the document, he anticipates that Kyrio will be able to provide resources to enable operators and vendors to evaluate the security of products.

About the Author

Stephen Hardy | Editorial Director & Associate Publisher

Stephen Hardy is editorial director and associate publisher of Lightwave and Broadband Technology Report, part of the Lighting & Technology Group at Endeavor Business Media. Stephen is responsible for establishing and executing editorial strategy across the both brands’ websites, email newsletters, events, and other information products. He has covered the fiber-optics space for more than 20 years, and communications and technology for more than 35 years. During his tenure, Lightwave has received awards from Folio: and the American Society of Business Press Editors (ASBPE) for editorial excellence. Prior to joining Lightwave in 1997, Stephen worked for Telecommunications magazine and the Journal of Electronic Defense.

Stephen has moderated panels at numerous events, including the Optica Executive Forum, ECOC, and SCTE Cable-Tec Expo. He also is program director for the Lightwave Innovation Reviews and the Diamond Technology Reviews.

He has written numerous articles in all aspects of optical communications and fiber-optic networks, including fiber to the home (FTTH), PON, optical components, DWDM, fiber cables, packet optical transport, optical transceivers, lasers, fiber optic testing, DOCSIS technology, and more.

Sponsored Recommendations

The Journey to 1.6 Terabit Ethernet

May 24, 2024
Embark on a journey into the future of connectivity as the leaders of the IEEE P802.3dj Task Force unveil the groundbreaking strides towards 1.6 Terabit Ethernet, revolutionizing...

The Pluggable Transceiver Revolution

May 30, 2024
Discover the revolution of pluggable transceivers in our upcoming webinar, where we delve into the advancements propelling 400G and 800G coherent optics. Learn how these innovations...

Coherent Routing and Optical Transport – Getting Under the Covers

April 11, 2024
Join us as we delve into the symbiotic relationship between IPoDWDM and cutting-edge optical transport innovations, revolutionizing the landscape of data transmission.

AI’s magic networking moment

March 6, 2024
Dive into the forefront of technological evolution with our exclusive webinar, where industry giants discuss the transformative impact of AI on the optical and networking sector...