Op-Ed: Cyber Security Is a Team Sport

Cyber threats are a shared risk and concern of everyone. Breaches exposing critical information and ransomware disrupting businesses plus malware causing substantial financial losses are unfortunately more common than not and impact all industries. As media technology has transformed to computer- and network-based technology, it is now fully exposed to this issue.

Gary Olson, Chair of the SVG Cyber Security Working Group

Broadcasters, Leagues, Teams, Venues and service providers are all interconnected and at live events every entity connected to any part of the group is exposed – even viewers. There is no such thing as “air gapped” anymore AND LIVE sports is the only true live programming left. This poses an interesting and different set of challenges.

All media operations are integrated at some level, and media services are no longer fully segregated. The security teams have become aware and informed about how media technology operates, along with the risks associated with production and the challenges to protect broadcast while protecting the systems. But media production has certain peculiarities and eccentricities different from most other industries. Waiting for a virus scan to complete prior to a broadcast or live sporting event is not acceptable.

Incident planning and response is critical to both protecting and recovering from a cyber incident. Most cybersecurity professionals agree it’s a when, not if situation. Incident planning and response must be multifaceted and encompass both internal and external resources. Internal departments include broadcast engineering, legal, finance, IT and management. Then there are the external resources i.e. multi-vendor support, law enforcement, insurance companies and security specialists.

Streaming services are a live connection to content providers, content distribution networks and the viewer. How much damage would an infection cause? And now work-from-home and remote operators have added a new dimension to this problem.

Communication is one of most important pieces of cybersecurity. Good communication is also multifaceted. Cyberattacks do not happen in a vaccum, and this is an industry where technology is common across all users and most service providers are integrated at some level during major live events.

This is not about sharing secret sauces or opening the kimono; this is about sharing knowledge and information to help each other reduce the risk potential of a cyberattack and communicate awareness in the unfortunate circumstance of an incident. It can include sharing notes on how to plan, i.e. communication strategies and staying on the air while addressing a problem. Across the entire media industry, if it affects one, the odds are it will affect all at some point. So, communicating an incident helps to put everyone else on notice to pay extra attention and inform their organizations. When a patch or a fix is found to the attack, that must be effectively communicated as well.

Working together as a community on cybersecurity can only help mitigate the threat situation and help reduce the impact of an attack.

All industries have many trade groups and media is no different. Many trade organizations have the same set of members or subsets of the same groups of members. One of the great benefits of today’s technology is the ability to easily communicate and set up communication channels to share knowledge and information. This doesn’t compromise anyone’s corporate security, it’s easy to moderate and there’s no travel required. It doesn’t even need yet another meeting.

How about establishing a communication channel with a member from each group to share knowledge and information? Each representative can share the knowledge to their own group. Within the communication channel, maybe there can be a place that is open to members of all groups to post threat discoveries – COMMUNICATE!!!

This could become an exceptional TEAM in the Cyber War Games!!!!!!

Gary Olson is Chair of the SVG Cyber Security Working Group and a technology architect, educator and designer for IP broadcast facilities