Securing EAS

The nation’s radio and TV broadcasters in September, participated in the second national emergency alert system test initiated by FEMA; by most reports, the second goround went far more smoothly than the first. While there were a few mishaps, the software and FCC reporting system worked well for the vast majority of stations.

Despite the plethora of information sources available to consumers today, the broadcast emergency alert system still provides the most important central conduit of critical information in times of crisis. Time after time, during even the most recent weather emergencies, the vast majority of citizens still turn to their local broadcasters for information that can save lives. This is not to say that federal, state and local agencies are not using social media outlets such as Twitter and Facebook to disseminate news and information; the fact is, they are. However, broadcast still remains the most reliable source, especially in light of the DYN DDOS attack that occurred last month that resulted in the shutdown of hundreds of websites and services, including prominent sites such as CNN and Twitter.

While the threat of cyberattacks has been a prominent item of debate for several years now, this attack represented the largest of its kind in history and some term it as a “dress rehearsal,” illustrating just what could be in store in the future. Cybersecurity is one of the most discussed topics of concerns among broadcasters, whether it’s the threat of piracy, blackmail or other nefarious intentions. However, EAS represents, perhaps, the most important concern for the simple fact that lives and property are at stake.

The FCC has been laying the groundwork for establishing security standards and protocol for the nation’s critical communications infrastructure for several years now and has established the Communications Security, Reliability and Interoperability Council, which is now in its fifth incarnation. I recently spoke with Kelly Williams, senior director of engineering and technology policy, who represents NAB on the council and has taken the lead on cybersecurity for EAS at the association.

Williams has been working with industry colleagues, including Chris Homer, vice president of operations and engineering at PBS to “translate” an approach from the National Institute of Standards and Technology (NIST) to take its framework of checklists to conduct a risk assessment for the TV and radio broadcast plant.

“Essentially it says, ‘Go through and look at your network—in our case your plant— and decide which of these things is most vulnerable,’” he said. “Make some decisions on your risk tolerance and what you’re going to do about those risks.”

Williams has been talking to broadcasters around the country and conducting webinars through NAB’s Pilot arm to learn more about how local broadcasters are securing their EAS systems. Many of the mistakes are basic common errors that can be easily addressed.

“A large amount of cyber breaches are based on really common, basic things, such as having a password that is the admin’s first and last name,” Williams said, adding that when you receive a new piece of equipment, change the password to something other than “admin” or the station’s call letters. “You go a long way just by doing good hygiene,” he said.

Since almost everything in the broadcast plant now runs on computers, the software running on those computers is the most vulnerable element for attack. Most broadcasters are keenly aware that the broadcast IT and business IT systems within a broadcast station should be silo-ed and separated; however communications between broadcast engineers and IT departments must be improved to keep an open line of communication.

“Most of the broadcast engineering and technology guys know about the website people, it’s just the website people have no clue what’s going on on the broadcast side of the house,” Williams said. “They’re equally as vulnerable.”

While consolidation has helped standardize security protocols, awareness still need to be stressed across the board, from the receptionist to the CEO, especially when it comes to email. “Don’t click on cute kittens,” Williams joked.

Cybersecurity, especially for the nation’s critical communications infrastructure is no laughing matter, however. Williams stressed that hacks are not a matter of if but when. And don’t think that just because you’re a small station in a rural area, that you’re not a target.

“This is not the kind of thing that you think, ‘Oh, I’ll be lucky, nobody wants to hack me because I’m just an insignificant little TV station,’ that is just so not true,” Williams said. “It’s absolutely going to happen.”

For more on NAB’s cybersecurity initiatives, visit: http://nabpilot.org/author/kellywilliamsnab/.

Tom Butts

Tom has covered the broadcast technology market for the past 25 years, including three years handling member communications for the National Association of Broadcasters followed by a year as editor of Video Technology News and DTV Business executive newsletters for Phillips Publishing. In 1999 he launched digitalbroadcasting.com for internet B2B portal Verticalnet. He is also a charter member of the CTA's Academy of Digital TV Pioneers. Since 2001, he has been editor-in-chief of TV Tech (www.tvtech.com), the leading source of news and information on broadcast and related media technology and is a frequent contributor and moderator to the brand’s Tech Leadership events.