Threat intelligence is extremely important to media and entertainment companies and all of them should fit it into their security programs to help each organization and its employees stay safe online and “protect ourselves,” according to Chris Taylor, director of the Media & Entertainment Information Sharing Analysis Center (ME-ISAC).
ISACs were originally developed out of a presidential directive signed by President Clinton back in the 1990s that was “designed to protect critical infrastructure,” he said July 25, during a session called “How Threat Intelligence Protects M&E Content” at the Content Protection Summit East event, part of the Media & Entertainment (M&E) Day at the Microsoft Conference Center.
The Department of Homeland Security (DHS), in that same directive, “outlined 16 critical infrastructure sectors and, I know this is going to shock you: Media and entertainment is one of them,” he said, noting “we’re part of the commercial facilities sector that is outlined” by DHS, along with real estate and big gaming casinos and other venues. Many people “huddle” together in such places and “thus become a target for things like terrorist attacks,” he said.
Media and entertainment companies “become a target because of disinformation,” he told attendees, pointing to “Russian influence inside of our media” as an example. Media and entertainment companies help shape public opinion and national image, which often makes them a target for advanced persistent threats and other cyber threats also. With information coming in via news, blogs, tweets, alerts from cybersecurity vendors, alerts from government agencies and other sources, there is a mountain of data that is relevant specifically to media and entertainment companies.
“We’re a target just as much as most of the other critical infrastructure sectors,” Taylor said, adding: “They’re not usually looking at us as a target for physical attacks. They’re looking at us [for] disinformation/information warfare attacks and using us as vehicle to attack the populace that we’re serving our content to. So, being able to protect our infrastructure in order to maintain the integrity of that content is considered critical infrastructure to the DHS.”
The financial and real estate sectors have their own ISACs and the retail sector got its own ISAC about 3-4 years ago “in the wake of the Target breach,” he said.
“We’re actually one of the last ones in the critical infrastructure stack to” set up an ISAC group, he said, adding most of the “problems have already been solved by all the other industries, so we get all their lessons learned in helping us foster what we’re doing.” But now is the time to communicate this to the larger media and entertainment community and let everybody in it know ME-ISAC is around to help, he told attendees.
ME-ISAC has been trying to get all the security teams from the major film studios and major broadcasting companies “together and get them sharing information back and forth so that we will be able to get information that is known by one of them available to that entire community,” he said. With information sharing, if one studio is attacked, it can take whatever details it’s learned, including the identifying information about the attacker and what malware was used, and let the other studios know that information so they can “put blocks in place to prevent that bad actor from attacking them,” he said.
After all, he explained: “The bad guys don’t care who the targets are. They’re going to target every vehicle that they can to try and push whatever evil that they’re doing in the world out. So, when they’re trying to steal content, pirates don’t go after a particular studio. They end up attacking all of the studios equally because they want the latest released movie – whatever studio happens to be pushing out that tentpole that summer.”
He pointed to a recent situation that ME-ISAC assisted with in which representatives of several studios got on a conference call together to share information about an incident that involved all of them and “one studio had known for almost a year” that an email address was associated with somebody that shouldn’t be allowed on their network, but the other studios didn’t know and were being attacked by that person.
To help the media and entertainment industry, ME-ISAC is offering three services to companies, he said: The Threat Intel Fusion Center in which analysts provide up-to-date tactical info to inform security teams and tools to build a proactive defensive posture in members; research and analysis including strategic trending, statistics and summaries of industry-specific threat information; and training and outreach that includes custom training and co-op purchasing of commercial training for members.
ME-ISAC products so far include a threat intel platform featuring free accounts on ThreatConnect, a repository of indicators used to identify bad actors; Slack Workspace — a chat space with open and closed rooms for sharing and collaborating on indicators and other topics; and email alerts related to incidents, critical vulnerabilities and other similar data, he said. To join ME-ISAC or to get more information, visit: https://meisac.org.
The 2018 M&E Day, which also included Smart Content Summit East conference tracks, was produced by the Media & Entertainment Services Alliance (MESA), in association with the Content Delivery & Security Association (CDSA), the Hollywood IT Society (HITS) and the Smart Content Council, and was presented by Microsoft, with sponsorship by Akamai, BTI Studios, Independent Security Evaluators, LiveTiles, MarkLogic, RSG Media, ThinkAnalytics, Amazon Web Services, the Entertainment ID Registry (EIDR), the Trusted Partner Network (TPN) and Richey May Technology Solutions.
To download audio of the presentation, click here. To download the slide deck, click here.