Page 43

FEATURE an attack of some sort towards either an enemy or anonymous person.” PROTECTING THE BRAND Anyone who knows Google well can download a script and write their own crime. The EBU Cyber Security group has been working hard for four years already, and consists of executives from 17 EBU members. “They are not just security analysts. They are chief informational security officers, and not only do they have the technical knowledge they also have the responsibility and authority to enforce recommendations and policies. We exchange on best practices, and discuss issues common to all broadcasters,” explains Kouadio. “We have created a highly trusted platform, and second we have identified the holes in the available standards. They were very broad and wide so we had to create tailor-made recommendations that fill the purposes of media/broadcast companies,” he adds. This involved work around securing media companies and their services, and on governance in terms of the structure of cyber protection within a media organisation. Look for the EBU recommendations on secure infrastructure, cloud services, and minimum testing for network media devices. The next advance for the JTNM Roadmap will involve the assessment of devices as ‘Interop’ tests. The EBU cyber security group has been in discussion with the Digital Production Partnership (DPP) for some time, but works mainly with the North American Broadcast Association (NABA), and with the World Broadcast Union (WBU) for more collegiate type recommendations. Looking at other trade bodies, Kouadio says: “Each organisation tends to do the same, and some of them just jump into the cyber security boat for marketing purposes; they find a new way to re-brand themselves. That’s actually the truth. “Some organisations are focused only on one specific aspect of cyber security. The MPAA initiative for instance is really about content protection, which is the core of its business,” he adds. “But for the EBU and its members it is not only about protecting content. It is also protecting the brand, protecting the services, and it also encompasses every single aspect, every tool you are using in producing media, from the devices you buy from vendors to the launch of new services and the development of new software codes.” HACKING THE DEVICE The joint recommendation EBU R143 (security

requirements for vendor systems) involved the EBU, AIB and WBU working together. Another EBU group is looking at 50+ broadcaster new build projects, many being green field sites. In transition are these sites more vulnerable than the public cloud? “Adopting IP and virtualisation opens the door to potential cyber threats but the project managers are very aware of this security issue,” says Kouadio. “They are the prime users of our recommendations, and ask for new specification processes because they are trying to make sure that every protocol they select for their next workflow, and their next infrastructures, are minimally secured. “But you cannot be 100 per cent secure all of the time. There will always be a way to hack you so you just need to be aware and not make it easy for attackers to hack your services,” he adds. “Counter measures should include an incident response team that reacts as soon as you detect a potential penetration.” Cyber security is not a one-stop shop or one tick in a box type thing. Kouadio moves on to differentiating between the vendors offering watermarking and fingerprinting protection for content via OTT, and the broadcast world: “Broadcasters do have their own online platform as well, but the other side of the issue is the vendor devices used to stream, encode, edit content, and to play out. Are they secured? Pirating content is one thing but hacking the device that stores the content or plays it out is completely different. It has a different and devastating impact on the brand. The French TV5 disaster and many other attacks have focused on servers used to stream, edit and play out, servers hosting web sites, and VoD. What exactly is the EBU fighting? Kouadio says: “We are trying to bring everyone together with our recommendation R 143. How can you assure the user that a device or cloud service you are selling to him is actually secured? The more we go towards cloud and cloud services, even public cloud services, the more these issues become relevant.” The EBU created the recommendation R-146 for cloud media services. This is where the Cloud Security Alliance comes into the picture; this body runs the CSA STAR certification, a way of creating a list of security features that should be enforced - via a rigorous third-party assessment of the security of a cloud service provider. Kouadio, who describes the CSA and its ratings system as ‘nice’, says: “This is another organisation that will become more relevant to our domain in the future. If you tap into the cloud and you need to have some kind of harmonised security level there may be room for some EBU work there too.” n

TVBE JULY / AUGUST 2018 | 43

42 43 Feature George DDP_V2 JP.indd 2

17/07/2018 12:58

Profile for Future PLC

TVBE July / August 2018  

TVBE July / August 2018