Cyber Security Is An All Industry Issue

Cyber security impacts everyone and every industry. One unifying comment from cyber security experts is the bad guys are mostly winning. The good guys are fighting the good fight and we each need to do our part. One of the more challenging aspects of cyber security is cyber policy, governance, guidelines and training. I call this “good cyber hygiene”.

As the broadcast industry has become largely computer based evolving away from proprietary hardware, it opens the door and reality to cyber threats. At the same time there are many challenges and obstacles to implementing a hardened cyber security threat protection system into a mission critical broadcast environment. Media does not play well with threat protection, broadcast applications struggle to maintain the high performance required by media applications while scanning and monitoring for potential threats.

After a few “close calls”, the live sports production community has elected to work together to develop a set of policies, guidelines and governance rules that are universal across suppliers, rights holders and broadcasters. The remote production companies get cyber security compliance requirements from all of the major broadcasters prior to major events. In many cases, the requirements overlap or are consistent across all the content owners. What they are hoping to achieve is an acceptable set of cyber governance guidelines and policies that embraces the requirements and concerns of the entire community and develop a common set that can be “standardized”, approved and enforced by all.

For any remote event, the broadcaster typically sends pre-produced packages or elements to the mobile truck on large removable disks or if the truck is network connected transferred and then moved to the appropriate production device. It’s not practical to scan terabytes of content right before a broadcast. The content originator should certify the media is clean.

However, the other potential threat condition is freelance technical operators (e.g. vision mixers/technical directors, graphic operators) that occasionally work from home on elements or their device profiles and bring it to a live event on their personal removable drives, that may also have been used for other non-production personal things and possibly gotten infected by a virus or malware. If left un-tested, it could infect the whole truck, interrupt the live broadcast and as media moves between truck vendors, possibly infect the entire compound. This can all be avoided by a simple scan of the removable drive on a dedicated threat scanning computer.

Cloud has complicated this discussion because cloud means access to open Internet, good grief. Unfortunately, once a computer based production device is allowed to access the Internet, human nature kicks in and people tend to surf, search, check email, etc., and this of course exposes the dedicated production computer/server to potential cyber threats.

Broadcast manufacturers are coming to the realization that they need to allow their products to co-exist with threat protection technology. If the financial community can support threat prevention and still perform high volume, high speed trading, then the broadcast manufacturers should be able to figure out how to optimize their products and not require the threat protection to be removed or disabled.

On one of my projects, the client’s IT department would not allow the vendor to disable threat protection on their servers. The vendor’s applications performed poorly or not at all, and blamed it on the threat product. The broadcast department couldn’t accept the poor performance of the product they spent a lot of money on. Fortunately, my client had enough clout to bring the threat vendor, the IT dept. and production vendor together, get them to work together and figure out a configuration that would work. The goal was to allow threat protection to run on the servers without compromising performance, it took a bit, but they were successful. It didn’t need to be as hard as it was!

Addressing cyber security is probably more about policy and governance than it is about technology. No technology will solve the challenge if the users are not willing to follow guidelines and policies designed to protect them not inhibit them from doing their jobs. The threat protection companies specialize in identifying threats and maintaining their products to provide protection. There is no need for production application vendors to get into the threat protection business, just enable the applications to co-exist in the same environment doing their respective jobs.

Production manufacturers need to work closely with the threat guys to find the optimum configurations to maintain the high-performance media requires. At the same time the production personnel need to follow good cyber hygiene policies to reduce the likelihood of a potential threat.

As the entire broadcast industry moves to implement ST2110, NMOS, leaf spine network, PTP and everything else, it is critical that threat protection and good cyber hygiene be given the same level of importance and priority.

Technology is not always the answer, good policies, governance and training are equally if greater in importance and value.

If the program doesn’t make it to air, whether it’s live or pre-recorded, the financial impact is far greater than the cost to prevent it.

Good cyber security hygiene is all about threat protection and governance that need to work hand in hand to avoid any disruption of program delivery. This impacts all areas of media - news, sports and entertainment and on any platform.

Comments:

I have just been reading Sandworm by Andy Greenberg. This should be a wake-up call to the entire industry.

TV broadcasters are part of the critical infrastructure that millions rely upon, and as such are top targets for malicious actors.

Reading about what happened to two TV stations, and the transmission network in Ukraine, and what happened to France’s TV5 Monde in 2015 should prompt immediate action from broadcasters and service providers to perform strict audits of existing systems and work with cyber-threat analysts to plan for the worst case scenario before it’s too late.

November 25th 2019 @ 15:55 by Jeremy Bancroft
Let us know what you think…

Log-in or Register for free to post comments…

You might also like...

PTP Explained - Part 4 - Requirement’s For Virtualisation Of ST 2110 COTS Infrastructures

In the fourth and final part of this series, we wrap up with an explanation on how PTP is used to support SMPTE ST 2110 based services, we dive into timing constraints related to using COTS (Commercial Off-The-Shelf) hardware, i.e.:…

Apple TV Plus Puts Spotlight On Low Latency Streaming And CMAF

The recent launch of Apple’s TV Plus service bulked up with original TV shows costing $6 billion to produce has disrupted global attempts to unify streaming behind a common set of protocols for encoding, packaging, storing and playing back video d…

5G And Live Production

This past summer the NBA did a little experimenting using 5G and mobile phones to cover their summer league. This is not User Generated Content (UGC) by any means. It also was not an off the shelf deployment of 5G…

PTP Explained - Part 3 - Operational Supervision Of PTP Network Services

In the previous two parts of this four-part series, we covered the basic principles of PTP and explained how time transfer can be made highly reliable using both the inherent methods IEE1588 provides as well as various complementing redundancy technologies.…

Essential Guide: High Dynamic Range Broadcasting

HDR offers unbelievable new opportunities for broadcast television. Not only do we have massively improved dynamic range with the potential of eye-watering contrast ratios, but we also have the opportunity to work with a significantly increased color gamut to deliver…