In the media world, the quality, reliability and unique nature of a broadcaster’s or programmer’s content is king. While piracy has been an issue for years, as more consumers cut their cable cord and content moves across multiple platforms, media companies can expect to face increasing cyber threats in their future.
As we have seen across industries, recent cyber attacks have caused the leakage of confidential, competitive data, cost millions of dollars in corrupted hardware and software and posed numerous legal, regulatory and reputational risks.
For media companies, a cyber attack can halt media organisations’ non-linear streaming service, slow the performance of content, disrupt service across all platforms and provide another outlet for hackers to pilfer unique and compelling content.
While there is no silver bullet to prevent a breach, media broadcasters can significantly improve their security posture and lower their risk by addressing six questions.
Is your network hardened at every end-point?
Current trends toward cloud-based streaming and linear programming require that media companies rethink their security posture. The same new opportunities for programmers to contribute and for customers to obtain content has opened new opportunities for malicious actors to steal or disrupt content. Every end-point across the distribution cycle needs to be assessed, tested, and secured.
Companies need to consider how their content data stores are protected, whether their transit is secure, and if everything is encryption protected, just to name a few.
Multi-platform, layered controls are needed to establish proactive security that limits opportunities for content and other data to be compromised on the ground or in-orbit.
Are you employing layered security measures?
Given rapidly changing broadcast, data, telecommunications, and cloud technology, companies can’t rely on even the best, single measure of security for any one end-point. Multiple layers of security increase the difficulty for a hacker to breach your system and give your team valuable time to detect and respond before any data is compromised.
A pervasive security framework that includes layered controls, a mature compliance programme, extensive audit and assessment initiatives, and a co-ordinated incident response process is best.
Are your partners doing their part to keep content secure?
Even if you secure all the end-points you manage and employ layered security measures, your content remains at risk if your partners do not follow best practices and are not transparent in their security posture. Media companies need to ensure that each ecosystem partner has the right security requirements in place and have regular communication to keep up with the threat environment and maintain security in-orbit and on the ground.
Intelsat has multiple levels of cybersecurity in place for our partners, segmented by need of network access. We proactively work with media customers to ensure our connected ecosystem is protected against active threats at all stages of uplink, downlink and terrestrial transport. We take full responsibility of assessing our ecosystem partners with the same rigour that we look at everything else.
Are you leveraging the latest satellite innovations to secure your content?
The rapidly evolving satellite industry is adopting safeguards to ensure that the same features that enable communications satellites to respond quickly to changing customer demands don’t make spacecraft vulnerable to cyberattack.
Secure flight operations for all wide- and spot-beam satellites via a segmented control network that ensures key assets are managed proactively.
The Intelsat EpicNG platform is a bit unique due to its advanced digital payload, which include features that allow us to move traffic between beams. This is critical for mitigating interference. If someone broadcasts a rogue signal, it can be very difficult to locate. The advanced digital payload enables us to quickly identify and shut down the source of interference much faster.
Are you prepared to rapidly detect and mitigate a breach?
Some sort of breach happens to almost every company. What prevents an incident from becoming a significant breach and distinguishes a mature cyber-security programme is how quickly a team responds. An experienced team that can quickly assess the situation and mitigate the threat is critical to the life-cycle operations of broadcast and communications services.
Satellite companies constantly watch for security breaches and have plans in place to quickly communicate the details to the appropriate parties to limit the impact of the breach, secure data, and prevent future breaches.
Has your network been audited recently by an independent firm?
Cyber-security is too complex and disruptive to rely solely on internal security reviews. The best internal cyber-security professionals can miss threats that another team can identify. Broadcasters need outside professionals to find the holes in their ecosystem that they overlook.
There is no silver bullet for broadcast security, but there are concrete steps that can help protect your media content.
Vinit Duggal is currently Director and CISO for Intelsat. Since joining Intelsat in 2002, he is responsible for the development of an information security framework that fits the business needs for both the corporate and service provider entities that make up Intelsat’s overall operations.