Cyber Security Is An All Industry Issue

Cyber security impacts everyone and every industry. One unifying comment from cyber security experts is the bad guys are mostly winning. The good guys are fighting the good fight and we each need to do our part. One of the more challenging aspects of cyber security is cyber policy, governance, guidelines and training. I call this “good cyber hygiene”.

As the broadcast industry has become largely computer based evolving away from proprietary hardware, it opens the door and reality to cyber threats. At the same time there are many challenges and obstacles to implementing a hardened cyber security threat protection system into a mission critical broadcast environment. Media does not play well with threat protection, broadcast applications struggle to maintain the high performance required by media applications while scanning and monitoring for potential threats.

After a few “close calls”, the live sports production community has elected to work together to develop a set of policies, guidelines and governance rules that are universal across suppliers, rights holders and broadcasters. The remote production companies get cyber security compliance requirements from all of the major broadcasters prior to major events. In many cases, the requirements overlap or are consistent across all the content owners. What they are hoping to achieve is an acceptable set of cyber governance guidelines and policies that embraces the requirements and concerns of the entire community and develop a common set that can be “standardized”, approved and enforced by all.

For any remote event, the broadcaster typically sends pre-produced packages or elements to the mobile truck on large removable disks or if the truck is network connected transferred and then moved to the appropriate production device. It’s not practical to scan terabytes of content right before a broadcast. The content originator should certify the media is clean.

However, the other potential threat condition is freelance technical operators (e.g. vision mixers/technical directors, graphic operators) that occasionally work from home on elements or their device profiles and bring it to a live event on their personal removable drives, that may also have been used for other non-production personal things and possibly gotten infected by a virus or malware. If left un-tested, it could infect the whole truck, interrupt the live broadcast and as media moves between truck vendors, possibly infect the entire compound. This can all be avoided by a simple scan of the removable drive on a dedicated threat scanning computer.

Cloud has complicated this discussion because cloud means access to open Internet, good grief. Unfortunately, once a computer based production device is allowed to access the Internet, human nature kicks in and people tend to surf, search, check email, etc., and this of course exposes the dedicated production computer/server to potential cyber threats.

Broadcast manufacturers are coming to the realization that they need to allow their products to co-exist with threat protection technology. If the financial community can support threat prevention and still perform high volume, high speed trading, then the broadcast manufacturers should be able to figure out how to optimize their products and not require the threat protection to be removed or disabled.

On one of my projects, the client’s IT department would not allow the vendor to disable threat protection on their servers. The vendor’s applications performed poorly or not at all, and blamed it on the threat product. The broadcast department couldn’t accept the poor performance of the product they spent a lot of money on. Fortunately, my client had enough clout to bring the threat vendor, the IT dept. and production vendor together, get them to work together and figure out a configuration that would work. The goal was to allow threat protection to run on the servers without compromising performance, it took a bit, but they were successful. It didn’t need to be as hard as it was!

Addressing cyber security is probably more about policy and governance than it is about technology. No technology will solve the challenge if the users are not willing to follow guidelines and policies designed to protect them not inhibit them from doing their jobs. The threat protection companies specialize in identifying threats and maintaining their products to provide protection. There is no need for production application vendors to get into the threat protection business, just enable the applications to co-exist in the same environment doing their respective jobs.

Production manufacturers need to work closely with the threat guys to find the optimum configurations to maintain the high-performance media requires. At the same time the production personnel need to follow good cyber hygiene policies to reduce the likelihood of a potential threat.

As the entire broadcast industry moves to implement ST2110, NMOS, leaf spine network, PTP and everything else, it is critical that threat protection and good cyber hygiene be given the same level of importance and priority.

Technology is not always the answer, good policies, governance and training are equally if greater in importance and value.

If the program doesn’t make it to air, whether it’s live or pre-recorded, the financial impact is far greater than the cost to prevent it.

Good cyber security hygiene is all about threat protection and governance that need to work hand in hand to avoid any disruption of program delivery. This impacts all areas of media - news, sports and entertainment and on any platform.

You might also like...

KVM & Multiviewer Systems At NAB 2024

We take a look at what to expect in the world of KVM & Multiviewer systems at the 2024 NAB Show. Expect plenty of innovation in KVM over IP and systems that facilitate remote production, distributed teams and cloud integration.

NAB Show 2024 BEIT Sessions Part 2: New Broadcast Technologies

The most tightly focused and fresh technical information for TV engineers at the NAB Show will be analyzed, discussed, and explained during the four days of BEIT sessions. It’s the best opportunity on Earth to learn from and question i…

Standards: Part 6 - About The ISO 14496 – MPEG-4 Standard

This article describes the various parts of the MPEG-4 standard and discusses how it is much more than a video codec. MPEG-4 describes a sophisticated interactive multimedia platform for deployment on digital TV and the Internet.

The Big Guide To OTT: Part 9 - Quality Of Experience (QoE)

Part 9 of The Big Guide To OTT features a pair of in-depth articles which discuss how a data driven understanding of the consumer experience is vital and how poor quality streaming loses viewers.

Chris Brown Discusses The Themes Of The 2024 NAB Show

The Broadcast Bridge sat down with Chris Brown, executive vice president and managing director, NAB Global Connections and Events to discuss this year’s gathering April 13-17 (show floor open April 14-17) and how the industry looks to the show e…