Software Infrastructure Global Viewpoint – September 2021

When working in a broadcast environment, whether in a studio facility or outside broadcast, every door is generally open to the engineers. The control rooms, studios and equipment areas may well have electronic key systems, but the engineers always have the highest access levels.

Traditionally, engineers required immediate entry as equipment would need regular maintenance, especially for line-up and calibration. As the years progressed and equipment became more reliable, tweaking has generally become limited to cameras, and even these now have adjustment control through software interfaces and OCPs.

In my view, the ability to calibrate and adjust signal chains through human interface controllers and software menus is one of the most useful wins for modern broadcast engineers. We’re almost at the point where we no longer crawl around floors to adjust the kit that is at the bottom of the rack or lift the floor tiles to find obscure fix-it boxes that everybody had forgotten existed, or even who built them.

But with this newfound software flexibility comes a whole new load of challenges, specifically those around security. That is, if an engineer can tweak the gamma correction on a camera from their mobile phone, then so the potential for others to achieve the same exists, especially if adequate attention hasn’t been paid to security.

Simple changes such as updating the super-user password from “root” and having well defined user access levels makes a major difference to deterring unauthorized entry and are generally well understood. Thinking proactively about security from the beginning instead of an add-on will help keep systems safe.

One of the consequences of improving security is that we limit access. As custom software tools are the new screwdrivers and soldering irons of the modern engineer’s toolkit, do we now find ourselves in the unenviable position of not being able to use the very tools we have designed to analyze and fix our systems? Possibly, and maybe is the answer.

If we write a python script to analyze a transport stream recorded on a stand-alone laptop then it’s unlikely to cause any security problems. But if the same laptop is on the broadcast infrastructure network then a compromised or rogue script could suddenly have access to the whole system. This may sound a little pessimistic but if it’s the same laptop that is being used for general web-surfing or email access and not much attention has been paid to virus detection, then all bets are off.

Through a combination of ITIL processes and change control, IT has been working to improve procedures to keep computer systems operational and secure. This is one of the reasons it’s really difficult to connect a USB memory stick to a well-designed IT infrastructure (and if it’s not, it should be).

With all this in mind, it’s easy to see that security has now extended well beyond the physical door key-lock systems with swipe cards and biometric entry. Although software tools provide a fantastic opportunity for engineers to analyze and fix IP broadcast infrastructures, we should always have one eye on IP security when we do this.