Security, Broadband and the Cable Industry

Cable operators are enjoying tremendous revenue opportunities from their headlong march into Internet protocol (IP)-based services. There is a downside, however: The Internet and other IP networks are targeted on a daily basis by savvy hackers and crackers. An ongoing concern is whether operators have the skills, technology and sense of urgency necessary to deploy adequate security.

The threats are continually evolving and exist at multiple levels. At best, the Internet security battle is a back-and-forth affair, with just as many smart people on the bad side as on the good. The biggest danger, perhaps, is assuming that yesterday's security will suffice in this new world. "Better authentication and less reliance on easily compromised solutions is a must because of the growing sophistication of the threats," wrote Mustaque Ahamad, a professor at the College of Computing at the Georgia Institute of Technology and director of the Georgia Tech Information Security Center, in response to emailed questions.

The gravity of the situation is apparent in a pair of studies released Dec. 21 by Infonetics Research. One, entitled DDoS Prevention Appliance Market Outlook found that Distributed Denial of Service (DDoS) attacks are growing, as is the market for equipment aimed at thwarting them. The second, Service Provider Security Drivers, Spending, and Vendor Leadership: Global Survey, found that “nearly every service provider interviewed” for the report plans to increase spending on security in 2012 both in absolute dollars and as a percentage of the company’s capex budget.

The dynamic is interesting and evolving quickly. On one level, operators need to protect switches, servers and other core network elements from DDoS and similar attacks. A largely separate but deeply related level of concern is at the applications layer, where a new generation of end user devices and dizzying array of mobile operating systems can provide the armies of clever crackers potential entry paths -- called "attack vectors" in the hacking community -- into the MSO's back office.

On a third level, operators protecting real time, Session Initiation Protocol (SIP)-based communications -- video calls and VoIP -- demand special security attention. This is best provided by session border controllers (SBCs), according to Stephen Collins, the vice president of marketing for Acme Packet. Collins suggested that moving SIP traffic over WiFi networks will require the type of security that SBCs offer.

Cable's Head Start

Cassio Sampaio, the assistant vice president of product line management for Sandvine, suggested that the cable industry may be ahead of wireless and DSL providers in detecting DDoS and related network-borne attacks because of the proactive rollout of policy platforms to manage the burgeoning number of mobile devices it supports.

Sampaio said the ability to manage a tremendous number of devices in a manner granular enough to satisfy complex rules -- for instance, enabling a particular piece of R-rated content to be available to a mobile device registered to an adult but not to a child living at the same address -- puts the basic structure in place that can support the tools needed to battle DDoS attacks. "[It] makes sense for security to be part of same portfolio," Sampaio said. "It could be that cable providers are slightly ahead of the curve by being early adopters of narrow policy techniques that led them to put more infrastructure in place."

The key to protecting cable and other IP networks is using an industry standard protocol called NetFlow to track traffic patterns, said Tom Bienkowski, the director of product marketing for Arbor Networks. "It could see that traffic [generally] flows at a particular rate," Bienkowski said. "If there is a major spike that is not normal, it could be indicative of a DDoS attack."

Tools from Arbor and others that detect such activity can divert the flow and mitigate, or cleanse, the traffic. Tools that use NetFlow -- Arbor markets them under the Arbor Peakflow SP label -- are important as the threats expand. "DDoS continues to grow in size and complexity with the advent of botnets for hire," he said. "That is really what is causing the huge, huge jump in the number and size of DDoS attacks."

All Those New OSs

The potential game-changer for the cable industry -- and the place where the security world of switches and routers overlaps with the security world of end user devices -- is the rise of advanced operating systems. Lance Boyd, the vice president of business development for Irdeto, said the legacy world of cable networks is secure behind hardened cable modems, gateways and set-top boxes. iOS, Android, Windows Phone and other advanced OSs aren't nearly as locked down and present a potential path in the network for crackers.

Irdeto and other companies offer tools that protect valuable content, such as streaming movies. This software isn't present on all data that is being sent, however. The unprotected data can carry malware such as Trojans and worms capable of opening "back doors" into the underlying network. The takeaway is that operators must deal with far greater complexity than before. "All of a sudden, they are moving from a very closed system to multiple end points that are open and vulnerable," Boyd said.

Georgia Tech's Ahamad suggested that the problem eventually can threaten even the formerly highly secure infrastructure: "Compromise of end devices such as customer home computers and even set-top boxes via malware infection is a serious problem," he wrote. "Such devices not only can waste resources such as bandwidth; they can steal sensitive information and even alter setting[s] and configurations."

Cable operators clearly are at the forefront of bringing the still relatively young broadband infrastructure to a mass public. It is a dangerous world, however, and much of what happens will test operators. The bottom line simply is that operators need to recognize the dangers and be proactive. "[The] security risks are real, and operators need to put best practices in place to protect [the] enterprise and customer [endpoints]," Ahamad said.

Carl Weinschenk is Broadband Technology Report's Senior Editor. Contact him at

Get the Broadband Technology Report Newsletters Delivered to Your Inbox

Subscribe to email newsletters today at no cost and receive the latest information on:

  • Video Technology
  • Network Technology
  • Technology Alerts
  • BTR LATAM (Latin America)

SCTE-Cable Tec Expo 2016 Video Show Dailies

BTR's SCTE-Cable Tec Expo Video Show Daily, Day 3

BTR's SCTE-Cable Tec Expo Video Show Daily, Day 3

In our Video Show Daily for Day 3 of exhibits at SCTE Cable-Tec Expo in Philadelphia, BTR Editorial Director Stephen Hardy covers trends in distrib...

BTR's SCTE-Cable Tec Expo Video Show Daily, Day 2

BTR's SCTE-Cable Tec Expo Video Show Daily, Day 2

In our Video Show Daily for the second day of exhibits at SCTE Cable-Tec Expo in Philadelphia, BTR Editorial Director Stephen Hardy highlights furt...

BTR's SCTE-Cable Tec Expo Video Show Daily, Day 1

BTR's SCTE-Cable Tec Expo Video Show Daily, Day 1

BTR Editorial Director Stephen Hardy reviews the hot technologies and announcements from the first day of exhibits at SCTE Cable-Tec Expo 2016 in P...

Diamond Technology Reviews - 2016 High Scores

2016 Diamond Technology Reviews Slideshow

2016 Diamond Technology Reviews Slideshow

Diamond Technology Reviews 2016

Diamond Technology Reviews 2016

BTR's Diamond Technology Reviews, now in its twelfth year, is a technology recognition program wherein vendors serving the broadband cable ...

Related Articles

Cable ONE

2 More AZ Towns Get Cable ONE Gigabit

October 7, 2016

Cable ONE (NYSE:CABO) is expanding its GigaONE gigabit Internet footprin...


Comcast Launches Enterprise IoT Trial

October 6, 2016

Comcast (NASDAQ:CMCSA) announced machineQ, a business trial venture focu...


2016 SCTE Cable-Tec Expo Wrap Up

Whether you couldn't make it to Cable-Tec this year or want to see if you missed anything while you were there, you'll want to join BTR editors Stephen Hardy and Ron Hendrickson as they reveal their picks for the...

October 12, 2016
Sponsored by

Counting the cost: Efficiently transitioning from HFC to FTTH

HFC networks are uniquely positioned to provide compelling and competitive services, and are also uniquely positioned to transition to symmetrical FTTH as commercial requirements demand.  This webinar will d...

Date:September 22, 2016
Sponsored by

Maintaining High Quality of Experience in an Adaptive Bitrate System

This webinar will look at the many points in an ABR system where the video is touched.  From ingest (satellite, file, and IP), to egress, each point should be qualified for compliance to help maintain a high...

Date:August 25, 2016
Sponsored by

White Papers & Special Reports

Cable VoIP 2.0: Voice Moves to the Cloud

October 2016

Cable providers led the charge on the VoIP evolution and won customers and market share. Now voice networks are evolving again. The cloud voice platform has ...

Understanding Ultra High Definition Television

October 2016

Over the last 10 years, high definition television (HDTV) has been replacing standard definition television as the expected viewing format for television pro...

Are You Ready for DOCSIS 3.1? The Future of Cable Technology and How to Prepare Your Network

October 2016

DOCSIS 3.1 promises 10x capacity throughput and a range of technical benefits for cable providers and users alike. Are you ready? Discover the technical adva...

BTR Blogs

BTR Managing Editor Ron Hendrickson

FCC Rethinks Set-Top Plan

September 10, 2016

By Ron Hendrickson - The FCC has reworked the "unlock the set-top b...


In Memoriam: Richard Covell

August 18, 2016

By Rob Stuehrk, Publisher - We at Broadband Technology Report were sadde...

BTR Managing Editor Ron Hendrickson

Court Overturns FCC Municipal Broadband Order

August 11, 2016

By Ron Hendrickson - You win some, and you lose some, and the FCC just l...

Featured Hangouts

4K 4 U: How to Prepare for UltraHD Video

4K 4 U: How to Prepare for UltraHD Video

4K/UltraHD video is coming - consumers are buying the TV sets, and more content is becoming available. Watch this inf...

DOCSIS 3.1: A Look Ahead

DOCSIS 3.1: A Look Ahead

Watch a 30-minute video chat of experts from a variety of related disciplines discuss how close deployments really ar...

Featured Hangout

4K 4 U: How to Prepare for UltraHD Video

4K/UltraHD video is coming - consumers are buying the TV sets, and more content is becoming available. Watch this informative Hangout on demand by clicking the link above.

Sponsored by Verimatrix.