The latest version of EBU R 160 outlines a comprehensive procedure for managing vulnerabilities in the media industry. It covers pre and post-purchase stages for both buyers and vendors, and includes security and testing guidelines. EBU is dedicated to supporting its Members and vendors in implementing these measures, enhancing industry resilience against potential cyber threats.
The surge in cyberattacks is a pressing concern affecting a wide array of industries, and the media sector is no exception. Attackers are capitalizing on vulnerabilities within IP-based systems, underscoring the critical need for heightened security measures.
To fortify defenses, every organization within the media industry should join a network of security contacts, working collaboratively to swiftly respond should a vulnerability be discovered within a product or any of its components. This collective effort is pivotal in preempting potential attacks.
In its latest iteration, EBU Recommendation 160 – “Vulnerability Management for Media Companies and Media System Vendors” – now provides a framework for this. This procedure should be rigorously followed by media organisations both prior to and after the procurement of a media product, and throughout its entire lifecycle. Likewise, vendors are urged to adhere to this procedure before and after the release of a product.
This framework harmonizes with established best practices in vulnerability management within the realm of Information Technology. This includes adhering to the CVE process, ensuring the distinctive identification and assessment of vulnerabilities.
The recommendation also encompasses a set of security and testing guidelines that media organisations and vendors can follow to test their media systems’ security.
EBU is committed to streamlining this process and offering support to its members and vendors in effectively managing vulnerabilities. The objective is to create an environment where potential security weaknesses are swiftly identified and mitigated, safeguarding media industry as a whole against cyber attacks.