Once bitten, twice shy – they say. Never bitten, never shy – I say.
A topic of immense value, usually bypassed by broadcasting companies, is that of security. Security and safety hold cardinal importance in any setup, more so – broadcasting. In recent times, many national and international conventions have given paramount focus to security in broadcasting and production, by means of hosting panel discussions and brainstorming sessions to instigate a sense of responsibility in the minds of broadcasters. IBC2019 kicked off with the IBC Executive Forums, bringing together top executives from across the industry to debate loop holes in the system.During a keynote presentation at SMPTE 2019, Jim Helman, CTO, MovieLabs, spoke about the core principles that underpin the organisation’s 10-year vision for the future of cinema, one of which was security. MovieLabs is a non-profit research lab jointly run by Paramount Pictures Corporation, Sony Pictures Entertainment Inc., Universal Pictures, Walt Disney Pictures and Television and Warner Bros. Entertainment Inc.run by major Hollywood studios. According to an IBC report, MovieLabs launched a whitepaper outlining its ideas for improving security as studios move to the cloud. “During the move to the cloud, you will have a number of assets,” said Helman. “With all of these assets, you may no longer have a facility protected by a well-defined perimeter or even a hybrid cloud perimeter. So we need to rethink security and make it more asset-centric, more scalable to address a wide-range of productions. If you have a high-budget blockbuster then you’re going to want to protect those assets, but a smaller regular cooking show may not need the same level of security,” he added.
It is human to presume that a security breach might not happen with oneself, yet, the reality indicates otherwise. The need for security planning is equally applicable to TV, newsrooms, radio stations and other media outlets that can, for one reason or another, be targeted by hackers.
Broadcasters need to make ‘big transformational changes now’ if they are to protect themselves from hackers, Scott Borg, director and chief economist of the US Cyber Consequences Unit, told IBC365. Media organisations are easy targets for cyber hackers, Borg explained at the IBC2018 Cyber Security Forum. Borg cited cyber-attacks on Netflix, Sony and TV5Monde as incidents that have compromised content, shut down infrastructures, and risked brands’ reputation. He said, “For smaller organisations, a cyber-attack could potentially compromise and bankrupt the business altogether.”
Viaccess-Orca, an OTT and TV technology provider, recently hosted a webinar titled, Defining and Executing a Piracy Management Strategy through Cutting-Edge Technologies and Services. The initiative aimed at presenting a set of futuristic services addressing current piracy threats, dynamic and tailored to broadcasters’subjective requirements. By relying dedicated and specialised tools — such as dynamic watermarking, DRM, breach detection, and password-sharing identification — service providers can anticipate piracy risks in advance, instantly identify the source of piracy, and take counteractions. The webinar discussed why media companies should build a piracy-management strategy and protection technologies.
STEP BY STEP
Media organisations need to identify potential risks and tweak their existing infrastructure to better their security stance. For broadcasters, there is nothing more important than the quality, reliability and content uniqueness. A privacy breach can disrupt streaming services, slow video performance, and enable hackers to steal unique content. The ease of access over connected devices on a broadband network is changing the consumption pattern of consumers consuming content – and in turn, posing grave challenges in the face of broadcasters.
These current trends – as well as the trends including cloud-based streaming, IP and linear programming – require that media companies rethink their approach to cybersecurity. While IP-based broadcasting is a favourite and has garnered immense popularity amongst media companies owing to its ubiquitous nature, it is also slightly more vulnerable. Ideally, this situation calls for a concrete locker-room-like solution. But, because control systems are connected to one another, even if one of the links is compromised, the whole network stands exposed. Daily security upgrades and checks work, provided the synchronisation protocols are in place. For instance, a network configuration employing SMPTE ST 2059, which describes how to synchronise video equipment over an IP network, might come in handy. SMPTE ST 2059 is based on IEEE 1588, which is the Precision Time Protocol (PTP) intended for local systems requiring accuracy beyond those attainable using Network Time Protocol (NTP) - for clock synchronisation between computer systems over packet-switched, variable-latency data networks.
While there is no tailor-made approach to achieve safety, a few pointers can aid companies in developing a fool proof yet customised security plan.
• Every end-point across the distribution cycle needs to be assessed, validated and secured. Companies need to ensure their content is protected on ground and in transit, and everything is encrypted. Multi-platform controls are especially useful to establish proactive security that limits opportunities for content and other data to be compromised at any stage of the braodcast chain.
• Prevention is better than cure, goes the age-old adage. Multiple layers of security strengthen the security cover of a system, allowing the company time to identify and take action well before the damage is done. Satellite operators make use of a penetrative security framework that includes layered controls, compliance, audit, assessment and an incident-response process.
• In addition to securing all trigger points, it is important for collaborating companies to follow best practices. Media companies need to ensure that each partner in their ecosystem has its security requirements in place.
• A broadcaster should be equipped to handle and detect a breach with minimum lag. This is what will ensure a rapid recovery – which is important to protect the system from getting bitten deeper. The Intelsat EpicNG satellites can rapidly identify, communicate, move and mitigate interference issues – thus limiting the scope and severity of the breach.
• A company may also consider engaging external cybersecurity firms, which are accredited and audited - to heighten their security structure.
CASE STUDY – BISS CA
Recently, BT stepped up its efforts to combat the illegal piracy of premium subscription-based content through a new partnership with video infrastructure company, ATEME. BT used the company’s sophisticated encryption techniques to protect satellite uplinked content securely, and will be offering this technology to its media and broadcast customers around the world to help reduce the number of illegal streams. BT provides the industry with ATEME’s encoder, which uses BISS-CA (Basic Interoperable Scrambling System Conditional Access) encryption. The company first used ATEME’s encoder during BT Sport’s transmission of the FA Community Shield at Wembley Stadium and has continued to be used to protect each of BT Sport’s Premier League live broadcasts this season. TV piracy is an escalating problem, and according to anti-piracy company MUSO, nearly 190 billion visits were made to illegal piracy websites last year alone. Of this number, 5.75 billion came from the UK and 17.4 billion from the US. Piracy is especially prevalent in the sports industry and reportedly costs Premier League clubs around £1 million in sponsorship money every game, according to a separate study from MUSO. As the quality of sporting piracy streams continue to improve and hackers are managing to hide their identity, new ways of protecting sporting content are imperative to secure the integrity of the industry.
ATEME worked with Eurovision Services, a media services provider for media organisations and sport federations around the world, on a proof of concept to trial an innovative watermarking solution during a major international football event in Paris last year. The proof of concept used BISS-CA, an enhanced, secured standard of the BISS protocol with dynamic rolling keys support for encryption, to help broadcasters in the fight against piracy during a three-day trial at the event. BISS-CA managed the In-Band assets and added forensic watermarking to mark each decoder output, so that after transcoding broadcasters could determine the origin of a leak, if it occurred.
“Together with ATEME, we have successfully shown that it is possible to enhance the security of live content during major events using an open, interoperable standard developed by the EBU. This, of course, is an asset for us as it will enable us to protect our client’s live content and ensure that it is only delivered to those who should have access to the content,” said Oscar Teran, head, Technology and Development, Eurovision Services.
In the recent past, the broadcast industry has witnessed a number of threats – the scale of which can be inferred from a report by Digital TV Research indicating that the cost of online streaming piracy will reach $52bn by 2022. Five territories – the US, Russian Federation, Brazil, India and UK – were found to be the most avid consumers of illegal piracy websites, with nearly 50% of visits for TV-oriented content and 20% for the latest movie releases. Parks Associates predicts that in 2021, $9.9 billion of pay TV and $1.2 billion of OTT revenues will be lost to credentials sharing. This calls for immediate attention to ensure a secure broadcast future.