Part two in a two-part series focused on network security in the broadcast industry.
To continue Scott's analogy from the last post, broadcast facilities may have once have been isolated islands, but today they are solidly linked by the bridges of technology. Let's look at why this connectivity is an advantage, the risks it brings, and what we can do to minimize them to pull up the drawbridge! We will look at three points of view: the broadcaster's, the consumer's, and the hacker's.
Why is Connectivity Good?
From a broadcaster's point of view, connectivity means the ability to create and distribute content faster, as well as to deliver it on a variety of screens to a growing base of consumers.
For example, websites and mobile applications help broadcasters increase their relevance in the eyes of the consumer, who in turn gains a greater amount of content. This widened consumer reach drives stronger advertising growth.
From a consumer's perspective, interconnected broadcasts make additional content and services available whenever, wherever and however they want. Content is always available anywhere, anytime.
From a hacker's point of view, this connectivity introduces another target to conquer. There are a range of nefarious motivations for doing so:
Who's a Target?
- The hacker could bring down the network and encrypt the broadcast files for ransom.
- Hackers could manipulate broadcasting content, as a group of pro-ISIS supporters did in the TV5MONDE incident last year.
- Finally, they could steal customer data for member subscription services and then either sell victims' identities or use their credit card data for fraudulent purposes.
Let's begin with consumers. If a broadcast is hijacked, viewers lose their source of entertainment and education. Some might argue that this is not so awful for the couch potatoes out there. But broadcasting does fulfill certain vital functions.
For example, broadcasters are a critical player in the emergency alert system. If a broadcast is not available during an emergency, thousands if not millions of people might lack the necessary information to prepare for a potentially life-threatening situation.
And broadcasters could lose millions of viewers to other channels in the event their services are not available. This can translate into lost consumer confidence and advertising revenue.
What to Do?
Protecting your current IT environment is critical because the hacker can enter on that bridge and traverse to a production environment that has IP connectivity. Some may say the firewall will protect this from happening. That is true in most cases, but there are exceptions such as insider threats. In those cases, the bad guys are already inside the firewall.
Attackers can get in via other paths too, such as your production staff clicking on a phishing email, inadvertently downloading some malware from a malicious website, or loading up a malware-ridden application on an USB stick.
You need ongoing, automated monitoring of all IP assets and foundational controls to detect threats faster and with more precision.
Governments are very concerned about broadcasters and their digital security. In the United States, for instance, the FCC has recommended that broadcasters strive to align their policies with the NIST Cybersecurity framework. Tripwire has an answer
to this recommendation, and its sister company Grass Valley is also taking steps
to protect evolving production systems.
Former FBI Director Robert Mueller may have said it best: "There are only two types of companies: those that have been hacked, and those that will be."
No industry is immune to cyber threats. Broadcasters, like all industries, need ongoing security awareness training for management and employees. The benefits of moving to IP are tremendous, and must be weighed with the associated risks. To counter known and unknown threats, security must be woven into our DNA.