The Digital Production Partnership has unveiled a new cyber security programme, which enables UK broadcasters and their suppliers to self-assess against a number of key security criteria.
The DPP Committed to Security programme is a broadcast-facing cyber security checklist developed with the North American Broadcasters Association that contains 20 requirements to allow suppliers to document their progress to broadcasters in the field of security.
Announced during Friday’s cyber security panel ‘Safety in Numbers’, DPP MD Mark Harrison said that the time had come to take talks on cyber security and turn it into actions. “Being open and collaborative is our best means of defence when it comes to security,” he said.
The 10 launch members who signed up to the programme include TVT, The Farm, Qvest, Arquiva and Dropbox.
TVT’s Technology VP Peter Elvidge, who spoke on the panel, said that as a service provider his company was rarely in a position to dictate security requirements and
sometimes had to use outdated procedures which had been imposed on him by clients.
“Having a checklist that aims to build all the security into one standard helps us demonstrate to clients that they can trust us,” he said.
Fellow panel member Craig Dwyer, a senior director at Avid, which is in the process of doing the DPP checklist, said that security problems often arose when their customers wrongly assume that it is just broadcast technology vendors that are responsible for workflow security.
“They think that if they are using Microsoft or Avid products that they don’t have to do anything,” said Dwyer. “The DPP’s standards will allow you to look at the full chain and say ‘if you are in our supply chain then these are some best practices.’”
Senior programme manager at Microsoft Azure Joel Sloss also welcomed the DPP’s programme and pointed out that when the EU General Data Protection
Regulation (GDPR) is passed it will assume that all businesses will experience a data breach and the production industry will need to radically rethink their processes.
“It means that if we as an industry don’t put best practice in place then it will be imposed on us,” he warned.