Part one in a two-part series focused on network security in the broadcast industry.
On November 22nd 1987, viewers in Chicago watching WGN-TV's nine o'clock news were interrupted by a strange character appearing on screen. The attacker, wearing a Max Headroom mask, had hijacked the studio link. The event lasted for less than a minute, and was the first widely publicized hack of a broadcast TV station. The hacker has never been identified.
Fast forward 30 years and the threat posed to broadcasters and content owners has multiplied based on a simple fact - today there are many more ways into a broadcast TV station than in 1987.
In the Past
- C-SPAN, the television channel best known for broadcasting live proceedings on the floor of Congress, was hijacked by a broadcast of a Russian propaganda television network. Although C-SPAN claims that it essentially hijacked itself due to some kind of internal error, that claim is facing widespread skepticism.
- On MSNBC, during a live broadcast of Hardball with Chris Matthews, a Washington Post reporter was made to appear to be repeating the word "Russia" over and over again, saying it at least thirty times in rapid succession.
- French international broadcaster TV5 Monde fell victim to an unprecedented attack by a group of Russian hackers. Within a few seconds, all of its channels stopped broadcasting, and it lost control of its sites and social profiles.
In a typical playout facility just a few years ago, the only networked equipment was a pretty simple automation system. The only way into it was the daily download of a playlist from traffic, usually onto floppy disk. Advancing technology soon added video servers alongside tape machines, initially capturing video from sources like line feeds and studios. Soon they became networked and file transfers became common place. Initially this was on the station LAN, but soon advances in technology saw broadcasters open up to receive file-based media available via the Internet.
It's not just video files that opened up playout. Our demand for rich graphics linked to social media requires real-time connections to moderated data. While these connections are designed to be secure behind firewalls, in truth each one is another route, another opening, into what was previously a closed system.
Now the talk centers on IP
as the means for contributing and distributing video, starting with the replacement of SDI and potentially opening up yet another route that can be compromised.
Over the span of 30 years, a typical playout facility has gone from being a remote island to being more akin to a beach resort with interconnecting bridges.
Why Does this Matter?
Don't we all take precautions and design our networks around best security practice? We like to think we do, but have we really considered the magnitude of the threat? The TV5 intrusion
is estimated to have cost 4.6 million Euros initially and an anticipated further 3.1 million for additional protection. And the lost productivity and costs in efficiency are even greater.
In other industries it is understood that for every publicized hack, denial of service or leak of personal data there are ten more you never hear about. By that measure many of us within the broadcast industry must have experienced the sinking feeling of losing control of our critical broadcast infrastructure, perhaps pulling the Ethernet cables from switches in a desperate attempt to repel the intruders, just as the engineers at TV5 did.
Ready or not, TV is an attractive security target and there is a new breed of shark circling our broadcast islands, testing every net looking for a weakness and a way in. Our biggest mistake would be to assume we are safe and do nothing.
Part two of this series will discuss the risks from the perspective of the broadcaster, the consumer and the hacker, and review steps you can take to increase your protection.