Cisco : Protect, Detect, Respond – this cybersecurity mindset is also for payTV providers

Cisco Blog >SP360: Service Provider

In the world of cybersecurity, many organizations have implemented some version of the 'identify, protect, detect, respond, recover' framework proposed by United States National Institute of Standards and Technology (NIST). Underpinning this framework is an acknowledgement that cybersecurity is not a one-of effort and that there are no protection measures that will withstand a determined attacker. Therefore a robust cybersecurity program needs also effective detection, response and recovery mechanisms.

PayTV providers historically paid a lot of attention and invested significant resources in protecting their content and service from piracy. For most this meant deploying Conditional Access Systems (CAS) and Digital Right Management (DRM) technology mandated by the content owners - the Studios and sports rights holders - to protect content. The more security conscience providers invested in securing also their end-to-end system.

But protection alone has never been enough. Pirate have always found a way around protection measures. In the past, they found ways around the Conditional Access System that protected broadcast content. Today they are finding ways around the DRM system protecting OTT content. And they are also finding other service vulnerabilities that can be exploited.

A good video security system provides robust protection but also acknowledges that there are no silver bullets against piracy and therefore vigilant monitoring and detection of the service are critical.

As the payTV industry ventures outside its traditional closed networks and onto unmanaged devices connected to the Internet, the need to monitor and detect service breach is more important than ever.

And when a breach is detected, it is critical to have a skilled team and the right technology to enable an effective response and recovery. For example, if you find that encryption keys were compromised, you need a way to refresh them. If you find that your DRM client has been compromised, you need a way to effectively deploy a countermeasure/patch to devices in the field. And if you find your content being illegally redistributed on the open Internet or rogue IPTV boxes, then you need to find effective ways to cut off the devices on your service that are feeding these illicit activities.

Cisco Video Security (and NDS before it) had always invested significant resources in expertise and technology to monitor, detect and respond to service breaches. As a result, our customers have been free to focus on their business instead security. In recent months, we've expanded our approach to include more comprehensive monitoring for pirated content. See our blog on 'a new paradigm for dealing with illegal redistribution of content.'