State of the Nation - part 1


Dick Hobbs - new TV-Bay Magazine
Read ezine online
i
Imagine you are the director of the Champions League Final, knowing that 200 million people will be watching your every decision. Or you're directing the Eurovision Song Contest. Or even, to be honest, the Tunbridge Wells local news opt out.

And at live minus 30 seconds, all the screens in the monitor wall suddenly go black then show a demand, in broken English, for 300 Bitcoin.

Scary. And exactly what happened across the UK National Health Service a few weeks ago. Patient records; operating lists; drug orders - all lost to the WannaCry virus.

Now imagine you are the ITV channel controller. It's Saturday evening, you have a fantastic schedule planned which is going to wipe the smiles off all the other competing channels. And then the playlist disappears from the machine controller, and the asset management system goes blank. You remain cool and calm, because you know that the disaster recovery site will be up in a second or two, and the main site will be rebuilt as soon as the power comes back.

If you were working for British Airways a few weeks back, then again you will actually know what this feels like. The official line, touted by Willie Walsh, CEO of parent company IAG, was, to put it simply, someone pulled the plug out then put it back in again.

"What caused the damage," he said, "was that power was restored in an uncontrolled, uncommanded fashion. There was no IT breach, there was no data loss, there was no data corruption."

Well, not entirely true. There was no data at all for many hours, and recovery took many days. No-one is saying why there was not an immediate failover to a disaster recovery site. The airline has two data centres, although they are relatively close together, east and west of Heathrow.

I am absolutely certain that no broadcast engineer reading this column would design a mission critical system without a hot standby site which can take over more or less instantly. Or design it without an uninterruptible power supply. Or locks on the doors to ensure that the power supply remains uninterruptible.

(There is a famous story of a data centre in another industry which had a diesel generator as back-up. Like good people they tested the system regularly and the generator started up perfectly every time. It was only when they had a real power cut that they discovered that the starter for the diesel was mains powered)

We are used to physical security. We are comfortable wearing passes around our necks and swiping in to restricted areas. It is just common sense. But IT security is new. The latest IABM broadcaster survey found that 75% see cybersecurity as a key issue for the future. And many of us simply do not understand the issues - and I am putting my hand up here.

Researchers at the University of Illinois Urbana-Champaign designed a simple experiment to demonstrate the problem. They dropped 297 USB sticks around the campus, each loaded with a little piece of software which reported back when it was online. 48% were picked up and plugged into a computer. Some within just a few minutes of being dropped.

This was just a demonstration, and the software on the stick was not malicious. But it is quite likely that this is exactly the route the WannaCry virus entered the NHS network: someone plugged some unauthorised storage into a networked computer. Does your office have a policy on quarantining USB sticks and disk drives?

Take that thought forward to the future, software-defined, IP-connected media architecture. Now we are not just plugging in random USB sticks, we are actively encouraging software from multiple vendors to automatically log on to the network, authenticate themselves, and handle vital data safely.

Many - perhaps all - of those software vendors will allow their software to "phone home" to check licenses. They will dial in to their software to allow remote diagnostics and fault-finding. There may be automated updates. A lot of uncontrolled connectivity, in other words.

The EBU published a recommendation on cyber-security, R 143, last year. You can read its checklists online. IBC this year features a top-level (CTO invitation only) conference on cyber-security.

In light of this, I asked a couple of the big names what they thought about the issue. Phil Myers of SAM told me "Protection is provided at two levels within the system. At the device level, a 'hardened' secure realtime operating system is implemented to provide isolation protection of all aspects of the device, including the file system and network stack."

Steve Reynolds, CTO of Imagine Communications, expanded on this idea. "The best practice for media companies is the segmentation of networks into zones of increasing trust. In general, critical control systems should be positioned inside isolated media networks, independent logically - and physically if possible - from broad corporate networks."

This is a new buzzword for me. We need to be designing "zones of increasing trust".

"At the COTS network switch level, industry standard protocols can be implemented to secure the network," according to SAM's Myers. He mentioned whitelists of valid addresses, which can be used to control the flow of data in and out of a network.

Imagine's Steve Reynolds agreed, continuing "The logically isolated media network zone can then be further segmented into streaming media flows, automation and control traffic, and file-based workflows, depending on the overall system requirements.

"If you secure operations and have trust elements built into the system, then you can stop an intruder doing anything with the content," he added. "You can never guarantee that something bad will not happen, of course, but it does mean that hackers cannot go to air on your back."

Haroon Meer of Thinkst Applied Research, though, told a recent summit in Qatar that attacks against media organisations become inevitable as the industry becomes more connected.

"Broadcast is at the centre of an almost perfect storm," he said. "It didn't used to matter if you weren't secure because you weren't exposed. You had an unlocked house but it was in a very safe neighbourhood.

"Recently, with convergence and IP, your house is moving into a much worse neighbourhood," he explained. "Breaches will happen. The important question is how you respond."

One suggestion is that you move your operations to someone else's house: put it in the cloud. The general feeling is that the big names in cloud are probably the world authorities in cyber-security, because it is at the core of their business. "There are thousands of people at Google, AWS, Microsoft and the rest with 'security' on their business cards," according to Steve Reynolds.

Keeping your content and your operations secure in the connected world from those who would do you harm is an urgent priority. Clearly, though, it takes money and resources. And the bigger the name, the bigger the reputational damage at risk.

Willem Vermost of the EBU asked "How are broadcasters going to compete in the modern world? Security could be a real block on future developments." Brad Gilmer of AMWA added "business requirements like flexibility and shareability might be conflicting with security, which always has to be the top priority."

And, as Thomas Edwards of Fox so memorably put it, "no-one's ever been hacked over SDI".


Tags: iss126 | iabm | british airways | ransom | bitcoin | cybersecurity | cots | Dick Hobbs - new
Contributing Author Dick Hobbs - new

Read this article in the tv-bay digital magazine
Article Copyright tv-bay limited. All trademarks recognised.
Reproduction of the content strictly prohibited without written consent.

Related Interviews
  • IABM at IBC 2012

    IABM at IBC 2012

  • Quantel at IBC2011

    Quantel at IBC2011


Articles
REVIEW Canon UJ111x8_3B UHD Lens
Andy McKenzie Shooting in ultra high definition and high dynamic range has become the preferred option for all television productions with a potentially long commercial life. The hir-ing charge and indeed the outright purchase cost of cameras of this standard are not significantly greater than those of high definition standard dynamic range models. With half the world's news reporters now able to capture UHD video on their mobile phones, why give the production crews anything less?
Tags: iss139 | canon review | uj111x8 review | lens | zoom | digisuper | uj90x9b | hdtv | ccu | Andy McKenzie
Contributing Author Andy McKenzie Click to read or download PDF
The Future of Broadcast Connectivity
Jamie Adkin The use of KVM equipment has been essential to meet the evolving needs of the broadcast industry for many years. Over that time, many in the industry have recognised the importance of using IP-enabled KVM to break down technological barriers and enable real-time access to visuals wherever and whenever they’re needed. These components are vital parts in live production environments in particular.
Tags: iss139 | adder | kvm | ip kvm | Jamie Adkin
Contributing Author Jamie Adkin Click to read or download PDF
Undercover Remote Production
David Bradley

It’s only taken 20 years and it seems that Remote Production is finally coming of age, but it now requires far more cameras than anyone envisaged back in the last century!

The move to remote production is one of the unstoppable trends of 2019 and moving into 2020. Our CamBall cameras pioneered remote working as early as 2003 with sport and wildlife programming using remote production for many years with incredible results.

Tags: iss139 | ptz | br remote | 5g | remote camera | atlantic productions | camball | camball4 | David Bradley
Contributing Author David Bradley Click to read or download PDF
To Remotely Go - TVFutures
Michael Parsons One of my biggest concerns as an academic responsible for the education of hundreds of students is the ‘appropriateness’ of much of the technology we purchase and implement within the curriculum. The last few years have seen tremendous change in all sorts of technologies, and the broadcast industry is just one sector that has seen some significant leaps in innovation.
Tags: iss139 | university | portsmouth | graduation | guildhall | newtek | streaming | pxw-fs7 | ndi | ip | ndihx ptz camera | Michael Parsons
Contributing Author Michael Parsons Click to read or download PDF
Post Production - Keeping Track
Alex Macleod One of the most important things to consider when beginning a new edit, is keeping track of where all your various media assets are - not only their location on whichever storage drive you chose to work from, but also where you file them away in your project once imported.
Tags: iss139 | premiere pro | editing | shotputpro | post haste | Alex Macleod
Contributing Author Alex Macleod Click to read or download PDF