Broadcasters depend on networks for administrative and operational tasks. When those networks are compromised by ransomware, as the network at KQED(FM/TV) in San Francisco was last summer, the ability to accomplish those tasks can be reduced, or stopped completely.
Dan Mansergh, chief technology officer of KQED, spoke to a Broadcast Engineering and IT Conference audience from experience. “The warning is clear: if you don’t want to have your network attacked and your business interrupted, pay attention to what’s going on in there [the network] and actually take action.”
Mansergh quoted a study from Malwarebytes that showed the increase in ransomware attacks as a total of all attacks from 18 to 67% in almost a year’s time from January to November, 2016. Some of those attacks ask for a low ransom, which Marsergh said, should raise suspicion, that they may be a “false flag” attack masking other motives.
KQED learned many lessons as they worked to fix the damage to their network. They needed to fine tune an emergency response plan. Regular data backups of program and administrative data to cloud services, separate drives and off-site data backup can help get a facility back to more normal operations. Others dealt with separation of data networks; broadcast operations on one network with administrative functions on another. KQED broadcast operations were not hacked because of this approach.
Another facet was control of laptop computers that could access networks. Administrative rights to install software, for example were curtailed. “When you’re locking things down, part of the tradeoff, it requires a lot more [management] support.”
Mansergh summed up the dynamic of broadcast network security. “It’s always a balance between how secure you need to be and how convenient to the user. We were way too far on the convenience side. We want to be mindful we’re not going way too far on the security side because we still need to get work done, but we don’t want to risk what we had before.