Playout & Transmission Global Viewpoint – July 2019

The SDI Security Paradox

I would be the first to support the assertion that SDI is incredibly secure. However, my view only extends to true SDI infrastructures, similar to those I worked on before IP became the ubiquitous communications medium of choice for monitoring and control.

My first recollection of SDI was back in 1992 when the chief engineer of the station I was working at wanted to build an offline graphics facility using SDI. This was a fantastic opportunity at a time as SDI was in its earliest days and I remember all kinds of compatibility and reliability issues. At that time, the drivers and equalizers were in their infancy and it was some years before SDI reached the stability levels we now enjoy.

Engineers specializing in audio will remind us that IP has been in use in the broadcast industry since the 1990’s and has served our industry well. And it’s fair to say we are now seeing a major push towards Video over IP. But another revolution is happening under the radar, one that is not too obvious, and its implications for security could potentially kill any suggestion of secure SDI, that is, control and monitoring over IP.

A trend has been developing over many years to move to integrated monitoring and control for broadcasting facilities world-wide. Multipurpose broadcast equipment has encouraged a whole plethora of vendors to provide remote configuration and control features. This empowers broadcasters to improve efficiencies and build huge automated systems with remote monitoring. Open protocols and well documented interfaces allow third party vendors to control, configure, and monitor many different signal processing and routing devices.

I remember in the early days of control such systems as the Sony 9-Pin Protocol using RS422 D-Type connectors, the Pro-Bel SW-P-08 protocol with a similar configuration, and the ubiquitous GPI (a whole new story awaits with the advent of NMOS-IS07). All these required specialist interfaces, so as control and monitoring became more popular, it was almost a done deal that systems would move to the generic Ethernet/IP interface.

As more x86 type servers and computers enter the world of broadcasting, many of the control broadcast processing equipment interfaces are moving to IP. Even those that only process SDI. Furthermore, many of these interfaces support Web-Server software stacks and to access them we use web browsers, a potential source of security concerns. The infiltration of RESTful API’s in the IT industry further encourages the use of Web-Server stacks in broadcast equipment to facilitate integration to IT-centric control and monitoring.

It would appear that IP has been infiltrating broadcast facilities long before ST2022-6 and ST2110 came along. And this isn’t just limited to video, similar scenarios arise for MADI and AES processing and monitoring equipment.

I agree that SDI networks are incredibly secure. But only in the same way that utilities distribution networks are secure. It’s unlikely that I will get a computer virus from the gas pipe entering my office. However, the systems that control the utilities distribution networks are more than likely controlled and monitored over IP. The ramifications of which have been recently well documented by government leaders throughout the world.

Security is a very emotive subject and means many things to many different people. There are many reasons to use VoIP and AoIP, and many reasons to use SDI, AES, and MADI. But before we start rolling out the red carpet for SDI because its “secure”, just look at the bigger picture, especially if your SDI equipment uses IP interfaces for monitoring and control.

Commenting is not available in this channel entry.