Front-line vendors were due to conclude the third JT-NM Tested Program in Houston in March, but Covid-19 transformed the conversation on the project, writes George Jarrett.

Cyber security

Cyber security: Was one of the pillars for the JT-NM test team

Coronavirus has given the concept of ‘virtual’ so many new values, and it was by turning to a virtual workshop environment built around a VPN that the newly formed JT-NM Test team was able to save all of its first stage work. 

The Test team had been due in Houston in March for a face-to-face validation over five days, to conclude the third JT-NM Tested Program. The pillars of this project were cyber security, NMOS registries/controllers, and the umbrella technical spec TR-10001-1. 

Bowing to the pandemic was made worse by the fact that the PICS driven self-certification system was not ready for use by participants, so the test procedures centred on submitting spread sheets listing test results, the testing outputs from the automated tools, and stream captures for ST 2110 testing.  

The oddity in the system was no automated tools for the NMOS controller sets, so in taking this on fully CBC Radio Canada enabled the only full value badges to be issued.  

Ievgen Kostinkevych, the senior IP media technical architect with the EBU, emphasises that the new board is a “neutral body”.  

“It is by users for users, to eliminate any kind of potential situation where a decision regarding JT-NM tested can be biased,” he says. 

Moving to what happened around the global VPN, he added: “Given the short time we had to completely change the whole thing to be a virtual remote event, we were not able to fully prepare the infrastructure for full-blown remote testing. But in general, the reception was very good.” 

Final messaging was headed by the news that the only JT-NM Tested badges were going to NMOS controllers.  

“We also awarded two new badges entitled ‘self-tested in accordance’ with JT-NM Task Force, ST 2110, AMWA NMOS, and TR-10001-1. This reflects the fact that the results, while derived from the JT-NM Test Plan, have not been verified fully by JT-NM,” adds Kostinkevych. “We wanted to make sure this is clear for potential customers. 


Ievgen Kostinkevych: Senior IP media technical architect

“Cyber security was done in parallel and while it was not a badging activity it was a mandatory requisite for even entering the program,” he explains.  

Moving onto TR-10001-1, Kostinkevych says: “It is being reviewed, so there will be editorial clarifications, and a TR-10001-2 is still to be considered. We also need PICS.” 

Users are telling vendors that they want IP to be ‘plug and play’ simple. 

“There is a lot of speculation around this question, and it certainly is a game changer. It will take time to get there, but there is no way round it because IP will be the future,” adds Kostinkevych. 

He was just waiting for opt outs before the consolidated reports went onto the final JT-NM test catalogues. “In summary, we were only able to rely on things that were given via that FTP server,” he added.  

Ping time at CBC 
Felix Poulin, who leads the engineering lab team at CBC Radio Canada, was the testing lead for six NMOS controllers, and a test plan was designed for execution in person. 

“In fact, the VPN over the control network turned out to be as if each vendor controller was on the same local network as our test bed,” says Poulin. “With an additional video conference tool as a back channel, we communicated with the companies and viewed their controller UIs almost as if we had been co-located. Ping time was measured up to 200 milliseconds.” 

What did Poulin learn? 

“We can see that TR-1001-1 (NMOS IS-O4 and ISO5) is gaining traction and implementation maturity.” 

This is “good”, he adds, because ST 2110 systems alone without NMOS and TR-10001-1 would be “much more complicated technology than using SDI”.  

With backgrounds as broadcast engineers, they were reluctant at first to put to put their hands into RESTful API as used by NMOS specifications. “But once we got started with the available resources, mostly free and open source, we found it straightforward to use. NMOS support into controllers is now real, with many choices.” 

There were feature and behavioural differences in each product tested. Is CBC involved in the AMWA plans for implementations of authentication for MNOS over networks? 

“We are closely following the progress of NMOS API security. It will be the next step for our own internal NMOS PoC to investigate, and this is an important aspect for any serious IP implementation,” says Poulin.         

Other Internet standards 
Andrew Bonney, senior engineer with BBC R&D, was the testing lead for NMOS registries and TR-1000l-1, for which he was one of a big group of co-inventors.  

“Because of the situation we found ourselves in, there were not as many new products as I was hoping. Products that did well (last time) are still doing well. Some new products are doing quite well, and some that did not do well last time did slightly better,” says Bonney.  

His concern was people adhering to TL-10001-1 plus the AMWA specs.  

“It goes onto include other Internet standards as well to get the products to support things like DHCP and LLDP,” he adds. “I do not expect changes to TL-10001-1 itself, because we are trying to keep a stable document. There may be a future -2 document to go alongside it. 

Within the JT-NM Pyramid there are lots of areas, for example security, that people are keen to see improvements in, according to Bonney. 

Asked to explain the NMOS registries and the control apps as a production end user may find them, Bonney says: “The registry is essentially an infrastructure search, a network service, that you have a small number of deployed in the network. The controller is then the thing that users interact with. 

“The general end user will never have to see the registry, or possibly even know it is there. But they will interact with whatever interfaces the controller provides to them,” he adds. “It is a thing you have to set up and manage, and have that familiar interface available.” 

Felix pulin (2)

Felix Poulin: Part of the engineer team at CBC Radio Canada

IP is a long way from simple plug and play, but this has always been the BBC R&D desire. 

“That is what things like TR-10001-1 aim to do, to make it simple, consistent, and following existing Internet standards as closely as possible,” says Bonney. “The big challenge is how you take all these technologies and turn them, via the use of UIs, into something that is easy to use and easy for users to understand and configure.”

Only a handful 
Gerben Dierick is the co-chair of the EBU Media Cyber Security Group, and, in his day job at VRT, he is information security officer.  

The cyber security element of the program does not award badges or publish individual results. This is because companies can test compliance to a published standard but proving a device or a piece of software is secure is not possible, Dierick explains. 

Previously all devices present were scanned for identified security issues, results were published and false positives removed.  

“We demonstrated how an attacker could abuse their systems. Following the lead of other tests this time we asked participants to scan their own systems. The main purpose was getting them acquainted with security scanning. Only a handful perform security tests during their product development,” says Dierick. 

The cyber security situation will be reviewed in a report, along with good practice recommendations. How did it work out minus Houston? 

“Some participants clearly had trouble with self-testing. Brad Gilmer (of AMWA) and I assisted some beforehand, but there were still empty or weird looking scans submitted,” Dierick explains. “We double checked some of these over a VPN. This worked quite well, but most of our effort went into trouble-shooting VPN issues.” 

Some security issues were fixed. “We are not evil hackers but partners in creating better products. Even without the face-to-face part, progress can be made. The broadcast industry is moving to IP, but definitely also rapidly becoming IT,” adds Dierick. “We must measure the state of the industry to be able to target our efforts.” 

The last member of the new board was Willem Vermost, Design and Engineering Manager at VRT. He was testing lead for new things in the ST 2110 standard, specifically 2110-31.