Cable Sees NFV Enhancing Network Security
Network functions virtualization is all the rage because of the money it can save, and because of the network flexibility it helps afford, but the cable industry is enthused about NFV for yet another, less publicized benefit: the potential NFV creates for improving network security.
"We're looking at SDN and NFV, and how those technologies can potentially mitigate some of the problems, and be used to put in multiple layers of defense," said CableLabs' Principal Architect for Security Steve Goeringer. (See CableLabs Sets Up NFV Interop Lab.)
Should hackers find a vulnerability they can exploit, and once a network operator detects it, the operator can implement countermeasure quickly and system-wide, if the network is based on SDN and NFV, Goeringer explained.
A distributed denial of service (DDoS) attack is aggravating. A data breach is alarming. But when hackers get into connected homes, taking control of nannycams for example, it's more than a security breach; it's a personal violation. MSOs and other residential broadband providers are acutely aware that they're taking on an extra dimension of responsibility when comes to supporting connectivity in the home.
Which explains why CableLabs, the industry's research consortium, is getting so involved in standards activities that address security.
CableLabs is trying to drive strong security measures for the Internet of Things (IoT), Goeringer said, through participation in the Open Connectivity Foundation (OCF). CableLabs CTO Ralph Brown is a director of the OCF, and the organization leads the OCF's security working group.
Referring to the wide range of devices cable broadband subscribers might want to install in their homes, Goeringer said, "When our members deploy those products, we want those devices to be secure."
For similar reasons, CableLabs also actively involved in the WiFi Alliance. That organization's Passpoint 2.0 deals with wireless network security.
And of course CableLabs presides over development of the industry's signature DOCSIS broadband technology, the latest version of which -- 3.1 -- includes enhanced security measures.
And then there's SDN and NFV. Mike Glenn, CableLabs' Director of Global Cybersecurity Initiatives, said the National Institute for Standards and Technologies (NIST) has been an excellent resource for network operators looking for best practices and standards for secure networking.
He also praised ETSI.
"If you look at what ETSI is doing with NFV, there's a security working group. They're working very hard to make sure that that environment -- as you look at how DevOps moves and puts stuff into virtualized environments, and how software gets put onto hardware, and how things migrate around -- they're working very hard to make sure that the software is the software you expect it to be; that it has strong authentication; and it authenticates the hardware it's supposed to be deployed on; and the hardware knows what software is being deployed on it."
Glenn continued, "There are all these best practices that we've developed over the past two decades in making physical networks -- we're making sure they're applied to these virtualized networks as well.
"I think there is an opportunity, as networks evolve using these new technologies, the vulnerabilities that have existed in so many devices in the past are being managed."
CableLabs blog: The Future of Network Security
— Brian Santo, Senior Editor, Components, T&M, Light Reading