FEED Autumn 2021 Web

NEAL ROMANEK: Are broadcasters prepared to make cultural changes?

SIMON SPANSWICK: It depends on the culture of the organisation. There is a problem, often at board level, where cybersecurity is put on the ‘too hard’ pile. People are not really employing a top-down culture when it comes to the need for cybersecurity. That’s one of the biggest issues within our industry; it’s not the be-all-and-end-all of everything, until there’s another TV5 incident. This is an issue that exists until it’s taken seriously by the most senior executives within an organisation. It needs to be taken as seriously as producing the best programmes, or finding ways to be carbon neutral – the ‘sexier’ things. Unfortunately, cybersecurity isn’t considered a ‘sexy’ topic for your average media executive, so it’s just put to one side. “PEOPLEARE NOT EMPLOYING ATOP-DOWN CULTURE”

NEAL ROMANEK: More devices are connected than ever, and more remote working is taking place. What strategies are there for keeping workflows safe?

PHIL MYERS: As a vendor, it becomes really challenging. Lawo supplies an overarching control system, but you might find a lot of the devices that sit underneath that control system span the last five, ten, 15 years. The reality is, you’re not going to be able to secure all of them. The approach we’ve taken with customers is to look at the entire infrastructure you have, understand where your risks are – legacy equipment, for example – and see if you can make the failure plane as small as possible. Some customers do that by putting SDI air bricks around that infrastructure, so only content goes in and out – and no data. In terms of the application layer, lots of systems tend to be monolithic, and not as redundant as you would expect. You should also look at how the vendor designs and architects the products, to ensure even smaller failure planes. From a

vendor perspective, take responsibility for your own technology. But it does require that, from a customer perspective, you are also aware of where all the risks are. JOHN MAILHOT: Again, I’ll go back to the mantra: ‘enterprise security’, which has already provided the tools for these kinds of challenges. There is plenty of legacy equipment, with legacy protocols, that is not secured. But most of those protocols could run across a secure socket, a secure tunnel or a VPN. The IT industry has built a nice, layered architecture that we live in; this has made remote working arrangements possible. You can extend a VPN tunnel from an enterprise to someone’s home. When designing the facility and workflows, there’s been a rhetoric in broadcast for a long time that security purely means protecting content.

feedmagazine.tv

Powered by