By now I am sure you heard about “TV5 Monde” TV networks being hacked and put off the air. While there has been quite a few media web site being hacked, this was the first time that the traditional satellite based linear TV was putted down.
Having built and operated TV networks and having developed technologies in use by network worldwide, I was not so much surprised that it happened but rather, why not before?
I don’t know the details of how TV5 operated and I doubt they would want to say too much but I can make some assumptions on how that was done.
We have first to see how the “broadcast centers” operates. If we go back 20 years (and in some cases far less) the video signal was originating from video tape players or live sources that wasn’t using IP technologies at all. At that time, disrupting the signal meant physically attacking the site. Since then, for efficiency, cost, reliability and quality, pretty much everyone has moved to an IP infrastructure with server-based playout. Video content is kept on computer file not too different than a quicktime or an mp3. The servers and other playout equipments are computers and in such, as vulnerable to attack as your typical desktop.
There are certainly ways to protect those critical assets and one good one is to operate it on a closed network, isolated from the internet. The problem with that is the daily opeation: When you need to load new content or load a “playlist” that comes from outside the broadcast center, the process can be tricky and time consuming.
In fact, as soon as you allow the broadcast center to interact with the outside world, you create vulnerabilities. If you know what you are doing and are careful, you can make it a lot more difficult for hacking to happen but often, people involved in the television industry don’t see the major risks where they are. Often the take what I cam calling the “fortress” approach. Building big wall, putting strong firewall and policies while having a weak protection inside.
The fact is that a majority of computer crimes are commited by people with inside knowledge. The people close to you are the ones that often have the biggest interest in attacking your business. Maybe it’s financial, maybe they hold a grudge agains someone or any of the many reasons you can think about.
I was thinking about comments that was made on TV and radio this week regarding that attack and there was a lot were about how rich ISIS is and how they can pay good hackers and computer scientist to perform attack and I was wondering that with money, it would actually be more cost effective and faster to pay an insider to get the relevant information. Almost everywhere, broadcast operators are employee that earn a relativelly low salary (in the range of 30k to 60k per year in the US and much much less in outsourced facility through the world). Giving a year worth of salary for some information that those people have would be much less costly than having comptuter scientists on your payroll and your success rate better.
Now, I am not saying that this is what happende here as I am always surprised how easily people still fall for fishing email and that they may have gained acces to all the systems and all the information they needed by simply sending fishing email to the staff.
One other thing that got my attention is the fact that they were able to bring down all of TV5 Monde networks (9 were reported) and the time it took them to bring it back. That for me means that they had a very centralized system and not much redundancy.
Again it’s hard to comment without knowing more but what I can do it share with you what I did to protect the broadcast system when I built Al Gore’s Current TV various networks (USA, UK, Italy) in the 2004-2009 timeframe. The systems were IT based and using IP technologies extensivelly and it was a precurcur to where the industry is going.
Here it is in a nutshell:
-Having at least two operators present at all time. Checking the background of those employees and rotating the shifts so that it makes it harder to have a malvolent pair. This reduce the opportunities that an employee can act to put down the network among other things.
-Current was broadcasting on more than one satelitte and instead of having a single site transmitting to each one, we had equipment installed at secure uplink site. That way, if the control center is down, the playout can continue without interuption. Those distributed centers had the capability of being autonomous. In normal time, the signal could come from the control center and no employee was needed but in case of emergency, trained employees could be on those local sites in a few hours. This insured that programing would continue unafected in the short term and long term, regardless of what may happen to the control center.
-For convenience, the content of the playout was served from a centralized storage sub-system but at least one server for each channel had a full locally attached copy. While that copy may lack content from the last few minutes or hours, this could survive the deletion or destruction of the centralized storage.
-Each TV channel had it’s own VLAN (Virtual Local Area Network) with switch-level traffic restriction (no multicast, packet type…).
-Segregation of duties: Desision makers are not those who implement it; those who have access to the switches don’t have it for the storage etc.
-Dedicated redundant private IP links (OC-3) between the various site with no internet acess.
This is not a detailed and extensive list of all the safeguards I did put in place there, but I think you get the idea.
So in conclusion I would say this: Is it possible to use IT and IP technologies in a safe way for television network? Yes, but there is no such thing as 100% safe and designs needs to be well though and risk have to be metigated so that any attack could have only a limited effect both in scope and in time.