Bringing more IT technology into the broadcasting domain has created new opportunities for media production and distribution but has also exposed media organization to the security threats IP-based technologies are exposed to.
Content security is also at stake. First, misinformation is a growing threat that can damage the public's confidence in the media. Audiences are now getting information through multiple platforms, some of which make provenance and reliability harder to assess. Second, piracy is undermining legitimate business models and ultimately an organization's ability to provide high-quality content.
With its Media Cybersecurity activities, EBU aims to raise awareness and the ability to defend against evolving security risks across the media industry. It brings together media security experts and to exchange knowledge and experience on security topics and collaborate to ensure that media systems, infrastructure and procedures used in the production and distribution chain are protected against potentially very damaging attacks. The EBU argues that collaboration between all actors in the media ecosystem allows the creation of more effective means and approaches to fight cyberattacks, piracy and misinformation.
Topics under study:
Media Systems Vulnerabilities
MCS group recommends vendors comply with R143 to ensure media systems are cybersecure. MCS also provides testing guidelines and organize testing campaigns with EBU members and vendors, to perform vulnerability tests on media equipment. Please contact us if you are interested to know more how to test media equipments and join our scanning team.
A list of vulnerabilities will be maintained and discussed with vendors, following the remediation process detailed in Recommendation R160.
Cloud and Cybersecurity
In 2020, the Covid Crisis has been a big accelerator for cloud adoption by media organisations. While it is generally acknowledged that major public cloud data centers are more secure that traditional on premise datacenters, one must not forget that security in a cloud environment is a shared responsibility between the users and the providers. MCS group has published Recommendation R146 on Cloud Security and is now regularly exchanging on best practices and cloud- based solutions' vulnerabilities within EBU and with external vendors and partners.
MCS R143 "Recommendation for Media Vendor systems, Software and Services" also now features a specific Annex listing security requirements for Software as a Service Products.
Security Architecture
EBU members moving to IP-based new facilities have the opportunity to design networks that are more secure and robust. A focus group of members regularly exchange on their projects and secure network architecture for broadcasters.
AI and Cybersecurity
With AI, attacks can be more targeted and effective. On the other hand, cybersecurity tools use more and more AI to anticpate and detect attacks. A group of members now focus on the impact of AI on Cybersecurity.
Cybersecurity KPIs
What are the metrics and dashboards that EBU members use to monitor Cybersecuirty and report to their top management? A focus group of EBU members regularly share on essential KPIs and best practices.
Cybersecurity Awareness
MCS aims at improving awareness on cybersecurity within EBU member organizations and in the media industry as a whole. A focus group of members is now discussing best practices to put in place a security awareness program in their organizations.
Digital Safety for Field Journalists
Field journalists should use the right technologies and practices that keep them safe while doing their investigation work in hostile environments. Those tools and practices should protect their anonymity, make sure they can continuously communicate with their home countries, and let them produce and transfer securely their content from the field to media newsrooms. MCS is working hands in hands with EBU Academy HEST program to develop and moderate cybersecurity trainings for field journalists.
Cybersecurity Benchmark
As the media industry is transitioning gradually to IP-based/connected technologies, it becomes more exposed to cyberthreats. But how mature are European public media organisations in terms of cybersecurity, do they have a security strategy approved by executives, and a well-staffed security team that operate proactively? Are their cybersecurity processes effectively used, and what is the level of security awareness across their organisations? MCS benchmark study will provide answers to these questions and help EBU members assess their cybersecurity maturity compared to other EBU members.
Online Learning Sessions
During Online training sessions, we present the basics for a good security organization, disseminate on the importance of cybersecurity. Goal is to reach a as large as possible audience, but mostly target managers in organizations that do not have well established security team and processes. 4 online Learning sessions are available online to MCS group members.
Masterclasses
Combining EBU Members’ expert contributions, use cases and exercises, with theoretical presentations and hands-on exercises, the e-Master Class will provide media professionals with tools and best practices on how to improve the cybersecurity of their organization; protect its assets, preserve its reputation, comply with current EU regulations and guarantee business continuity.
- Masterclass on Media Cybersecurity for managers- (EBU members only)
- Hands-on Cybersecurity - Masterclass for broadcast engineers and technicians
Recommendations
- EBU R 141 - Mitigation of Distributed Denial of Service (DDoS) Attacks
- EBU R 142 - Cybersecurity best practice for connected TVs and services
- EBU R 143 - Cybersecurity for media vendor systems, software & services - NEW ANNEX FOR SAAS Products (Software as a Service)
- EBU R 144 - Cybersecurity Governance for Media Companies
- EBU R 145 - Mitigation of Ransomware and Malware Attacks
- EBU R 146 - Cloud Security for Media Companies
- EBU R 160 - Vulnerability Management Procedure Toward Media Equipment Vendors - NEW VERSION
- EBU R 161 - Responsible Disclosure Policies for Media Companies
- EBU R 162 - Security Maturity Benchmark for Media Companies.
- EBU R 163 - Security Level Agreement for Media Companies Service Providers
- EBU R 164 - Secure File Ingest Best practice for Media Companies
- EBU R 165 - Information Classification Policy.
- EBU R 166 - Secure Software Development Lifecycle.