NAB 2019: CDSA Details Guidelines to Secure Film, TV Productions

LAS VEGAS — The first content and cybersecurity guidelines for protecting film and television productions against cyber and physical theft were recently released by the Content Delivery and Security Association (CDSA) and contain everything producers and crew members must know to secure their intellectual property from the ground to the cloud, according to Lulu Zezza, co-chair of the CDSA’s Production Security Working Group and a member of CDSA’s Technology Committee.

There are multiple parts of every production that need to be protected, including the scripts, work spaces, ad-hoc production offices, editing suites, computers and discs, those “tiny USB sticks that are sneaking around in peoples’ pockets” containing important data and virtual assets including emails, she said April 7 during the Cybersecurity & Content Protection Summit session called “Securing Film and Television Productions” at NAB 2019. 

About two years ago, Cyril Rickelton-Abdi, co-chair of CDSA’s Production Security Working Group, decided “we needed some production guidelines that the protection teams could use” to help secure their organizations’ workflows, and Zezza agreed, she said.

So, with a group of “like-minded” CDSA members providing input, a committee was set up to create those guidelines, she noted.

The Guidelines were written by a Working Group of executives from Amazon Studios, Amblin Entertainment, AMC, Bad Robot, BBC, Fox, Paramount, Marvel, Netflix, NBCUniversal, Turner, Walt Disney, and Warner Bros., in cooperation with contributing members of the Producers Guild of America (PGA).

The Film & Television Production Security Guidelines are about 100 pages long and include a “long list that covers all aspects of security” for multiple types of production and, “with every guideline,” there is a “best practice” included, Zezza pointed out. There is also an alternative approach provided, along with tips and reasons for those suggestions, she noted.

Also included are appendices that include a one-page checklist, a general guidance summary, individual responsibility notes and a list of helpful websites.

The general guidance summary is about 30 pages and it’s “aimed at the line producer [and] the production manager” and is included because “the folk who have to budget and plan for it need to know why they’re doing it,” Zezza explained.

The two-page individual responsibility section “can be incorporated into deal memos” or made part of production manuals, and was designed to “let everyone know that we are all part of the process and we all, individually, have responsibility – and this is everyone, even your lowest” production assistant (PA), she told attendees.

“We started the Guidelines from what’s familiar and that’s people – and it all starts with people,” including those “difficult individuals that we all have to deal with,” the artists we work with, security guards and PAs, she said.

By creating this “single, practical, understandable and enforceable production security guide, we hope that it will mean everyone is getting the same message and relaying it across the industry,” she said.

She added that, this way, “we start working uniformly and within secure methods that we all have in common instead of each time we go into a new show or into a new office, [we] face new rules and new methods that people have to learn over and over.”

For more information about the Guidelines, click here.

Co-produced by the NAB Show and CDSA, the Content Protection & Cybersecurity Summit was presented by SafeStream by SHIFT, Akamai, IBM Security, Microsoft Azure, Convergent Risks, the Digital Watermarking Alliance, the Trusted Partner Network, and produced by the Media & Entertainment Services Alliance (MESA) and CDSA, in cooperation with the NAB Show.