Following a spate of high profile attacks, broadcasters and multimedia companies are taking action to prevent severe and potentially irreversible damage being caused to their assets, content and business models.
This growing activity was noticeable at the September 2017 International Broadcasting Convention (IBC), the leading broadcast industry event held every year in Amsterdam. An unprecedented number of senior executives from major broadcasting and multimedia companies and from IT security solution providers addressed closed sessions, panels and conferences to highlight the threats facing the industry and to present possible answers and solutions.
Standards developed by ISO/IEC JTC 1/SC 27: IT Security techniques, a Subcommittee of the Joint Technical Committee set up by the IEC and ISO for Information Technology, are central to protection against cyber threats.
Multimedia companies face another issue: safeguarding their work from unwanted copying and distribution outside approved frameworks. A number of Standards for digital rights management (DRM) have been developed by IEC Technical Committee (TC) 100: Audio, video and multimedia systems and equipment, and by ISO/IEC JTC 1/SC 29: Coding of audio, picture, multimedia and hypermedia information, to limit the usage of digital content and devices in such a way as to protect rights owners.
For centuries, political authorities and other institutions everywhere have clamped down to prevent the publication of newspapers, pamphlets and books or works of art such as films or plays, for reasons that include threats to public order, national security or indecency. Electronic media has supplied a new dimension to the distribution of news and cultural content across borders, bringing new challenges.
Many countries started broadcasts so as to reach their nationals in overseas territories and enable them to maintain links with their home country (Netherlands, 1927; France, 1931; Great Britain, 1932; Switzerland, 1935). Vatican Radio started disseminating religious broadcasts in 1931.
For other countries, the main purpose of transnational foreign language broadcasts was to spread propaganda abroad (USSR, 1929; Germany, 1933) or to undermine other countries’ influence in some regions of the world (Radio Bari in Italy, 1934). Countries that felt threatened were persuaded in their turn to broadcast to foreign audiences so as to counteract propaganda and/or promote their cultural achievements.
The Second World War, and later on, the Cold War, caused a massive expansion of such broadcasts, the emergence of clandestine and “black propaganda” outlets and the jamming of any foreign broadcasts viewed as damaging national interests. The USSR reportedly operated some 2 500-3 000 jamming transmitters in the 1980s.
During conflicts, broadcast media are routinely targeted. According to Serbian officials, North Atlantic Treaty Organization (NATO) forces fired more than 1 000 missiles at Serbian broadcast media facilities in 1999 during the Kosovo war, causing dozens of casualties. Broadcast media are also often among the first targets during coup attempts.
Digital technologies have radically transformed the way broadcast and multimedia content is collected, produced and delivered. Interconnection and distribution via electronic networks have opened up new avenues, enabling a multitude of perpetrators (not always easily or quickly identifiable) to attack content producers and distributors for a wide variety of reasons.
A number of serious breaches have led broadcast and multimedia companies to look for solutions in preventing attacks and, failing this, for mitigating their impact and allowing recovery. In addition to implementing existing standards or recommendations, these companies develop new ones, set up guidelines and increase cooperation and coordination between operators at national or regional levels and between trade organizations.
High-profile cyber attacks have hit a number of broadcasters and entertainment companies in recent years. The following examples reflect the scope of the threats, the nature of the attacks and the range of possible perpetrators and motives:
The possible motives of these attacks range from inflicting financial and reputational damage, disrupting normal operations and extortion to destroying installations or testing new forms of cyber attacks to target more important assets at a later date, as is believed to have been the case in the TV5Monde attack.
Finding out who lies behind the attacks can be a lengthy process that requires extensive forensic analysis of data to yield tangible results. The modes of attack may give an indication as to the motives and the perpetrators, but the evidence often comes well after the attacks and the suspected perpetrators are likely to deny the findings.
The Larson Studios breach appears to have been the result of a random attack from hackers who “were basically just trawling around to see if they could find a computer [running an older version of Windows] that they could open”, according to the company’s chief engineer. The motive was obviously extortion. The same opportunistic mode of penetration is observed in cases of ransomware when unsuspecting employees open a malware-infected file.
Investigation into the Sony Pictures attack indicates that the hackers had penetrated the company’s network – which had been breached dozens of times in previous years – some weeks, or even months, before the malware was activated. US official sources attributed the attack to hackers linked to the North Korean government, a claim denied by the latter. There was no demand for a ransom, but the attack resulted in major disruption and significant financial losses.
The TV5Monde attack is particularly interesting and important as it targeted a broadcaster. Broadcasting installations are now considered to be integral parts of the critical infrastructure in countries including the US, UK, France, Germany and the Netherlands. According to ANSSI, which gave details of its findings some two years after the TV5Monde attack, it was carefully prepared and was initiated nearly three months before its effects became obvious. In late January 2015, attackers penetrated the broadcaster’s IT network, mapping its infrastructure and analyzing its vulnerabilities before launching their attack on 8 April. They even went as far as leaving traces of known malware in the system to mislead investigators. TV5Monde Director General Bigot told the BBC that the investigators were able to prove only two things. Firstly, that the attack was designed to destroy the channel, and secondly, that it was linked to a group called APT28, also known as Fancy Bear, one that is reportedly linked to Russia’s military intelligence service, the GRU. Bigot said that the investigation would be unable to answer two questions: “why TV5Monde?” and “Who gave the order and the money to that Russian group of hackers to actually do it?”.
Broadcasters and multimedia companies are now working together to face an existential threat and critical disruptions to their business models. They rely on well-established IEC and ISO/IEC JTC 1 Standards and on recommendations and guidelines developed by broadcasting and multimedia companies and trade bodies. These companies work closely with national security agencies and IT security solution providers. They have set up a number of collaborative bodies and structures and have developed tools to face threats.
The European Broadcasting Union (EBU), an alliance of public service media organisations, which has 73 members in 56 countries in Europe and the Middle East, and 33 associate members in Africa, Asia and the Americas, has established a Strategic Programme on Media Cyber Security (MCS). As of 1 January 2018, the EBU had published six cyber security-related “Recommendations”, covering a wide range of domains that include best practices and minimum cyber security requirements for media companies, broadcast systems, software and services, as well as cloud security or mitigation of ransomware and malware. These recommendations refer to a number of ISO/IEC Standards, for IT Security Techniques, such as ISO/IEC 27001:2013, ISO/IEC 27002:2013 , ISO/IEC 27017:2015 or ISO/IEC 27018:2014.
The EBU also organizes workshops, seminars and webinars that bring together its members, vendors and service providers to address cyber security issues.
The Digital Production Partnership (DPP), a media industry business initiative founded by the UK's public service broadcasters: BBC, Channel 4 and ITV, brings together broadcasters, production companies, distributors and trade associations. The DPP, which has formed a partnership with the North American Broadcasters Association (NABA), has set up a Committed to Security Programme, which, it believes, “will help reduce the likelihood of content loss or theft”. The DPP awards a ‘Committed to Security Mark’ to companies that meet a number of standards listed in its broadcast and production checklists, which include ISO/IEC 27001:2013.
One of the DPP members, the Association for International Broadcasting (AIB), the only global alliance of media companies that deliver, or support the delivery of, cross-border and multi-platform international broadcasting, set up a Cyber Security Working Group to help share information and expertise about existing cyber threats to media companies.
Protecting broadcast and multimedia assets and content is a task that calls for collaboration between a multitude of stakeholders to develop standards and best practices. They also share warnings regarding threats and exchange advice and solutions for deterring and detecting cyber threats as well as defending against them, mitigating their impact and recovering from them in cases when defences have been breached. Implementing the relevant IEC and ISO/IEC JTC 1 Standards is essential if these objectives are to be achieved.