"These threats are extremely serious and must be countered," says Nagra.
With consumer data now as key an asset as the content itself, service providers must increasingly address cybersecurity threats and the theft of subscriber data. Here media security systems expert Nagra surveys the changing nature of pay TV security.
Christopher Schouten, Senior Director of Product Marketing, Nagra: Security in pay-TV used to mean simply ensuring that people paid for the content they watched, as it was primarily a broadcast domain and not an IT one. Now that more types of interactive technologies are connected, and tablets, smartphones and other devices are used to consume content as well as interact with core management systems, the security domain for providers has become much more complex. These additional access points offer enticing targets for adversaries seeking to exploit payment or other personal subscriber information. This means that providers will need to expand their security focus from content encryption and piracy protection, to include their broader network and the core business systems where critical subscriber data is maintained. It’s a new world and the risks are high. With the EU’s GDPR coming into effect soon, failure to protect this data could have serious consequences.
Can you quantify the threat from cybersecurity generally and to pay TV revenue in particular?
CS: Research from PwC shows that the average cyberattack costs companies nearly GBP 1.5M. There is no reason to believe that this is any different for pay-TV service providers. With the advent of GDPR those costs could be driven even higher, because sanctions can include a fine of up to EUR 10M or 2% of the annual worldwide turnover of the preceding financial year, whichever is greater.
How much of a threat is it compared to other types of content access breaches faced by operators?
CS: Content sharing has become an unfortunate fact in recent years, but this only impacts live or series content. Hacks into production servers can make pre-release content available, which has even more value than movies or series that have already been released. The current trends in cyberattacks include ransomware attacks and stolen files being held for ransom, which has already affected media companies like Netflix, and most recently HBO. And although Netflix’s production subcontractor paid the requested amount, the hackers leaked the content anyway. Leaked content, whether through hacking or piracy, erodes the overall value of the entire content production and distribution chain. These threats are extremely serious and must be countered.
What are the main security danger points that are emerging – both to consumer data and to content?
CS: Regarding content, any that is created or moved around without the proper protection is at risk. That protection must include technologies like a secure hardware root of trust enabling a Secure Video Path, as well as forensic watermarking that helps trace leaked content back to the source. That’s why the Kudelski Group’s NexGuard subsidiary provides watermarking protection throughout the entire production and distribution chain.
Providers have a unique challenge in front of them in regards to protecting their consumer data as they have moved from a content distribution system to an interactive network with many more types of access. Where previously we needed to ensure our set-top boxes were hardened against tampering or piracy, consumers now can choose what type of device they use to interact with content and core business applications. This moves operators from having a single controlled point of entry into the home to needing multiple ways to control access to content and personal information. Furthermore, these access points could potentially create openings for adversaries to move laterally into other business systems so providers also need to harden defences around key business systems and data to monitor access and ensure that unauthorized activity is quickly identified and terminated.
What solutions are on offer to enable operators to tackle these head on?
To address the cyber challenges to both content and consumer data, NAGRA began integrating its own proprietary hardware root of trust into set-top boxes many years ago to ensure the privacy and integrity of all data to and from the STB. This leads to a superior level of security that to date has shown no known vulnerabilities. In a world of more open devices this can be more challenging, but new technologies like Trusted Execution Environments are being used by NAGRA and others to provide security that is at least better than pure software so consumer data and operator content are protected.
In addition to protecting the device, an operator’s IT infrastructure must also be carefully protected so that attacks on the company itself do not leak critical content or data. NAGRA’s sister company, Kudelski Security, is a leading specialist in enterprise cybersecurity, and provides solutions and services to any large company seeking to secure its IT assets from potentially damaging attacks.
What measures can realistically be taken to head off threats now and what are operators and broadcasters doing in practice?
CS: NAGRA has long worked with service providers on solutions to protect pay-TV content and consumer data to and from the STB. But operators and broadcasters are increasingly realizing the threat to their corporate networks and taking action to protect themselves by working with cybersecurity specialists like Kudelski Security. In between those two are the multitude of open devices consumers are using to watch content, so NAGRA also offers solutions to help manage delivery and data protection on those devices as well using the NAGRA Security Services Platform to manage built-in DRMs on iOS, Android, Mac and Windows devices.
You might also like...
The EBU (European Broadcasting Union) has struck a partnership with the Digital Production Partnership Ltd (DPP), a UK based business change network, to promote open standards for interoperability between all components of the video cycle as the industry continues its…
Samsung has announced Germany’s HD+ satellite service as the first customer for the TVkey security USB dongle developed in partnership with content protection technology vendor Nagra. The dongle works in conjunction with a chip in Samsung’s latest smart TVs…
The EBU (European Broadcasting Union) has called on broadcasters and their technology suppliers to work together over cyber security and adopt best practices already available or evolving in the IT world. The organization representing broadcasters across Europe and in many…
In the world of pay-TV there is only one constant: the need for robust content protection. Despite standardization efforts across the industry, device fragmentation still poses a challenge for pay-TV service providers that want to offer secure premium content over…
For many OTT video distributors, rights management is a challenge. Given the alternative of lacking rights to manage, this is a good problem to have. But slow-paced integrations and makeshift solutions are creating costs and risks that competitive OTT players…