This paper will detail the working methodology of the attackers and define a sample strategy that can be used to deter, detect and successfully defend against this kind of attack.
The concept of the cyber kill chain will be discussed and mapped to the relevant stages of the broadcast chain. Any device that has an IP management interface is susceptible to command and control by an unauthorised user.
Following the recent hacks of US radio stations in the Republican heartland that successfully aired a song against Donald Trump, the hacking of Channel 2 in Israel for politically motivated reasons, the TV5 attack; broadcasters need to pay more attention to the cyber security of the broadcast network.
Attacks come from far and wide, however when the methodology used in attacks is analysed, it is very similar to that used in other industries from which we can learn lesson to prevent any negative impact on our operations.
Organisations operate in a complex environment with adversaries coming from far and wide all over the internet. Previously the attack surface was much smaller, it was limited to physical security and systems operated using one way traffic. In this modern day and age, the threats posed include those from Criminal Gangs, Nation States, and Hacktivists amongst others.
One only needs to look back to the Mirai botnet and Wannacry worm to see the impact these have had on a global scale. These attacks are known as Computer Network Attacks (CNA), with the aim of taking the systems offline and potentially making the system inoperable.
Attackers used a well-planned attack method called the Cyber Kill Chain. This model is based on the military attack structure. In order to defend against this type of attack, the kill chain must be disrupted at several stages.
To disrupt this attack path, the defenders need to assume the mind-set of an attacker. With the broadcast landscape now embracing IP Networks, Personalisation, Cloud Virtualisation and embracing more disruptive technology, this makes it an attractive target for an attacker.
The recent attacks in the industry have resulted in services going off-air, stolen intellectual property and accessed confidential information. They have also been attacks on the integrity of the chain as attackers have replaced legitimate streams with streams of their choice.