As broadcasters look to take advantage of IP production and its benefits, security has moved into sharper focus. While baseband video is not entirely immune to security breaches, the fact that connectivity is largely physical and only SDI signals can travel down SDI cables makes the technology inherently less risky (if less flexible).
In contrast, IP can transport virtually anything that can be digitised; video, audio, and data. IP works very differently, with connectivity being established dynamically and logically, and the infrastructure being able to carry anything that can be digitised (including video, audio and data used in production), potentially down any physical path. This makes IP extremely versatile and flexible, but also potentially a greater security risk. Security therefore must be placed at front-of-mind when planning, deploying and maintaining an IP network in production.
Types of security exposure
For broadcasters to fully protect their IP networks from security threats, understanding the different types is a key first step. The two main areas of consideration need to the security of content, such as the risk of it being stolen or compromised, and security of infrastructure, which covers any disruption to production that for example could lead to a channel being taken off-air.
In network terms, broadcasters need to secure both media flows, covering network and media equipment, and control flows, which includes management and orchestration. Luckily for the industry, many of the best security practices are highly applicable to the design and architecture of IP media networks, and there are several refined principles that they can apply.
Securing the edge
One of the greatest risks related to an IP media network is the interface between the broadcast production network and the wider world. The flexible connectivity between the WAN and LAN allows production resources to be shared and used within a broadcaster and between different organisations, meaning they can take advantage of third-party services and move into virtualisation.
However, the issue that arises from this is the need to effectively open up the media network to allow external parties to control aspects of it. This could for example be initiated to allow another broadcaster to make use of a studio and produce a show remotely from one of their own control rooms.
This makes it critical for broadcasters to secure their network edges to ensure security from a media flow and control perspective. To enable secure media flows, robust media edge equipment can prevent any unwanted inward and outward access to the core production network at the point of contact with external networks. This firewalling technology only allows approved flows through, preventing rogue flows from entering (or leaving) the facilities.
Enabling encryption
Encryption is a key aspect of securing content. Encryption solutions can cover video, audio, data, IP packets and the communication between the control layer and the media network elements, plus any interaction between a web interface and the management software. Additionally, it can also be used to protect both the media and control flows.
To ensure utmost security in IP, all control plane connectivity should be encrypted. Media data-plane encryption can even be implemented effectively without affecting the performance of modern hardware. Very little latency is added, even in the case of higher definition content such as 4K, 8K and HDR.
It’s also important to remember however, that encryption may not be needed in every case, especially as it can add a layer of complexity to the overall workflow. Encrypting media flows, for example, is typically not needed to secure media flows within a campus, and may also be superfluous if the WAN connectivity is completely dedicated and secure. The particular focus for media data-plane encryption should be around public internet connectivity or satellite links, which can be highly vulnerable.
In terms of standards, the NMOS suite control plane specifications include the BCP-003 family, forming several definitions covering security, authentication and authorisation. The VSF RIST recommendation TR-06-2 addresses encryption for applications in public internet connectivity or satellite links.
Covering the core network
The final component of IP security is securing the core network. In an IP media network, multicasting is usually used to transport signals from a source to multiple destinations, and with dynamic IGMP, any receiver with network access could potentially subscribe to any of the streams. Not only could this be detrimental in compromising content security, but also infrastructure. A “denial of production” situation could be created by very large volumes of data being streamed and overloading bandwidth. The solution is to utilise a routing SDN orchestration approach to help avoid this risk. Unlike IGMP, which operates a deny-list (which presupposes some knowledge of rogue traffic), modern SDN uses an allow-list, i.e. only authorised traffic is allowed.
The human factor
Of course, the biggest risk to any network, is actually insiders who, whether on purpose or not, compromise it, for example by sharing passwords. Every organisation needs to have training and processes in place to minimise that risk.
By ensuring that the three technical areas (network edge, encryption and the core network) as well as the human factor are considered, broadcasters can avoid the growing potential security risks facing the sector. As the industry moves to IP, the combination of a secure network along with education of humans within the organisation to ensure that they don’t become the weak link will give broadcasters the best security protection.
