About Jamie Horner
Over 20 years of experience in engineering, product management, and systems architecture, working in the networking, media & entertainment, and AV industries. Led several industry-first enterprise video-over-IP projects. Founded HiCLIFF with a mission to help address the challenges of managing and securing new modern networked AV and media environments.
Company Type
Department
Language
Intro Content
Learning
Broadcast AV,
Digital Signage,
Live Events / Performance Entertainment,
Business of AV,
IT and Networked AV
Networks Provide Unprecedented Flexibility
Networking is providing unprecedented flexibility and creativity when it comes to audiovisual systems. As we leverage this new technology, network management and cybersecurity become extremely important elements of a successfully installed system.
Recent Comments
Thank you for adding resources such as the cybersecurity framework that can be found on the NIST and the link to HiCLIFF. I agree that cybersecurity should be on everyone's radar. Training can really help a team stay vigilant. And it's important to know that cybersecurity software can be a tremendous team player. Regarding software, it's great to keep in mind your example stating that if your organization has an element of AV and IoT, they should employ systems that specialize in these components! Wonderful tips.
Thank you for your thoughtful comments, @Iulia Popescu. The post is an introduction to the subject, hopefully, it demystifies cybersecurity a little bit. The use of technology, specifically in the case of cybersecurity, can be beneficial to an organization as it helps automate processes that are both time-consuming and tricky to tackle manually.
Jamie,
Excellent article with a ton of great points! The eavesdropping subject has really had my attention lately. I think of tunneling and and VPN like layer 3 services for the wireline problem. However, this requires an exchange of control information between two devices, so clearly the AV device, and perhaps a networking device would have to be on the same page there. This is clearly a heavy lift and would once again require manufactures of both disciplines to coordinate. The WiFi side of things already has a plethora of options for not only encryption but also access control. The biggest problem I see with that is the overhead for PHY and MAC layer communications. Is the time/latency introduced in the exchange too much for live AV systems? Since we can stream real-time applications over WiFi currently, is this even a valid concern of mine to have?
@Aaron Weiler thank you! The content protection/encryption and access control for devices and their content/media are covered in most cases but this is dependent on the manufacturer. The real challenge is there isn't a single "standard" to which all network AV devices follow for transport and security. Generally speaking where the video is concerned, especially if HDMI video with HDCP is in use, from what I have seen encryption is mostly present, again not definitive as it is up to the manufacturer. A lot of high bandwidth low latency implementations of AV over IP utilize hardware acceleration (FPGA) to handle encryption, so there shouldn't be a limitation from that perspective. So I would say generally speaking AV does a pretty good job at protecting the confidentiality of the video media from being intercepted on the wire by an intrusion. However, there is still a potential gap when content is routed to the wrong destination, even with encryption in place. In this scenario, the compromise (accidental or intentional) happens at the control layer. It could be the control software is used to send a route instruction or lower level this could be an IGMP join request generated which switches services and route content to a receiver. I have not seen a solution to this specific security gap, therefore, observation and detection are the best defense, i.e. network management software is a must.
This brought up a super interesting point that I had never thought of before which is this:
Now, the concept here is pretty easy to grasp but I think it can be overlooked. What I mean is; most of the time IT security focused individuals are focused on preventing bad actors from entering the network and gathering traditional data. From my experience there has been a focus on what you could call a "live listen" or "live view" almost like looking through a peephole to gather real-time data. What I find even MORE interesting is what you could gain from doing this. As in, often times folks are what I would call "disarmed" in those situations. For instance, you are more likely to share and say things that you wouldn't normally do if you knew those communications were being recorded and stored (which I would assume they are normally not always). So, the information you could gather and record on your own as a bad actor would pay off BIG TIME. I'm curious if anyone has ever had a breach of this nature because that would be a super interesting case study.
@Aaron Weiler culpability, that is a great (scary) question for sure. The example you gave is a great one, but let's say that the company is simply only adopting a given "industry" standard for delivering the audio over the network, and therefore they did not develop "how" it is done or how securely themselves. Does that therefore mean we look to "standards" themselves and consider which ones offer the most sound (excuse the pun) security as a larger influence on product selection? If brand X does it one way and brand Y another, security may be the reason one is chosen over the other. And if that happens security should improve as it becomes a bigger factor in the win/loss column for a manufacturer. A very interesting subject (can of worms) for sure!
This brought up a super interesting point that I had never thought of before which is this:
Now, the concept here is pretty easy to grasp but I think it can be overlooked. What I mean is; most of the time IT security focused individuals are focused on preventing bad actors from entering the network and gathering traditional data. From my experience there has been a focus on what you could call a "live listen" or "live view" almost like looking through a peephole to gather real-time data. What I find even MORE interesting is what you could gain from doing this. As in, often times folks are what I would call "disarmed" in those situations. For instance, you are more likely to share and say things that you wouldn't normally do if you knew those communications were being recorded and stored (which I would assume they are normally not always). So, the information you could gather and record on your own as a bad actor would pay off BIG TIME. I'm curious if anyone has ever had a breach of this nature because that would be a super interesting case study.
I agree @Aaron Weiler , this article touches on a "new" security challenge, which is unique to AV/communications systems. The challenge of maintaining and ensuring the confidentiality of the media (audio and video) delivered across the network. AV systems are deployed to aid in communication in corporate settings, and the nature of many of those communications can be confidential in nature. Therefore, the AV system has a big responsibility to ensure that confidentiality is maintained. Media as an example that is not encrypted would make it easily accessible for someone to "listen" in. However, even media that is protected over the network could still be susceptible to eavesdropping if the media was routed to an authorized receiver on the network, but in the wrong location. Network security is a very important aspect of any AV deployment where confidential media is being delivered via the network.