Broadcasters Should Beware of Hackers, NAB Panel Says
Broadcasters need to be more aware of their vulnerability to hacking and cyberattacks, said panelists on an NAB webcast on cybersecurity. Broadcasters are considered “critical infrastructure” by the federal government because of their role as “first informers,” and have a responsibility to maintain their ability to transmit emergency alert system messages and information, said Kelly Williams, NAB senior director-engineering and technology policy. It's “vital” that broadcasters prevent attackers from taking over or shutting down “broadcast resources,” said David Simpson, chief of the FCC Public Safety Bureau.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
Nearly every “critical” device broadcasters use to get their signal out is some form of Windows or Linux computer running software that allows it to perform its particular function, Williams said. That means those machines are potentially vulnerable, he said. Computers used for actual broadcasting shouldn't be networked with office computers used to perform more standard Internet functions such as checking email, Williams said. This will lower the signal's vulnerability to viruses transmitted over email or social media, said ABC Director-Business Continuity Howard Price.
Broadcasters should limit who has access to their IT networks and change passwords frequently, said Cynthia Brumfield, an analyst and president of DTC Associates. A recent hack of retailer Target's stored data was traced to an HVAC company that needed to access the company's IT systems to complete a job, Price said. A third of all IT breaches can be traced to “insiders,” Price said. Broadcasters should remove an employee's access to IT as the first step of terminating that individual's employment, he said. Media companies typically pay around $185 per person affected for an IT breach, Price said. The persons affected could be all of a broadcaster's employees in the event of a leak of HR data, but the number could balloon if data belonging to other companies, such as advertisers, are stolen as part of the attack, Price said.
Broadcasters should discuss cybersecurity threats with all their employees to raise awareness, said Steven Carpenter, a cybersecurity engineer in the Public Safety Bureau. Since many hacks begin with employees duped into sharing sensitive security information with outsiders, raising everyone's awareness will cut broadcaster risk, he said. FCC proposals to improve EAS and require authentication of the alerts could further enhance station security, Carpenter said.