Hardware Infrastructure Global Viewpoint – May 2019

Security for Broadcast

There is a suggestion that SDI networks are highly secure - a budding hacker can be easily spotted because they have a pair of wire cutters in their hand! But is this just over simplified sentimentality? And as we move to IP, it is becoming clear that a whole plethora of new possibilities are opening before us, especially as IT infrastructures have the potential to deliver much better security than we ever had in the past.

My nostalgic recollection of SDI, although implying the virtues of SDI security, forgets to point out some of the potential for very insecure working practices that have had the opportunity to manifest themselves in the broadcast industry for decades.

Take for example distributing a blockbuster film on video tape, as we did before secure file transfer. The video tape would invariably be given to trusted dispatch rider who would deliver the tape to a post-production house or affiliate broadcaster. Although you could be certain the tape reached its destination, how would you ever know if the tape had been copied on-route?

As I recall, night-shifts in broadcast stations were generally run on a skeleton workforce with the minimal operational staff. Edit suites and duplication areas were often deserted with nobody apparently working in them. Is it possible that films could have been easily copied to VHS without anybody knowing?

The primary difference with IP security is that any potential hacker has the advantage of not necessarily being in the broadcast facility. It’s true, they could be in another part of the world. But these issues are well understood in the IT industry and can be greatly mitigated. Security experts build highly guarded perimeters around networks to protect them.

And I would argue that IT infrastructures with IP networks have the potential to be much more secure than SDI infrastructures and all the systems that go with them. There are many vendors who provide forensic audit trails to show who, when, and where a user has accessed a media file and even if and when they downloaded it. Unauthorized copying of media assets could quite easily become a thing of the past.

Media files in transit between broadcasters and post houses are easily encrypted. Anybody snooping on the link can copy the stream, but without the decryption key, the resultant data will just be meaningless rubbish. The finance industry has been using and refining encryption technology for decades and the same solutions are now finding their way into broadcast.

That all said, IT security is not easy. It requires a whole new mindset, one that may not sit well with traditional broadcast engineer thinking. Experts must be employed from the very beginning of the planning stage to make sure an IP network is secure. Adequate file-rights and user-rights policies must be implemented and password policies should be strictly enforced and embraced, all the way from the CEO.

With the passage of time, we have a tendency to look at history with a certain nostalgia. SDI and it’s implied security is no exception. But next time you look at IP and think about security, try and remember what went on before, and compare it to what is ahead. I’m sure the fantastic opportunities for improving security that IP offers will become clear to you, especially when protecting your most highly prized media assets.

Tony Orme, editor.