Creating a cyber-secure broadcast infrastructure

Q&A session with Geoffrey Crespin

Geoffrey Crespin is well-versed in cybersecurity matters, having previously worked as a cyber-defense consultant for European governments and institutions, and in the telecommunications sector. He joined EVS in 2020 as Senior Solutions Architect,  helping customers design infrastructures that ensure their assets and workflows are properly secured.  In this Q&A, Geoffrey explains why cyber-security is becoming paramount in our industry and provides expert advice to help you protect your operations throughout the entire production process.

Cybersecurity is a critical component in modern broadcast infrastructures. With the adoption of new work practices, broadcast solutions are increasingly relying on IP networks,  which inevitably leads to a much wider exposure of vulnerabilities to the outside world. And while most sectors face cyber threats on a daily basis, broadcast is considered a particularly fertile ground for some types of attacks due to its ability to instantly reach very large audiences. Causing transmission loss during a live event watched by billions is certainly an appealing prospect for many hackers out there…

Cyber attacks happen every day, at any scale in our industry. Sometimes, there is a clear goal behind an attack, and in some other cases, it is a mysterious motive. Whether it’s malware, ransomware, distributed denial of service, or phishing, the reality is that cyber-attacks are not only increasing in frequency, but also in complexity. And the impact can be extremely damaging.  If broadcasters and media companies fail to protect their infrastructures, they risk undermining confidentiality, their integrity, and availability across the production chain.

With the growth of remote production, the need for content to be widely shared between collaborators in different physical locations, and the increasing number of services running in the cloud,  internet-facing applications are flourishing. These programs are designed to be accessible from within the internal network but also available to the outside world through web interfaces, providing a wider attack surface for cyber criminals. To prevent unauthorized access, companies need to make sure all exposed entry points like user interfaces and interconnections with 3rd parties are fully protected before the application goes live.

No. All workflows and customers are different so the risk factors and needs will also differ every time. However, applying international security standards and following the recommendations published by industry bodies means laying a solid foundation for a future-proof, cyber-secure infrastructure. 

A strong cyber-security strategy begins with a thorough risk assessment of broadcast media assets, using the known security standards as a guideline and talking with users to identify the areas of concern. The next step is selecting the right countermeasures to protect key areas of the infrastructure; this can be done by implementing security controls such as Web Application Firewalls (WAF) or Intrusion Detection Systems (IDS), patching the operating system, fixing vulnerabilities, removing unnecessary software, closing unnecessary network ports, or implementing network microsegmentation for a zero-trust approach to security. Once the risk treatment is completed, companies need to make sure the results are clearly communicated to all users and then perform regular health checks on their infrastructure.

EVS can help companies apply the most critical security controls to keep up with evolving technology, evolving threats, and even the evolving workplace. We also provide cybersecurity services to assess the cybersecurity maturity level, protect existing workflows and help to build new secure infrastructures that ensure resilience and continuity of service.