Need to Know: IoT Poses New Cybersecurity Threats for Cable

As cybercrimes and incidents of institutional hacking increase, cybersecurity is a critical concern for big TV distributors that give consumers access to the internet.

It’s also a strange topic for cable operators, though, because it’s rarely discussed in public, beyond the chorus of concern from consumer data watchdogs.

The Federal Communications Commission, whose leaders have made lofty speeches about the importance of cybersecurity, offers a perfunctory summary of its cybersecurity objectives, with few details about its cable or telco initiatives, in describing the FCC Cybersecurity and Communications Reliability (CCR) Division.

Need to Know:Cybersecurity

NCTA–The Internet & Television Association and the American Cable Association emphasize that “the entire cable industry takes cybersecurity very seriously” and back security and risk management practices. But details about those efforts — or the failures in the system — are scant.

Still, the scale of cyber-threats to the cable industry is significant and growing. In Akamai’s Summer 2018 State of the Internet/Security: Web Attack report, the firm measured a 16% increase in the number of distributed denial of service (DDoS) attacks recorded since last year globally, with new and more devious attack methods noted.

There are also constant reminders of new threats. This past May, researchers found that U.S. customers’ WiFi connections could be harvested from a cable operator's bill or email. Comcast said it quickly disabled the vulnerability in its activation portal, established an additional layer of authentication and that no personal user info was ever accessed.

Steve Goeringer, principal security architect at CableLabs

Steve Goeringer, principal security architect at CableLabs

Steve Goeringer, principal security architect at CableLabs, said cable has been “at the forefront of cybersecurity of broadband” thanks to the DOCSIS cable-modem specification, which has employed strong encryption and authentication since its version 1.1. Subsequent updates have created further barriers to DoS and DDoS, he added.

“Delivering services the way they were intended, including protecting customer privacy, is always critical,” Goeringer said. He cited pirated over-the-top content, which aside from being illegal, also exposes consumers to malicious software and theft of personal information, and the growing presence of Internet of Things devices, which are often insufficiently protected and can bring malicious software into the system.

Kyrio, a CableLabs subsidiary that provides technology services, has been focusing on Internet of Things security. “Companies that can provide strong security at scale will be able to use that as a key differentiator for their products, protect their brand and future-proof their products,” Ron Ih, the company’s director of business development, said in a June 4 blog post. Putting an emphasis on cable’s growing involvement with wireless services, he observed that, “expanded wired and wireless connectivity accelerates the need for a more scalable security solution for these networked devices” in the IoT value chain.

CableLabs vice president of technology policy Rob Alderfer recently acknowledged the need for government/industry cooperation, especially in the fast-emerging IoT category.

“With the constant barrage of new cyber incidents, often driven by IoT devices vulnerable to exploitation, governments at all levels are taking notice and grappling with the rapidly evolving threat,” according to a CableLabs summary of his remarks at a IoT workshop. “Cybersecurity is no longer the domain of the IT department, but rather a key area of governance for all enterprises.” 

Need to Know:Cybersecurity

Need to Know More?

Have a burning question about cybersecurity — or maybe request for a different topic you’d like to see us tackle? Email us at needtoknow@nbmedia.com and we’ll put our top minds on it!

More from Future on cybersecurity:

Gary Arlen

Contributor Gary Arlen is known for his insights into the convergence of media, telecom, content and technology. Gary was founder/editor/publisher of Interactivity Report, TeleServices Report and other influential newsletters; he was the longtime “curmudgeon” columnist for Multichannel News as well as a regular contributor to AdMap, Washington Technology and Telecommunications Reports. He writes regularly about trends and media/marketing for the Consumer Technology Association's i3 magazine plus several blogs. Gary has taught media-focused courses on the adjunct faculties at George Mason University and American University and has guest-lectured at MIT, Harvard, UCLA, University of Southern California and Northwestern University and at countless media, marketing and technology industry events. As President of Arlen Communications LLC, he has provided analyses about the development of applications and services for entertainment, marketing and e-commerce.