A Cybertransformation Program to Secure Broadcast Media Networks

In the modern digital world, cybersecurity is a top concern for organizations across all sectors—but the stakes are especially high for broadcast media networks, particularly when it comes to broadcasting high-profile events. These events are watched by millions of people around the world and any disruption or breach in the broadcast can have far-reaching consequences.

It is essential to understand the challenges and complexities involved in ensuring a secure broadcast, and there are several best practices to be aware of to effectively manage a cybertransformation program for broadcast media networks.

Before developing a cybertransformation program, it is critical to have a cyberresilience strategy in place. This strategy should include a detailed plan of action for achieving cyberresilience outcomes and a secure budget to deliver on the roadmaps devised in the strategy. It is important to focus on achieving milestones with high value, such as securing crown jewels. In addition, a cross-functional cybertransformation steering committee should be established to oversee the program.

When devising a cybertransformation program for a broadcast media network, there are three main challenges that must be addressed:

1. Fixed start date—High-profile events typically have a fixed start date, which means that the cybertransformation program must be carefully planned to achieve the desired cybersecurity final state well before the start date.
2. Skill storage—There is already a shortage of cybersecurity skills in the field, and the skill requirements are expanded when hiring employees with both cybersecurity and broadcast network expertise.
3. The security maturity of broadcast devices—Broadcast devices typically do not have the same level of security maturity as IT devices, meaning that to implement security controls, it may require device updating or even device replacement.

To implement a successful cybertransformation program, there are seven main steps:

1. Define the cybertransformation program scope—The scope of the cybertransformation program must be properly defined before beginning the process. Failure to do so can have detrimental effects such as project delays, budget overruns, team member miscommunication and, ultimately, a project that does not achieve the required results or goals.
2. Ensure support from top management—Getting top management support is crucial before beginning the cybertransformation program. Because every dollar spent on cybersecurity represents a potential cost to shareholder capital, having senior management commit to the program aids in prioritizing it against other changes across the organization. It also raises management awareness of their cyberrisk position and helps diffuse cultural resistance.
3. Hire an experienced project manager—The success of a cybertransformation program requires the interaction and cooperation of multiple business units and a deep understanding of cybersecurity risk and solutions. Therefore, it is essential to hire an experienced project manager who has a strong background in cybersecurity and good negotiation skills. This person will be responsible for overseeing the program, managing the team and ensuring that all stakeholders are aligned and informed about the progress of the program.
4. Focus on critical security capabilities—The cyber transformation program roadmap should be in line with the cyberresilience strategy, with a focus on implementing critical security capabilities on crown jewels that are essential for the broadcasting of high-profile events.
5. Adopt agile project delivery methodology—Although cybertransformation is a long-term initiative, it is important to adopt an agile project delivery methodology to deliver quick wins and gain stakeholder confidence.
6. Define project success criteria—Defining project success criteria and reporting back to stakeholders on a frequent basis is critical.
7. Maintain momentum—The cybertransformation program is not a one-time effort; it is a long-term initiative that requires ongoing maintenance and improvement. The long-term security and resilience of the network depend on the cybertransformation program maintaining momentum, which involves regular monitoring and updating of security measures and controls to ensure that they remain effective against emerging threats. Without ongoing momentum, the cybertransformation program may become outdated or ineffective, leaving the network vulnerable to cyberattacks and other security threats.

Editor’s note: For further insights on this topic, read Muhammad Malik’s recent Journal article, “Securing Next-Generation Broadcast Media Enterprises Against Cyberthreats,” ISACA^® Journal, volume 3 2023.