Using broadcast spectrum for software updates

In an era of cybersecurity intrusions, Next Gen TV developers are looking at how to secure the all-IP ATSC 3.0 signals, which are a potential delivery vehicle for Internet of Things (IoT) services. Whether to fixed devices in the home, smart cars in transit, wearable products, public-space advertising or “smart city” capabilities (such as transit routing and in-vehicle infotainment), local opportunities abound, as IoT enthusiasts continue to demonstrate.

Although the emerging fifth-generation (5G) wireless technology is angling for a dominant role in IoT applications, some broadcasters see significant roles for Next Gen TV—and they recognize that security and privacy are crucial to establishing IoT services.

In addition to the wireless telco visions for IoT, Dish Networks is expected to use its spectrum assets by building a dedicated IoT network. When Dish Co-founder Charlie Ergen resigned as CEO in late 2017, he said he’d concentrate on building a NarrowBand IoT (NBIoT) network using spectrum Dish acquired in a $6.2 billion spending spree that created a near-nationwide footprint in the 600 and 700 MHz bands.

Kevin Gage, executive vice president, strategic development and chief technology officer at Sinclair-owned ONE Media LLC, told TV Technology that medical data companies have approached ONE Media “looking to pair with 3.0 to develop hybrid solutions” for keeping in touch with IoT sensors, monitoring devices and other applications. He said it was especially encouraging that new ventures are looking to broadcast bandwidth for spectrum solutions.

“We haven’t had a robust start-up community in broadcasting,” Gage observed about the legacy relationships of TV stations. “Our goals with 3.0 are to support the security needs of any new business or industry that wants to make use of 3.0 as a delivery or communications service.” He emphasized that ONE Media’s objective is to “adapt already proven and approved security solutions from new industries to 3.0.”

‘INTERNET OF THREATS’?

At the same time that the IoT business cases are being built, legislators and regulators—from Capitol Hill to the Federal Trade Commission to the National Institute of Technology and Standards, among others—are accelerating their efforts to figure out how and what they should do to assure secure use of IoT systems. On overlapping days, NIST ran its second annual workshop on “enhancing resilience” of IoT and other parts of the “communications ecosystem” while the FTC’s third annual PrivacyCom conference again featured warnings about smart TVs in the privacy/security scenario, Barely a week earlier, Sen. Ed Markey (D-Mass.) and Rep. Ted Lieu (D-Calif.) were talking up their Cyber Shield Act of 2017 (S.2020 and H.R.4163) at a Capitol Hill seminar sponsored by the American Enterprise Institute.

Collectively, the policymakers explained that they want to make sure consumers can trust IoT products and services. Markey and Lieu’s legislation would create a voluntary cybersecurity “seal of approval” (probably administered through the Commerce Department) for IoT devices; one objective is to create product labels (physical or digital) to show consumers that products—ranging from baby monitors to phones, laptops and other networked items—are safe from intrusions.

At the AEI event, Markey warned that every IoT device (which he repeatedly called “Internet of Threats”) is “something that can be compromised ... in ways that people don’t think about but they should.” He said the proposed legislation would “create a roadmap of improvements for manufacturers and their devices.”

SPECTRUMCO AFFIRMS NEED FOR SECURITY

SpectrumCo LLC President John Hane acknowledged that “some IoT applications require extremely high levels of security.”

John Hane

John Hane

“We expect to support industry standard security and authentication protocols, and proprietary solutions of our customers,” said Hane, who in February was hired to run Spectrum Co., LLC, the ATSC 3.0 spectrum consortium founded by Sinclair Broadcasting Group and Nexstar Media Group.

Hane said SpectrumCo’s platform will be able to enhance security in several ways. “One of the biggest challenges of IoT security is updating the firmware of so many devices in so many locations,” he said. “As vulnerabilities are found, they have to be patched, and fast. SpectrumCo’s low-band broadcast platform will allow our customers to update devices at a small fraction of the cost of cellular updates. Even where wireless or wired connections already exist, a redundant path can provide an additional layer of security.”

READY FOR IOT CYBERSECURITY CHALLENGES

Against this backdrop and the growing promise for IoT systems, ATSC 3.0 developers believe the new standard is ready to handle security challenges, according to technologists who have worked on Next Gen TV.

“ATSC 3.0 specifies use of encrypted data on the internet," said Adam Goldberg, principal of AGP, LLC and chair of the Technology Group 3 Specialist Group on ATSC 3.0 Security. “It also specifies use of cryptographic code signing which allows devices to verify that software updates (or other software) was created by trusted parties and not by hackers.”

Goldberg also pointed out that the 3.0 standard’s A/360 (“Security and Service Protection” layer) calls for use of Transport Layer Security for encrypted internet communications, “with an eye toward greenfield implementations.”

“This is useful for IoT,” Goldberg added because A/360’s code signing “is rather vital for IoT” implementations such as online updates.

Dr. Richard Chernock, chief science officer of Triveni Digital and chair of Technology Group 3, which guided 3.0 creation, also acknowledged the potential massive scale of IoT.

Dr. Richard Chernock

Dr. Richard Chernock

“IoT implies the need to communicate with a very large number of devices,” Chernock said. “When the same information needs to be sent, then broadcast economies-of-scale come into play. Sending common information to millions of devices takes no more resources than sending to hundreds of devices. This is useful for things like firmware updates.”

CHALLENGES EXPECTED

At the NIST workshop, Lisa Carnahan, Manager-Interoperability Group at NIST’s Information Technology Laboratory, urged the IoT industry to identify a model to manage and reduce cybersecurity risks, focusing on the need to align IoT security with consumer expectations and other market considerations. Warning that “the alternative is regulation,” Carnahan emphasized the value of inter-industry collaboration to understand and agree upon the approach to security protection.

Overall the NIST workshop focused on botnet threats and was part of a “conformity assessment process” as the agency prepares a report to the White House on automated threats to IoT and other systems. Other NIST speakers emphasized that the government prefers voluntary industry protections rather than regulatory mandates.

Chris Boyer, assistant vice president for global public policy at AT&T, urged the industry to create security guidelines for IoT devices, modeled on another NIST framework for cybersecurity standards. He cited the “need to do something similar to what we did for the NIST Framework for IoT, that we can promote internationally.”

“I think it’s very important to get our arms around how we deal with IoT in the U.S., because other countries are aggressively pursuing IoT standards and guidelines,” Boyer said.

As with many IoT conferences, the NIST program eventually moved toward the “liabilities”—that is, who in the value chain would bear the burden of problems created by IoT flaws or security intrusions.

[Disney Studios Partners With Accenture to Assist With StudioLAB]

Meanwhile, the Consumer Reports/Consumers Union presentation focused less on IoT than on other data-related aspects of TV technology. The presentation repeated the CU mantra that there should be greater protections from the data-collecting capabilities of smart TVs.

Katie McInnis, Consumers Union’s Washington office, explained that, “as more consumer devices contain smart or connected functionality, these devices may collect or share information in ways consumers may not expect — or otherwise limit or compromise a consumer’s control over their purchases.”

She also offered a peek at the results of the television study that Consumer Reports Online will publish later this year.

“While we will not be scoring the televisions using traditional Consumer Reports ratings,” McInnis said in prepared remarks, “we will indicate which televisions performed generally better or worse according to our metrics.”

At the AEI seminar, Rep. Lieu also called for a cautious approach to IoT regulation.

“The reason we’re not very specific in this statute is [because]... when it comes to technology, government should have a very light touch,” Lieu said, emphasizing his expectation that that industry will “self-regulate.” He explained that the voluntary program established by the proposed legislation would rely on a commission of diverse experts to set standards.

Gary Arlen is president of Arlen Communications LLC, a research and consulting firm. He can be reached at www.ArlenCom.com

For a comprehensive list of TV Technology’s ATSC 3.0 coverage, see our ATSC3 silo.

: