BroadcastBridge: Can you quantify the threat from cybersecurity and how rapidly is this growing?
Anders Paulshus, Security Development Director, Conax: The traditional security paradigm in pay TV business has always revolved around the profit loss incurred by lost subscribers due to piracy. This kind of subscriber piracy can generally reach up to 40% of the total market in the film and TV industry. Although a number not always easy to estimate, it is at least having considerable inertia. Even with the outbreak of a particular rampant piracy in an operation, the existing subscriber base won’t disappear overnight and a TV operator should team up with an anti-piracy service provider such as Conax in order to employ mitigation solutions. However, the new threat landscape in front of pay TV operators include all the traditional threats but add threats that can cause the operation to literally cease to exist overnight.
The recent ransom attacks on HBO and Netflix shows that the cybercriminals are highly aware of the potential profit from attacking the film and TV business and not shy of using ransom as their mode of attack. Combine this with increasing proliferation of malware and ransomware in the wild and the technical vulnerable infrastructure, including the monoculture Set-Top-Boxes, of many traditional TV operations, and you got a highly explosive mixture. This new kind of threat is difficult to estimate because the loss potential spans the entire range, but it definitely warrants a serious consideration into the amount of resources spent on security up-front.
How much of a threat is cybercrime compared to other types of content access breaches faced by operators?
AP: The traditional content piracy (P2P piracy, content streaming, illegal clients etc.) and the new cybersecurity landscape (denial of service, information theft, ransom attacks) are completely different in nature, and as such difficult to compare. Whereas there will always be a certain degree of content piracy (although it can be a harmless as two neighbors sharing their subscription) some of the new cyber-attacks can be of the all-or-nothing kind. The kind of measures one need to take in advance are different, but certainly both are important.
What are the main security danger points that are emerging both to consumer data and to content?
AP: One of the most dangerous situations is when an operator decides to connect devices that were never designed to be robust against network attacks. This applies to both head-end components as well as client devices such as STBs. For example, retro-fitting network capabilities in vulnerable STBs may not only expose the operator to be held ransom in face of a Denial-of-service attack, but could just as well provide to an attacker the entry point into a household network. This is why the Conax STB security evaluation has for some time now reported network attack robustness as a separate security level so as to raise awareness to operators that security threats to a STB population encompasses more than simply content protection.
What measures can realistically be taken to head off threats now?
Tor Helge Kristiansen, EVP Principle Architect, Conax: As these threats are targeted towards different parts of the already complex TV ecosystem, there is no single measure that can be taken by operators. Given that a large population of hybrid STBs is an ideal tool for pirates to scale their attacks on to a large audience, due to the fact that they are all alike, it becomes paramount to ensure the best possible protection of these STBs. This is done through careful selection of the SOC, ensuring the best possible security design and then running the STB through a thorough security evaluation before it is released into the market. Conax has been assisting STB vendors and operators in this complex task for years and have vast experience in how to build a STB population to withstand current and future threat scenarios.
Only focusing on the STB is no longer enough though, as we have seen several examples of recently. Cyberattacks on the IT infrastructure of both content providers, post processing houses as well as operators and broadcasters seems to be a rapidly growing trend. This has been a wake-up call for many organizations recently, and we can only hope that the industry is starting to take these threats more seriously. There are good measures that should always be in place to protect IT infrastructure, ranging from firewalls, intrusion detection systems, virtual private networks, etc., but they have not always been deployed in the correct way, or kept up to date properly. As simple as keeping the Windows environment up to date, which should be given, seems to be neglected way too often. We can only hope we have learned now.
When more and more consumers bring vast quantities of connected IoT devices into their homes, this also creates a new playground for hackers. More devices connected means more attack points. And here the industry have a long way to go before all these devices are properly protected. Security initiatives, such as the Kudelski Group’s IOT Security Center of Excellence, help makers of IOT devices protect them against relevant threats. And TV operators can play a major role in protecting the gateway into these connected homes.
Studios and content providers have faced major cyber attacks themselves. But what requirements, if any, are operators making of distribution partners to prevent threats from emerging further down the distribution chain?
THK: There has been far too many examples of content leakage recently, even before the content is released officially on Cinema or through the streaming services. Analysis indicate that as much as 11% of the content value is lost even before it hits the initial Cinema release window.
The content distribution chain is very complex and leaves too many openings for risk of content leakage. Threats to the content creation and distribution value chain are in continuous evolvement – where historically the distribution to end user devices was seen as the weakest link, security breaches now occur at every step in the content lifecycle. Ballooning challenges for content producers include many organizations involved in the post production and distribution, leading to content duplicates with variable quality, difficulty in tracking distributed copies and difficulty in quality-checking overall statistics of all content traded. There is no holistic security approach and many leakage points are being exploited. As the threat of premium content leakage grows, content producers are seeking cost efficient tools to deliver content to the ever increasing number of digital platforms and devices – securely.
In order to mitigate this situation one need to simplify the content distribution chain, and to enable tracing of illegally leaked content through forensic watermarking. Media Asset Management (MAM) Services provider, DVnor – now a part of the Kudelski Group, offers the DVnor Organizer, providing a highly automated all-in-one platform for metadata and digital file management, transcoding, storage, distribution and post-production services. DVnor delivers content directly to all major Service Delivery Platforms, including Netflix, Amazon and iTunes and enjoy exclusive reseller agreements with Sony in key markets. In addition to simplifying the content trading and distribution process, Organizer™ also ensure full traceability of the content at any time. By combining the highly efficient content workflow from the DVnor Organizer with benchmark content security from Conax and forensic watermarking from NexGuard, we are able to bring a market offering that provides immeasurable value to an enlarged set of players – throughout the entire value chain