Cybersecurity for Broadcasters

A conversation with Cynthia Brumfield on NAB's new Broadcast Cybersecurity Certificate
Author:
Publish date:

As our industry transitions to IP, perhaps the most common concern (after cost and interoperability) among broadcasters is security. Today’s headlines are full of cyberattacks, both in the private and public sectors. When content is king, securing that content and protecting your investment are paramount.

Even the road to ATSC 3.0 is pockmarked with concerns over security. In a recent interview with TV Technology, Mark Aitken, senior vice president of advanced technology for Sinclair Broadcast Group and one of the most vocal proponents of the Next Gen TV standard, addressed this issue.

Cynthia Brumfield

Cynthia Brumfield

“I think in a couple of months there will be an announcement of industry alignment and cohesion around a content protection solution” for ATSC 3.0, he said. “And I would venture to say it will be supported by the consumer electronics industry, broadcasters and the MVPDs. If you don’t have that, you’re not going to sell ATSC 3 sets into a marketplace.”

The NAB has been involved in cybersecurity issues for broadcasters for several years and last year launched an online Broadcast Cybersecurity Certificate Program intended for engineering and IT staff.

The program is designed by DCT Associates Senior Analyst and President Cynthia Brumfield in order to reflect the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity released last year.

The six courses will cover:

• Cyber Risk Planning and Management
• User and Network Infrastructure Planning and Management
• Developing a Continuity of Operations Plan
• Tools and Techniques for Detecting Cyber Attacks
• Incident Response and Management During a Cyber Attack, and
• Lessons Learned: Recovering From a Cyber Incident

I had a chance to talk with Brumfield recently about the new program and what unique challenges face broadcasters in protecting their assets—including both content and distribution—in an IP world.

For broadcasters, protecting your content first requires a thorough inventory of what you’re protecting, particularly on the hardware side, she said.

“You can’t make secure what you don’t know you have,” she said. “Every organization needs to figure out which of their assets would be pertinent to protecting, from a cybersecurity perspective.

[Read: Cybersecurity: What Execs Should Know]

“There is a host of assets that are unique to the broadcasting industry, which we outline and list in the course,” she continued. “You might not think of certain pieces of broadcast equipment as being part of a cybersecurity set of assets, but we want to make sure the broadcasters understand that in addition to making sure you have your PCs and your printers and your modems and everything else secured, you also want to make sure you have cameras secured and controllers and audio log equipment and all kinds of things that would be unique to broadcasters.”

Brumfield emphasized that the courses cover the entire chain that is affected by IP, meaning protecting content and hardware within the broadcast plant as well as when it leaves the facility.

The FCC too has been involved with helping to establish cybersecurity “best practices” for broadcasters for several years. It took its cue from the NIST, which in 2015 released guidelines that put cybersecurity into a comprehensive framework that applies to the public sector but are also being adopted by many in the private sector as well. Brumfield noted that the guidelines are “not a requirement, just a recommendation.”

The complexity and fast-changing world of cybersecurity can present challenges to every enterprise, particularly for small and mid-market broadcasters, who may not have the financial resources of its larger market brethren. While it won’t get into the intricate details of protection of cyber attacks, the NAB course will provide the framework for broadcasters to understand the priorities, she said.

“You need to know what you have; you need to know how you’re protecting it; you need to keep all of the stuff updated; you need to make sure there’s communication in house when incidents occur,” Brumfield said. “You need to establish practices before an incident occurs on how you’re going to manage it.”

For more information on this program for both television and radio broadcasters, visit www.pathlms.com/nab/courses/9683.