By Sherpard Mphambela
The ongoing convergence of broadcasting with conventional Information and Communication Technologies (ICTs), creates opportunities for cyber attackers to compromise both underlying systems and the signals or information transmitted over the systems. The advent of Digital Terrestrial Television (DTTv) represents the beginning of the last mile towards full convergence, and brings with it whole new frontier of cyber challenges.
Given South Africa’s ambitions to move into the new digital broadcasting ecosystem with the impending launch of DTTv, the county’s infrastructure is not spared by this new cyber battleground. Cyber criminals will only take a short while to notice the opportunities to cause damage and they will soon move into this territory.
This is expected because attacks on broadcasting infrastructure have already been recorded in other countries and South Africa, is not immune to similar attacks.
When this will happen here depends on a broad spectrum of events that could trigger the motivation for attackers to pounce. Given this changing landscape, it is imperative that threat analysis and modeling, as well as the gathering of cyber threat intelligence to establish who the potential threat actors are, their motives as well the threat vectors they may use should be urgently carried out.
This should be done as well as continuously probing for internal vulnerabilities, and plugging these while building holistic enterprise security architectures to defend against cyber-attacks in digital broadcasting.
DTTv comes with a variety of internet based services and leverages internet protocols in in widening the scope and reach of broadcasting. Convergence will make broadcasting essentially one and the same with digital telecommunications and information technology as it is now more reliant on digital and internet technologies.
This convergence is a natural next step for the broadcasting space and is has been made necessary by the need to leverage the efficiencies offered by the internet in order to avert total disruption of traditional broadcasting by players from outside the industry.
Cyber security in broadcasting should therefore become aa top drawer issue on the list of challenges, when one is considering the transition from conventional analog or digital broadcasting to digital terrestrial broadcasting, which springs forth a new set of risks.
Depending on the level of convergence between IT & OT (transmission networks), there is a high degree of risk of exposure to debilitating cyber-attacks though direct internet exposure or secondary IPs along the digital or semi-digital broadcast chain.
The new broadcast processes extend from content creation and direct access by users to editing, remote contribution and collaboration, transmission and storage of broadcasts e.g. podcasts or event videos.
Transmission monitoring which is done remotely in some instances can itself have additional avenues of attack into the underlying broadcast infrastructure and must be secured too. Each of the modules represented in the internet ecosystem and the Digital services space, has vulnerabilities that are can be targeted by threats to the system infrastructures and people who use them. Exploitation of these vulnerabilities can impact users, handheld devices, Smart-TVs, Set-top boxes, routers, applications, communications networks and backend storage.
More frequent unfreeze-change-refreeze cycles
The necessity for cybersecurity in broadcasting is a development that the broadcasting industry across the world is only beginning to deal with. With convergence, the sector has the same cybersecurity issues that afflict traditional IT systems. The problem is compounded by that the transmission side is often regarded as mission critical therefore kept ‘frozen’ with few hands allowed to ‘touch’ and the rest not to
‘fiddle’ with working things. Securing a digital broadcasting network will require more frequent unfreeze-change-refreeze cycles than that accustomed to by those in the transmission business or alternative innovative solutions that keep systems safe even when not chasing the software OEM software update cycles.
Security has been topical on the IT systems side and there are well established change processes of improving and maturing the security of IT Systems. Adoption or development of alternative standards and frameworks that achieve necessary security levels while navigating these issues will be part of the challenge that must be met.
Regardless of which direction is chosen, broadcasting networks are mission critical systems, and therefore precision and top skills will be required to add to the agility needed to execute the task of securing these transmission environments.
Types of attacks to broadcasting have many forms such as disrupting the transmission – a denial of service or Broadcast intrusion, an interruption of an ongoing broadcast to overlay or replace legitimate content with unauthorized or subversive content. This can create fear uncertainty and doubt in citizens or at worst, the destabilization of society.
Hijacking of a channel or station momentarily or altogether. In this instance a broadcaster may lose direct control of their network and become “locked out” with the only recourse being to pull power cables out of connected devices.
Once hijacked, a station’s or country’s broadcasting capability can be abused for various ends that can include causing panic and pandemonium, the effects of which can result in uninsurable costs.
Recovering from such an event can be very costly and require urgent mobilization of specialized cybersecurity teams to regain access, clean-up and uproot any active threats that may have become embedded in the systems. Some devices may be locked or encrypted with ransomware and may require to be replaced altogether with potential loss of valuable historical data or stored broadcasts.
The hijacking of broadcast radio or television signals, feeds, satellite signals or stored information will most likely occur if effective preventative, detective and post event response actions are not taken.
Technology convergence invariably means that all the common IT system attacks are now also applicable to the broadcasting space. These attacks include but are not limited to various forms of Distributed Denial of Service (DDoS), malware/ransomware, social engineering to gain unauthorised access, Phishing and many more.
The security of broadcasting is therefore an extensive challenge that should now involve the manufacturers of equipment that previously did not have warrant their systems and equipment to be secure in design. Vulnerabilities now need to be weeded out at every stage, from the design, development, build and deployment of all the infrastructure components.
This must also continue in the production process by continuously patching applications and upgrading firmware, monitoring performance, transactional logs, application behavior to baselines while correlating these with what is happening in other system components in other parts of the broadcast network then overlying this with intelligence from occurrences in other parts of the world to detect, prevent and respond to threats on time.
In most countries, broadcast networks are regarded as part of National Critical Infrastructure and it is imperative that with the mooted launch of DTTv here in South Africa and elsewhere, responsible government entities as well as proprietors of these networks engage with industry and cyber security experts with specific regards to dealing with the cybersecurity aspects of this developing digital broadcasting paradigm.
Shephard Mphambela is the Founder & CEO of Bantima Cyber Security Services
(www.bantima.com). He is a holder of CISSP, COBIT5 ISO 27001 LI, SABSA SFC
credentials including a BSc Honors in Computer Science. He is formerly the Lead Security
Intelligence and Operations Consultant for IBM based in Johannesburg, South Africa. He is
contactable on cybersecurity[at] Bantima [dot] com.
Comment on this report: Call/text/whatsapp: (+27) 834767918