Identifying the Gaps in Your Facility’s Security Plan

Protecting the security of media is sometimes an unresolved issue. The first step to securing valuable content is a thorough review to identify any gaps in a facility’s security plan. Then, implement industry best practices and security layers to safeguard those assets.

Undoubtedly, many media & entertainment professionals remember when the primary element in a content security strategy was the “tape room.” Here, tapes containing raw camera footage and audio content, in-process and finished programming was stored for future broadcasts or reuse. Those charged with protecting such irreplaceable assets relied, primarily, on physical security tactics such as lockable tape cabinets, securing access with cardkey-based solutions and tape check-in/check-out logs to prevent content from “walking.”

But, tape-based workflows presented real barriers to efficient video production. As many a broadcasting intern has learned, logging, finding, reviewing, dubbing and delivering working content was a time-consuming and labor-intensive process. Collaborative editing was simply impossible.

It’s a File-Based World

The first file-based workflows replaced the “sneaker net” with IP network dedicated to allowing editors to access content stored in file servers instead of tape machines. Often, these consisted of a dedicated IT infrastructure that was not connected to the enterprise network or the internet. Content security practices relied, primarily on providing access to trusted editors and freelancers. These early networks required assets to be ingested from tape or transferred to tape for playout.

File-based workflows gradually expanded to replace tape-based functions with server-based equivalents. And, parallel development of shared storage, for example, enabled powerful collaboration that now transcends the limitations of in-house networks to include remote collaboration via cloud-based solutions.

That modern, collaborative production workflows owe a great deal to the use of file-based content shared on enterprise-wide and cloud-wide networks for their efficiency is undeniable. But equally indisputable is the fact that as workflows transitioned from tightly guarded tapes to enterprise-wide and worldwide cloud-based networks, the exposure to exploitation; the “threat surface” in security speak, has grown exponentially.

The Rise of Cyber Crime

As evidenced by an increasing number of high profile attacks that have wreaked havoc on the segment, it is clear that the movie and video production industry has become a prime target for cyber crime. Motivated by the value of the content being produced, pirates seek to exploit vulnerabilities in lax studio operations as well as the closely associated and often interconnected ecosystem of post production service providers.

In 2014, hackers stole an estimated 10TB of data and assets from Sony Pictures and leaked 3 unreleased movies, a script for James Bond Spectre and personal information and emails from countless Sony employees. The damages included Sony co-chairperson Amy Pascal’s career, a heavily-damaged IT infrastructure and millions of dollars in civil damages. 

In late 2016 hackers attacked a post-production company working on Orange Is the New Black and captured 10 of the scheduled 13 episodes. The shows were later released on-line. Image: Netflix.

In late 2016 hackers attacked a post-production company working on Orange Is the New Black and captured 10 of the scheduled 13 episodes. The shows were later released on-line. Image: Netflix.

2016 was witness to an attack on Larson Studios, a provider of audio production services to the likes of Netflix, NBC, ABC, CBS and Disney. In spite of receiving a demanded $50,000 ransom, hackers released 10 new episodes of the hugely popular Orange is the New Black to the public six weeks ahead of the planned launch.

Shaping the Future of Video Production Content Security

Andrea Matwyshyn, law professor at Northeastern University and faculty affiliate at the Stanford Center for Internet and Society is a strong advocate of cyber security as a top priority for the media & entertainment industry. About the 2017 hack of NBO’s Game of Thrones content she said, “It should be a giant, red flashing warning light to any similarly situated company that they need to stop everything and make sure that their systems are reflecting the state of the art of security.”

Clearly, other industry thought leaders feel the same way.

Backed by Walt Disney Studios Motion Pictures, Paramount Pictures Corporation, Sony Pictures Entertainment Inc., Twentieth Century Fox Film Corporation, Universal City Studios LLC and Warner Bros. Entertainment Inc. the Motion Picture Association of America (MPAA) has developed recommendations for safeguarding critical media assets in its document Content Security Best Practices Common Guidelines. It advocates several layers of security practices including management oversight practices, physical security practices and digital security practices. 

“It should be a giant, red flashing warning light to any similarly situated company that they need to stop everything and make sure that their systems are reflecting the state of the art of security.”
Andrea Matwyshyn, law professor at Northeastern University.

The Content Delivery & Security Association, which serves as the worldwide forum advocating the innovative and responsible delivery and storage of entertainment content, has published a similar set of “best security practices” documents for production/post production as well as music recording studios. Like the MPAA, the CDSA advocates a multi-layer approach spanning management, personnel asset management, physical access, IT security, training, incident management, workflow and script handling.

Closing Security Gaps with a Layered Approach

Compliance with these evolving best practices is expected to ultimately become table stakes for doing business in the M & E space. Even today, audits against these best practices are becoming more common as part of the selection process for service provider partners. As you plan for improving the content security of your video production operation, consider the following layers. Chances are, you’ve already got some of these areas well covered.

The management layer focuses on the organization and management of your facility. It could span management policy, risk management and incident response, business continuity and disaster recovery, workflow, and segregation of duties, employee hiring practices and how to engage with third parties. While not every part is directly related to content security, it is obvious that they are all intertwined. 

A properly implemented and layered SIEM solution will help provide advance warning of breaches to help protect valuable media content. Click to enlarge.

A properly implemented and layered SIEM solution will help provide advance warning of breaches to help protect valuable media content. Click to enlarge.

The physical layer focuses on the mechanisms and practices that prevent unauthorized entry to your facility. This layer includes practices to secure entrances and exits, perimeter security systems like alarms, surveillance systems, etc., how visitors are managed, identification, access badges, keys, physical asset management, etc. It is paramount that you manage who has physical access to your facility and what parts of the facility are accessible.

A comprehensive network access layer will focus on the mechanisms and practices that manage who has access to your video production infrastructure and the assets it provides access to. Key elements of the network access layer include WAN security (firewalls, etc.), Internet security (antivirus, etc.), network access, authentication and account management and I/O management. You may already have some of these mechanisms in place today but ignoring any gaps is unwise.

The management, physical layer and network access layers are designed to avoid the risks of unauthorized access to your content. But if any of these layers are breached, it is critically important that you detect such a breach and close the gap in your content protection plan before another breach occurs. The auditing and Security Information and Event Management (SIEM) layers are designed to detect security breaches.

An audit layer is designed to specifically track the activity of network infrastructure users by logging every log-in, log-out, media space mount, file open, file read, file move or delete. In addition, tools should be provided to enable audit logs to be filtered by user, by file path, by timeframe, by IP and by file event type. 

Auditing is a key component of an effective SIEM solution and needs to collect and manage audit information, in real time, from individual systems such as Active Directory engines, workstations and shared storage. Click to enlarge.

Auditing is a key component of an effective SIEM solution and needs to collect and manage audit information, in real time, from individual systems such as Active Directory engines, workstations and shared storage. Click to enlarge.

This approach, which we are pioneering in the EditShare storage products, prevents administrators from being overwhelmed by the tsunami of file audit information generated in a busy video production environment. Audit capability should be available in every system capable of accessing your content including shared online and nearline storage, asset management, archive, editing workstations as well as gateways to duplication, media transport or other parts of the enterprise LAN/WAN.

A SIEM solution works hand-in-hand with the auditing layer by aggregating audit information, in real time, from individual systems such as Active Directory engines, workstations and shared storage. As it is collected, programmable detection algorithms examine content and correlate activity across two or more systems. SIEM is often the best way to detect security breaches while there is still time to respond. In addition, SIEM systems provide the capacity to store large quantities of audit information that is useful for conducting routine facility security compliance audits or that might be used to conduct a post mortem investigation of a breach.

Summary

Cyber criminals have made their intentions to attack the video production segment and exploit gaps in content security plans. Hollywood has responded with comprehensive recommendations for a layered approach to content security. As you gear up to meet the new normal, the above concepts are what you need to embrace for continued success in this segment. 

Bill Thompson - Global Storage Product Manager, EditShare.

Bill Thompson - Global Storage Product Manager, EditShare.

You might also like...

Designing IP Broadcast Systems - The Book

Designing IP Broadcast Systems is another massive body of research driven work - with over 27,000 words in 18 articles, in a free 84 page eBook. It provides extensive insight into the technology and engineering methodology required to create practical IP based broadcast…

Demands On Production With HDR & WCG

The adoption of HDR requires adjustments in workflow that place different requirements on both people and technology, especially when multiple formats are required simultaneously.

If It Ain’t Broke Still Fix It: Part 2 - Security

The old broadcasting adage: ‘if it ain’t broke don’t fix it’ is no longer relevant and potentially highly dangerous, especially when we consider the security implications of not updating software and operating systems.

Standards: Part 21 - The MPEG, AES & Other Containers

Here we discuss how raw essence data needs to be serialized so it can be stored in media container files. We also describe the various media container file formats and their evolution.

NDI For Broadcast: Part 3 – Bridging The Gap

This third and for now, final part of our mini-series exploring NDI and its place in broadcast infrastructure moves on to a trio of tools released with NDI 5.0 which are all aimed at facilitating remote and collaborative workflows; NDI Audio,…