In this first installment, vulnerabilities in the production and distribution chain for streaming services are analyzed.
Carlos Pantsios Markhauser, PhD, IEEE*
In the last two decades, there has been a huge change in the way companies that handle content streaming operate. Video on demand, mobile apps, streaming services, among others, have diversified the way audiences access content, and have put pressure on streaming content providers to deliver it anytime, anywhere, and on any platform.
Likewise, streaming, a technology for the transmission and dissemination of continuous and uninterrupted content, which does not require the complete download of it at the reception terminals, was consolidated and consolidated by having much more bandwidth so that users can interact directly with content sources, as well as other new technologies that made it possible to meet the needs that the prevailing market demanded.
The real technological breakthrough came when high-definition video could be distributed over the Internet, and was mostly consumed through streaming platforms with high traffic demands.
Many industries around the world primarily use "live" streaming as a vital mode of communication with their audiences. It is a very effective method for businesses, educational institutions, individual creators, artists, and many others, to connect with many users. In order to stay competitive in today's marketplace, media organizations have had to restructure their business models and consolidate their operating processes.
This often meant a greater reliance on IT systems and digitizing workflows. Because the role of IT and intellectual property has significantly increased the risk of cybersecurity, the latter has begun to impact content, consumer data, services, and business continuity.
It is crucial to know the importance of cybersecurity in streaming, in order to remedy the risk of cyberattacks, such as: malware, plishing scam, and hacking attempts, which can seriously compromise content.
For the proper transmission and dissemination of video/audio, a "live" streaming service is indispensable, specially equipped to broadcast the content in real time.
Streaming security is not about privacy but about trust. Content creators handle sensitive information such as personal chats, payment information, and exclusive content. Without proper security, this data can be stolen or misused.
With the rapid increase in cyberattacks around the world, streaming security is no longer optional. Hackers can easily interfere with unsecured real-time streaming. It is essential to adopt secure measures such as: encryption, firewalls, secure logins to prevent attacks and avoid the incorporation of malicious content.
Additionally, it is very convenient to consider the use of Next DNS (Domain Name Systems) alternatives to increase the security of streams by filtering malicious traffic and blocking malicious content before they can reach the server. The DNS, which works like a phone book, forwards any blocked addresses to the number 000-000-0000, preventing any page loading. The service is offered on any paid plan of Some Control & Full Control and NextDNS, among others.
Streaming today represents a highly lucrative market for cybercriminals, launching attacks and stealing identifiable content.
In the case of the broadcasting infrastructure, she almost always worked in isolation, without internet access and relying mainly on hardware. As a result, she was less exposed to cybersecurity threats.
Currently, broadcasting functions are increasingly software-based and connect to both internal (intranets) and external (extranets or internet) internet networks, significantly increasing the risk of external attacks and internal interference.
Recently, broadcasting companies faced the challenge of incorporating sophisticated cybersecurity infrastructure, covering the end-to-end broadcast media production chain, addressing technology, as well as procedural vulnerabilities and human error. Many of them have been inspired by existing cybersecurity best practices, such as the best practices of the NIST "Cybersecurity Framework" and the "Motion Picture Association of America" (MPAA), for content security or standards such as ISO 27001/27002.
However, there are numerous industry-specific concerns that broadcasters need to consider as they put together their cybersecurity strategies. Below are the most important security considerations that concern broadcasters.
1.- Vulnerabilities in the production and distribution chain.
Confidentiality is the key for broadcasting companies, as it is essential to protect details related to plagiarism, when it comes to movies and television series, but also the secrecy of sources in the case of investigative reports. However, broadcasters often rely on external hires and collaborators to process, finalize and distribute content.
Large files and isolated environments have made removable devices the alternative transfer method for bradcasting companies. As this is a necessary step in the production and distribution of content, companies cannot prohibit its use, but they can use encryption to limit access to files transferred with removable devices.
The Data Loss Prevention (DLP) solution, such as Endpoint Protector, offers mandatory encryption features, ensuring that any file or files copied with removable devices are automatically encrypted by means of a particular type, approved by the government, known as 256bit AES CBC.
This implies that no third party, without the encryption key available, can access such files. Furthermore, administrators have the option to reset the key, if it was compromised, and remotely wipe devices by resetting the device in question, effectively erasing all files stored on it.
2. Insider Threats
The employees of a broadcasting company themselves can sometimes be the biggest problem. Having direct access to intellectual property (IP), they can easily extract data or cause accidental data loss through negligence.
In addition, some broadcasting companies have decided to isolate their computers in the production chain to avoid potential losses over the internet, and this makes removable devices the method of data transfer.
To prevent potential theft, companies can turn to DLP (Data Loss Prevention) solutions to limit the use of removable devices and replace them with more reliable devices. This may involve devices with some degree of encryption, but also devices pre-approved by the company.
These control policies allow broadcasting companies to track the use of removable devices and identify employees who logged into the devices, who allowed sensitive material to be copied, and at what time.
Text written by Carlos Pantsios Markhauser, PhD, IEEE. he is a Telecommunications Engineer, PhD in telecommunications electronics, Master in Communications from the Simón Bolívar University, with a Specialization in Satellite Telecommunications and Networks from The George Washington University - School of Engineering & Applied Science, Specialization in Digital Telecommunications from the University of Colorado Boulder. He works as a postgraduate professor in the telecommunications schools at the Simón Bolívar University and Andrés Bello Catholic University. In addition to being a professional consultant in TV projects based in Argentina.

