Are Your Facilities Prepared for a Cyber Attack?

The era when broadcasters could believe they’re immune from cyberattacks is over.

tv5monde hackOn April 2015, France’s TV5Monde had all 12 of its broadcast stations knocked off air for 18 hours. French investigators found that the hackers had laid the groundwork for the attack by exploiting systems throughout TV5Monde’s infrastructure as far back as January 2015. TV5Monde’s president, Yves Bigot, stated that the cyber-assault was “unprecedented in the history of television.”

Even though broadcasters do not deliver IP-connected services directly to the public, our businesses rely heavily on Internet-based technologies for our on-air operations. Anything that has an Ethernet or USB port is susceptible. Those technologies can and have been exploited. While TV5Monde may have been a wakeup call, it was far from the only attack on broadcasters. Stations in the US have been subject to ransomware and malware attacks, as well as hacks of their RDS and EAS systems.

“The bodies of the dead are rising from their graves and attacking the living.”

In February 2013, individuals hacked into the EAS systems of KRTV Great Falls, MT and  announced “…the bodies of the dead are rising from their graves and attacking the living.” This “zombie alert” was broadcast to several Montana counties, and the individuals responsible for this attack have not been identified. KRTV was not the only station impacted by this type of attack. Just one day later, WNMU (PBS) and WBUP (ABC) were impacted by similar attacks in the Upper Peninsula of Michigan.

Radio stations in the US have also suffered at the hands of cybercriminals. In May 2013, the website of WTOP Washington began serving malware to anyone visiting the website using Internet Explorer. Visitors to the station website for two days were subject to this attack. In late July of last year, hackers were able to inject a racial slur in to the Radio Data System (RDS) of KBXX 97.9 The Box in Houston.

KBXX Racial Slur Hack

Hackers insert a racial slur into Houston station KBBXX 97.9 The Box’s RDS

Broadcasters serve a critical role in keeping their communities informed, and this becomes essential during times of crisis. We must protect our operations and ensure that we are able to serve our audience when they need us most.

Later this month, NAB will release tools to help your stations and operations augment your existing plans and capabilities to deal with cyber threats. Rising out of the NIST Framework and the FCC’s CSRIC recommendations, NAB has developed a white paper to help broadcasters enhance their existing disaster recovery and continuity of operations plans in anticipation of cyberattack. The white paper, which will be released to members on March 22, will include steps that broadcasters can take today to be more secure.

On the following day, March 23, NAB will conduct a live webcast entitled, Broadcast Cybersecurity: The Essentials featuring a panel of experts that will share actionable ideas on how to introduce cybersecurity into your business continuity plans. During this interactive panel, you will have the opportunity to ask the experts questions that apply to your particular station and impact your business. The panel will be moderated by Larry Walke of the NAB legal department and includes Cynthia Brumfeld (DCT Associates), Steven Carpenter (FCC), Howard Price (ABC Television Network), and Kelly Williams (NAB). Admiral David Simpson, Chief of the Public Safety and Homeland Security Bureau at the FCC, will give opening remarks.

On a personal note, these efforts mark my return to NAB after a 10 year hiatus. During my time away, I have built engaging educational experiences for children of all ages. My hallmark achievements were building the premiere platform for regulatory healthcare education and developing a character-driven storytelling approach for the in-school marketplace. Education is a core mission of NAB and one that I share. I can’t wait to bring these types of innovations in education to our broadcast community.