[EAS] Cybersecurity for broadcast stations

[Sean Donelan]

Unfortunately, its not unique to any particular vendor, many vendors ship 
products with insecure defaults. The vendor makes it the customer's 
responsibility to change those default settings in order to secure the 
device.  Much like automobile manufacturers used to blame drivers and 
passengers for dying in car crashes.

It usually takes many incidents, and several years of customers beating a 
vendor over the head, for the vendor to realize they can't blame the 
customer for not changing insecure default settings. A customer is not 
expert in every product, and doesn't know all the possible configuration 
settings in each product. The vendor must ship products with basic secure 
defaults and as part of its out-of-the-box configuration process.

Vendors with more experience on the Internet, i.e. Cisco, Microsoft, etc; 
have learned the hard way don't ship internet connected products with 
default passwords and open management ports. Windows XP used to ship with 
no password, no host firewall and open file sharing.  All vendors seem to 
go through the same stages dealing with default security configuration of 
their products of denial, anger, bargaining, depression and then finally 
acceptance.

Of course, that doesn't absolve the customer of its responsibilities
either.  Almost no industrial control system is secure enough to put 
directly on the Internet.  Most broadcast equipment is a form of 
industrial control system.  But its soooo cheap and easy to just to plug 
it in.

Barix has issued a statement:

http://www.barix.com/news/news-press-exhibition-singleview/article/radio-station-hacks-accentuate-importance-of-network-security/

Barix would like to emphasize that its devices are secure for Broadcast 
use when set up correctly and protected with a strong password. With 
several hundreds of thousands of Barix devices in operation worldwide, 
these unfortunate security breaches are an extreme rarity.

The problem rests with securing things on the Internet in general. By 
checking one of the named listing sites, significant numbers of 
Internet-connected devices of all types and brands can be found. These 
devices are easily accessible if not properly protected.

Barix streaming devices support the highest security levels with 
24-character password protection. However, attacks are made easier if this 
password is not used and changed regularly.

Barix is working with its Broadcast clients to help resolve individual 
cases. Our specialists are helping now and will be at the NAB Convention 
in Las Vegas, exhibiting at booth C1139.

We recommend that our customers:

1. Immediately change the password of their devices to use the full 24 
characters.

2. Review their network security; no device should be openly connected to 
the Internet. All devices should be secured behind firewalls, or connected 
using a VPN.

To address the complexity of setting up audio links over the public 
Internet, Barix has partnered with streaming specialists StreamGuys to 
offer the REFLECTOR service for Broadcasters, enabling audio to be sent 
over public Internet without exposing the devices to attacks of this kind.

REFLECTOR has been available to our customers for several years, and is 
used successfully by broadcasters worldwide to establish highly secure 
network connections for Audio over IP transport. Barix is offering a free 
30-day REFLECTOR trial for customers that are concerned about network 
security.

If you own a Barix device and have questions or concerns, call 
866-815-0866 in the US and +41 43 43322 11 internationally. Our technical 
support and customer service teams are always available.