Bringing more IT technology into the broadcasting domain has created new opportunities for media production and distribution but has also exposed media organization to the security threats IP-based technologies are exposed to.
Content security is also at stake. First, misinformation is a growing threat that can damage the public's confidence in the media. Audiences are now getting information through multiple platforms, some of which make provenance and reliability harder to assess. Second, piracy is undermining legitimate business models and ultimately an organization's ability to provide high-quality content.
With its Media Cybersecurity activities, the EBU aims to raise awareness and the ability to defend against evolving security risks across the media industry. It brings together media security experts and to exchange knowledge and experience on security topics and collaborate to ensure that media systems, infrastructure and procedures used in the production and distribution chain are protected against potentially very damaging attacks. The EBU argues that collaboration between all actors in the media ecosystem allows the creation of more effective means and approaches to fight cyberattacks, piracy and misinformation.
Topics under study:
Media Systems Vulnerabilities
MCS group recommends vendors comply with R143 to ensure media systems are cybersecure. MCS also provides testing guidelines and organize testing campaigns with EBU members and vendors, to perform vulnerability tests on media equipment. A list of vulnerabilities will be maintained and discussed with vendors, following the remediation process detailed in Recommendation R160.
Cybersecurity Awareness
MCS aims at improving awareness on cybersecurity within EBU member organizations and in the media industry as a whole. In particular, various trainings are available to EBU members' employees.
Online Learning Sessions
During Online training sessions, we present the basics for a good security organization, disseminate on the importance of cybersecurity. Goal is to reach a as large as possible audience, but mostly target managers in organizations that do not have well established security team and processes. 4 online Learning sessions are available online to MCS group members.
Masterclasses
Combining EBU Members’ expert contributions, use cases and exercises, with theoretical presentations and hands-on exercises, the e-Master Class will provide media professionals with tools and best practices on how to improve the cybersecurity of their organization; protect its assets, preserve its reputation, comply with current EU regulations and guarantee business continuity.
- Masterclass on Media Cybersecurity for managers- (EBU members only)
- Hands-on Cybersecurity - Masterclass for broadcast engineers and technicians
Digital Safety for Field Journalists
Field journalists should use the right technologies and practices that keep them safe while doing their investigation work in hostile environments. Those tools and practices should protect their anonymity, make sure they can continuously communicate with their home countries, and let them produce and transfer securely their content from the field to media newsrooms. MCS is working hands in hans with EBU Academy to develop and moderate cybersecurity trainings for field journalists.
Cybersecurity Benchmark
As the media industry is transitioning gradually to IP-based/connected technologies, it becomes more exposed to cyberthreats. But how mature are European public media organisations in terms of cybersecurity, do they have a security strategy approved by executives, and a well-staffed security team that operate proactively? Are their cybersecurity processes effectively used, and what is the level of security awareness across their organisations? MCS benchmark study will provide answers to these questions and help EBU members assess their cybersecurity maturity compared to other EBU members.
Cloud and Cybersecurity
In 2020, the Covid Crisis has been a big accelerator for cloud adoption by media organisations. While it is generally acknowledged that major public cloud data centers are more secure that traditional on premise datacenters, one must not forget that security in a cloud environment is a shared responsibility between the users and the providers. MCS group has published Recommendation R146 on Cloud Security and is now regularly exchanging on best practices and cloud- based solutions' vulnerabilities within EBU and with external vendors and partners. MCS participate to Hybrid cloud Production (HCP) Proof of concept projects to raise awareness on the needs to take security into account from the design phase and derive some recommendation on Security and Cloud production.
Recommendations
EBU R 141 - Mitigation of Distributed Denial of Service (DDoS) Attacks- EBU R 142 - Cybersecurity best practice for connected TVs and services
- EBU R 143 - Cybersecurity for media vendor systems, software & services - NEW VERSION
- EBU R 144 - Cybersecurity Governance for Media Companies
- EBU R 145 - Mitigation of Ransomware and Malware Attacks
- EBU R 146 - Cloud Security for Media Companies
- EBU R 148 - Minimum Security Tests for Networked media Equipment - NEW TESTING GUIDELINES UNDER DEVELOPMENT- CONTACT US FOR MORE INFO
- EBU R 160 - Vulnerability Management Procedure Toward Media Equipment Vendors
- EBU R 161 - Responsible Disclosure Policies for Media Companies
EBU R 162 - Security Maturity Benchmark for Media Companies.- EBU R 163 - Security Level Agreement for Media Companies Service Providers
- EBU R 164 - Secure File Ingest Best practice for Media Companies
- EBU R 165 - Information Classification Policy.
- EBU R 166 - Secure Software Development Lifecycle.