Broadcasters Urged To Boost IT Security

With hackers assaulting everything from reporters’ cell phone signals to Sony Pictures’ computers, security experts say broadcasters need to bolster safeguards to keep news outlets’ technology — and the people who use it — safe.

That was one consensus of security leaders from CNN, ABC and CBS News Monday at TVNewsCheck’s NewsTechForum, a two-day conference in New York focusing on news technology.

“All safes are crackable. It’s just a matter of how long it takes to crack it,” said Todd Donovan, ABC SVP of broadcast operations and engineering.

Take, for instance, what CNN discovered in a recent study that tested the integrity of the cell phones reporters use in cities like Teheran and London.

“What we found was quite amazing,” said Charles Newberry, director of CNN’s information security office. He said the test found that cyber spies were intercepting CNN journalists’ cell phone signals with relatively easy using simple technology “that is not terribly expensive for the bad guys to have.”

Newberry said those “bad guys” were able to do everything from listening in on reporters’ conversations to intercepting their email using gadgetry similar to scanning devices sold at places like Radio Shack.

“We all intellectually know that there is the possibility of the intercepting of cell signals, and you better put some sort of protective measures in place,” he said. “But when you get the real data back, it’s a little mind blowing.”

Newberry said he doesn’t know what the interceptors’ motivation was in tapping into the journalists’ phones (the study just concluded). But the results did set in motion plan to provide foreign bureaus with encrypted phones, he said.

Panelists said they are instituting a number of such measures — encrypting cell phones and laptops, tools that look for malware, creating firewalls and staff education among them — to prevent hackers from accessing sensitive information.

Some protections boil down to common sense — not using untested equipment in places like hotel business centers to transmit information, for instance, panelists said. Communicating judiciously helps too, Donovan said. “If you don’t want to see it in The New York Times, it shouldn’t be in an email.” 

“A lot comes down to user education,” said Kris Lau, CBS News’ director of IT security. Lau, who until recently worked in the banking industry, said “one of the first things I noticed in media is that there is a lack of awareness in security in general.”

In turn, he stresses the importance of reporters using only company sanctioned gear when on the road. “It’s more about understanding what the risks are when you are using devices outside your control, and taking the necessarily precautions when you need to communicate,” Lau said.

Donovan said a mistake one reporter made — forgetting a laptop in the backseat of a Washington cab — shows how precarious the security of information is. That incident occurred during a presidential election, meaning that the reporter, who was covering one of the campaigns, potentially exposed not just her laptop, but also all the confidential, unpublished material stored on it, he said.

“You don’t have to hack our network if you just happen to find one of our laptops,” Donovan said. “You can get the keys to the kingdom that way.”

Breaking news situations — especially big events that require big work forces, like the Haiti earthquake — also test the security of newsgathering equipment, panelists said.  Donovan said protecting the integrity of newsgathering equipment is particularly difficult in covering disasters in places where they don’t have “the basic things you come to expect when you go to a country,” where often getting crews health care, food and water are preeminent concerns.

He said the “road warriors” often deployed in such events are journalists so used to working in war and disaster zones that they are equipped with what it takes to ensure their personal safety, as well as that of their gear.

Under such circumstances, broadcasters often deploy large crews including journalists without that know-how, making the logistics of keeping them and their gear safe more complex, the experts said.

And although broadcasters are upping their interest — and investment — in protecting journalists, as well as the information they get, there are challenges to bringing gear up to new security standards, they said.

Encrypting a computer costs only about $30 per device — but it does take serious time, Newberry said, which news outlets don’t necessarily have to put into the effort.

“We have places where you don’t want to avoid business disruption,” Newberry said. In such situations, it “takes time and willpower” to get the job done, he said.

Last month’s massive hack on Sony Pictures’ network, which revealed everything from the studio’s financial documents to inner secrets, however, proves how devastating a cyber attack can be, panelists said.

“Sony was gutted from the inside out. I don’t know how you protect yourself from that,” Newberry said, adding that breaches like the one against Sony occur even though the companies involved “have tons and tons of resources aimed at protecting them against bad things.

“We are really trying to use this opportunity to pivot and say we expect something bad will happen at some point,” he said. “It’s what we can do when it happens that will make the difference — how quickly can we respond and how much can we eradicate?”

To listen to a recording of this panel session, click here.

To read more stories from the 2014 NewsTECHForum, click here.