As broadcasters continue to exchange media over IP networks and the internet, maintaining the highest-level security is of paramount importance in the fight to stave off malicious actors. Although encryption may go a long way to keeping out network sniffers, other security challenges reside deep in the connecting equipment.
Broadcast facilities are highly vulnerable to cyber-attacks. Whether these are from political dissidents looking for a high-profile target to convey their message or a malicious state actor needing to cause disruption, broadcasters are high profile targets for cyber-attacks and everything possible must be done to protect their facilities and transmissions.
Operating systems are at the root of virtually every software-based processing system in IT and broadcast infrastructures and provide the essential function of coordinating low-level hardware resources. Not only are they crucial to the smooth and reliable operation of servers, network devices, and storage, but they form the core defense against malicious hacks and security vulnerabilities.
Most computer servers, network devices, and storage equipment need IP connectivity to communicate with the outside world in addition to sending and receiving video and audio media. The operating system is fundamentally responsible for processing these messages and often is the first line of attack for malicious actors who can act with undetected nefarious intent should the operating system have vulnerabilities. If they can compromise the operating system, then they are on the first level to breaching an entire facility.
Like all IT systems, security must be considered at the very start of the design process, not as an add-on at the end. For example, operating systems have modes of operation that restrict users from accessing certain parts of the memory or low-level input and output ports. Any software running in kernel-mode can access all these devices which allows full and complete control over the device. If a program can gain access to the kernel memory, then they have full read, write, and execute access, and this means the malicious hacker could re-write parts of the operating system to give them uninhibited access to all the programs the device is running or even install their own viruses and trojans.
Although kernel-mode operation is an essential requirement for low-level functionality such as IP packet processing, disk access, and system management, it could be catastrophic if kernel-mode gets into the wrong hands. Consequently, well designed operating systems will only allow users access to the user-mode which highly restricts how the low-level and security sensitive components of the system can be accessed. If a hostile actor gains access to a device in user-mode, then the damage they can inflict is greatly restricted and with adequate monitoring their presence can be quickly detected. This demarcation must be built into the operating system at the beginning of the design to maintain high levels of security.
The IT industry has developed methodologies that help companies and organizations to assess the level of security in the devices within their infrastructures. Penetration testing is one of these and works by sending messages into a network to ascertain its level of security, essentially, it’s an authorized and coordinated attack on the system which probes and tests every known vulnerability.
When broadcasters are considering security, which they should be doing continuously, then how can they evaluate the effectiveness of the security of their operating systems? One solution is to procure devices employing the core broadcast functionality from vendors that have a proven track history in building highly secure operating systems such as the CoralOS provided by SipRadius. This is a singular operating system that encompasses all the functionalities across multiple hardware, virtual, cloud installs etc., so the security is always matched and managed regardless of product delivery. Not only has SipRadius implemented CoralOS from scratch including compiling all the source code, but their devices are regularly stressed through third party penetration testing specialists working with high profile US broadcast facilities and military organizations.
Nor only does SipRadius’ commitment to security provided the highly impregnable CoralOS for broadcasters, but they have been working closely with US military organizations to further improve their resilience to cyber-attacks. Their integration of media delivery and distribution combined with intelligent monitoring ensures high-value media arrives securely at the destination with no artifacts or distortions.
SipRadius has been designing and implementing the secure CoralOS for over ten years and understand how to build military grade security. Broadcasters can benefit from this now and in the future with the continuous military grade testing that their systems are regularly subject to.