Networks Provide Unprecedented Flexibility

Networking is providing unprecedented flexibility and creativity when it comes to audiovisual systems. As we leverage this new technology, network management and cybersecurity become extremely important elements of a successfully installed system.
Networks Provide Unprecedented Flexibility
Like

Networking is providing unprecedented flexibility and creativity when it comes to audiovisual and media systems. The use of IT infrastructures and IP is enabling entirely new ways to design and build spaces and experiences. As we leverage this new technology, network management and cybersecurity become extremely important elements of a successfully installed system.

Generally speaking, traditional "video per cable" and "audio per cable" technology is easier to manage or at least has better coverage via legacy monitoring products. Simple techniques can be employed to troubleshoot the system when problems arise. These traditional technologies also have fewer security challenges due to their isolation and the minimal handling of confidential information beyond logging into management interfaces. Because of the fixed nature of these installations, it is a lot less likely that the wrong image or audio signal would appear on the wrong destination. Therefore, concerns over the confidentiality of the media and the potential for "eavesdropping" is minimal.

New network-based system deployments offer unprecedented flexibility and scale when compared to their predecessors. It is now possible to do a lot more using a network than ever possible using a fixed routing matrix, opening up new and exciting ways to connect and create spaces. However, with this new-found flexibility and scale comes new unique challenges in terms of management. Because networks are dynamic, and media/data/IP can go just about anywhere at any time and can change in an instant, network visibility is an invaluable requirement. What "was" working in a network an hour ago can suddenly stop working, and the question is why? Without an effective management solution in place, the answer will inevitably be "who knows?". When issues arise and the answers aren't immediately clear as to why; the finger-pointing starts. Operations blame the engineering team, engineers blame IT, IT blames the AV system, the AV manufacturer blames the network, and on and on. The whole time the end user suffers while the instability in the system persists and continues to affect the quality of experience for their space/venue. Implementing effective network management should allow any team member regardless of networking/IT background to be able to quickly diagnose the issue and focus on fixing the problem and not the blame game.

Networks can connect entire buildings and campuses but also introduce an element of cyber risk to an organization. The specific impact an AV or media system can have in terms of cyber risk has to do with the ability of a bad actor to "weaponize" the less-than-perfect security of an AV or media device on the network. Another, cybersecurity challenge unique to AV and media systems is their responsibility for keeping the media private. Confidential video and audio are delivered using the network, which exposes the media data to being "intercepted". Even data that is content-protected using encryption is still susceptible to "eavesdropping" if the data is accidentally or intentionally routed to an output where it should never go.

Management tools should be adopted anywhere a network is used for AV and media operations. The management system should have dedicated resources to help provide easy and comprehensive visibility into the network for non-IT staff and provide the necessary diagnostic information to help troubleshoot and secure the AV system. A successfully deployed management system will pay for itself with the first network-related issue and will be priceless when it comes to stopping a cyber incident or detecting a breach of confidentiality.

Please sign in

If you are a registered user on AVIXA Xchange, please sign in

Go to the profile of Aaron Weiler
over 1 year ago

Jamie, 

Excellent article with a ton of great points! The eavesdropping subject has really had my attention lately. I think of tunneling and and VPN like layer 3 services for the wireline problem. However, this requires an exchange of control information between two devices, so clearly the AV device, and perhaps a networking device would have to be on the same page there. This is clearly a heavy lift and would once again require manufactures of both disciplines to coordinate. The WiFi side of things already has a plethora of options for not only encryption but also access control. The biggest problem I see with that is the overhead for PHY and MAC layer communications. Is the time/latency introduced in the exchange too much for live AV systems? Since we can stream real-time applications over WiFi currently,  is this even a valid concern of mine to have?

Go to the profile of Jamie Horner
over 1 year ago

@Aaron Weiler thank you! The content protection/encryption and access control for devices and their content/media are covered in most cases but this is dependent on the manufacturer. The real challenge is there isn't a single "standard" to which all network AV devices follow for transport and security. Generally speaking where the video is concerned, especially if HDMI video with HDCP is in use, from what I have seen encryption is mostly present, again not definitive as it is up to the manufacturer. A lot of high bandwidth low latency implementations of AV over IP utilize hardware acceleration (FPGA) to handle encryption, so there shouldn't be a limitation from that perspective. So I would say generally speaking AV does a pretty good job at protecting the confidentiality of the video media from being intercepted on the wire by an intrusion. However, there is still a potential gap when content is routed to the wrong destination, even with encryption in place. In this scenario, the compromise (accidental or intentional) happens at the control layer. It could be the control software is used to send a route instruction or lower level this could be an IGMP join request generated which switches services and route content to a receiver. I have not seen a solution to this specific security gap, therefore, observation and detection are the best defense, i.e. network management software is a must.