There have been countless articles in recent years talking about the transition from legacy media architectures to IP-connected, software-defined systems. Most focus on the benefits of the new technologies, like flexibility and agility; some talk about the cost savings of moving away from dedicated hardware to common and inexpensive platforms.
I think it is worth reminding ourselves of one critical shift. Since the first radio transmission in 1893, broadcasters have relied on equipment dedicated to their needs. No other industry needed the power or the functionality, so whatever a broadcaster needed in terms of equipment, it either had to build itself or turn to a specialist manufacturer which served just the one market.
Perhaps accidentally, that brought a huge benefit to broadcasters in that there was really no point in trying to break into either the technology or the material, because no one outside the industry could do anything with it. There was no point stealing a roll of 2” videotape, however valuable the programme, because you had nothing to play it on.
This legacy hardware was interconnected, within a facility, with specialist cables and connectors. Connecting sites were dedicated, point-to-point circuits which were only terminated at controlled locations: microwave links and leased video lines. Everything was physically isolated. It meant that, beyond making sure no one could break into the building, we never need worry about security.
IP connectivity has transformed the way we make programmes. Remote production—with the cameras and microphones at one location, replays at another and the director somewhere else—is now routine. Collaborative productions happen every day. This unleashing of creativity is one of the greatest benefits of the new wave of technology.
But because it means sharing our media signals and their controls with the rest of the IT world, suddenly we have to consider the bad things that happen out there. Cyber-attacks. Content piracy. Network misconfigurations leading to sources disappearing. These are serious, business-threatening considerations.
Many devices in the broadcast space were not designed with these risks in mind. They lack authentication protocols, encryption or secure APIs. The experts brought in from the IT world to make the new networked environments work face a significant task to achieve high security.
Doubly so because broadcast set-ups are rarely static: each day, each production is different, with a different mix of fixed, portable and rented-in equipment. Conventional IT architectures tend to be much more fixed, so working around this ever-changing architecture is a specialised demand.
One of the new acronyms we should be learning is ZTA, for zero trust architecture. As the name suggests, this works on the basis that no user or device should be trusted by default, even if they are connected to a privileged network, or even if they were previously verified. For every use the device or user must be validated, and then only allocated the minimum viable, explicitly authorised resources.
Legacy products, which we may want to continue using because they are perfectly functional, may not have the capability to support continuous validation for ZTA. So we should be finding ways to securely firewall these potential points of risk, without imposing latency penalties that impede the production.
We should also be looking at managing the network as a suite of interconnected sub-nets. If one is breached, the rest of the network should remain secure and functional. SD-LAN (software defined LAN) is an approach to network management that uses abstraction to enable dynamic and efficient network configuration.
VXLAN (virtual extensible LAN) is a standard developed by the Internet Engineering Task Force. It allows a single physical network to be shared by multiple different users. Through this abstraction, each tenant or piece of equipment uses the physical network as their own, without being able to see the network traffic of any other network. Combined with best security practices, it means a secure private network can be created through public connectivity and cloud hosting.
At Bitfocus, we develop monitoring and control platforms that enable every device in a production to be controlled, in detail, from user-configurable interfaces. As such, we have to reconcile open source and third-party interfaces with a huge range of equipment with maintaining absolute security, accessed by the user through a single sign-on protocol.
Our view on security is that it is not about locking things down; it is about designing systems that are inherently resilient and intuitive. To do that, we need to develop an industry-wide approach to accountability. We all benefit if we collaborate on penetration testing and transparent reporting of security issues. We should share when we find issues and how we resolve them.
Ultimately, as an industry, we need to work together to define APIs, standards and best practices. The goal must be to draw together the processes we need that, through security and flexibility, allow us to make great programmes.
