Bringing more IT technology into the broadcasting domain has created new opportunities for media production and distribution, but it has also exposed the medias to security threats and frauds that are present and increasingly important on the IP world.
Content security is also at stake: first, misinformation is a growing threat that damages confidence the public has in medias: as audience is now getting information through multiple platforms, they don't know how to be sure a piece of news comes from a respected media. Second, piracy is damaging legitimate service provider revenues, which acknowledge that they won’t be able to afford to provide high quality services if they continue to lose consumers to piracy. 
With its Media cybersecurity activities, EBU aim first at raising awareness across the media industry of these increasing security risks. It also brings together media actors to exchange knowledge and experience on security topics and collaborate to ensure media systems, infrastructure and procedures used all along production and distribution workflows do not create security breaches that could lead to impactful attacks. Finally, the whole media ecosystem need to collaborate to develop means to effectively fight against piracy and misinformation across the industry.
Topics under study
- Media Vendor Equipment Testing - 1st vulnerability testing day: 19th May 2021
MCS group performs vulnerability tests on media equipment and maintains and publishs a list of vulnerabilities, following the remediation process detailed in Recommendation R160 with vendors.
- Field Digital Safety for field Journalists - 1st Online Learning Session done on 23rd April 2021
Field journalists should use the right technologies and practices that keep them safe while doing their investigation work in hostile environments. Those tools and practices should protect their anonymity, make sure they can continuously communicate with their home countries, and let them produce and transfer securely their content from the field to media newsrooms. MCS is working hands in hans with EBU Academy to develop and moderate cybersecurity trainings for field journalists.
- Cybersecurity Benchmark - Results available to members in Q2 2021
As Media Industry is transitioning gradually to IP-based/ connected technologies, it becomes more exposed to cyberthreats. But how mature are European Public Media organisations in terms of cybersecurity, do they have a security strategy approved by executives, and a well-staffed security team that operates proactively? Are their cybersecurity processes effectively used, what is the level of security awareness across their organisations ? MCS benchmark study will provide answers to these questions and help EBU members assess their cybersecurity maturity compared to other EBU members.
-
Cloud and Cybersecurity - stay tuned for coming events in 2021!
In 2020, the Covid Crisis has been a big accelerator for cloud adoption by media organisations. While it is generally acknowledged that major public cloud data centers are more secure that traditional on premise datacenters, one must not forget that security in a cloud environment is a shared responsibility between the users and the providers. MCS group has published Recommendation R146 on Cloud Security and is now regularly exchanging on best practices and cloud- based solutions' vulnerabilities within EBU and with external vendors and partners. MCS participate to Hybrid cloud Production (HCP) Proof of concept projects to raise awareness on the needs to take security into account from the design phase and derive some recommendation on Security and Cloud production.
- Fact checking and Media Provenance Management - 2021
The whole media industry and social medias should collaborate to fight against the proliferation of fake news. EBU participate in the evaluation and promotion of provenance management solutions, in particular leveraging blockchain technology.
Recommendations
EBU R 141 - Mitigation of Distributed Denial of Service (DDoS) Attacks- EBU R 142 - Cybersecurity best practice for connected TVs and services
- EBU R 143 - Cybersecurity for media vendor systems, software & services - NEW VERSION
- EBU R 144 - Cybersecurity Governance for Media Companies
- EBU R 145 - Mitigation of Ransomware and Malware Attacks
- EBU R 146 - Cloud Security for Media Companies
- EBU R 148 - Minimum Security Tests for Networked media Equipment
- EBU R 160 - Vulnerability Management Procedure Toward Media Equipment Vendors
- EBU R 161 - Responsible Disclosure Policies for Media Companies
EBU R 162 - Security Maturity Benchmark for Media Companies.- EBU R 163 - Security Level Agreement for Media Companies Service Providers
- EBU R 164 - Secure File Ingest Best practice for Media Companies
- EBU R 165 - Information Classification Policy.
- EBU R 166 - Secure Software Development Lifecycle.