CDSA

CPS 2022 to Tackle All Corners of Securing Productions, Distribution

The 2022 edition of the Content Protection Summit (CPS), being held in-person Dec. 6 in Los Angeles, and virtually in the MESAverse, MESA’s virtual work environment for its members and communities, is set to tackle all corners of content and information security, from pre-production to distribution.

Keynotes, panel discussions, and technology showcases will offer senior-level content and information security experts the latest around content protection across the entire supply chain for entertainment. Production security, post-production workflows and the growing ecosystems of platforms and connectivity that are driving the secure content creation and distribution process will all be discussed, along with anti-piracy and IP protection as the industry works collaboratively to secure our most important assets.

Here’s a look at what attendees can expect:

• Following opening remarks, Roger Cressey, a cybersecurity and counter-terrorism expert who served and advised in three presidential administrations, and Kiersten E. Todt, chief of staff of the federal Cybersecurity and Infrastructure Security Agency (CISA), will take the stage to deliver the keynote.

Their discussion — “Evolving Threats and Where We’re Headed: A National Perspective” — will serve as a follow-on from their virtual keynote at the April NAB Show, offering an in-person update on the grand myriad of threats being directed against media and entertainment industry businesses and customers … and how we are evolving in our responses.

As the chief of staff, Todt is right in the middle of the battle. Cressy will be the session host.

• Up next will be a pair of related keynote addresses, “Evolving Threats and Where We’re Headed,” with both a hacker and a storyteller offering their perspectives.

First up in “Evolving Threats and Where We’re Headed: Hacker’s Perspective” is “The Ethical Hacker” Ralph Echemendia, who’ll give his perspective on the cyber threat environment and the mitigations required to stay ahead of the bad guys. Echemendia will detail how threats, and the responses to them, have evolved in recent years, and share ideas on what to do once you discover you’ve been compromised.

Ransomware-as-a-Service and what’s in store for media and entertainment companies and their collaborative partners will be on the agenda, as Echemendia’s session takes attendees through an attack that caused headaches within a seasoned team.

Following the hacker’s perspective, attendees will get “Evolving Threats and Where We’re Headed: Storyteller’s Perspective,” with film director and animator Jerry Rees (The Brave Little Toaster, Susie’s Hope). Creatives bring a different perspective to conversations on threats and direction, with their challenge of making the greatest content that embodies their story’s vision while keeping it secure.

• John Jacobs, field CISO for Fortinet, will deliver the presentation “How Evolving Workplaces Demand a New Approach.” Attendees will hear how a leading visual effects organization achieved clear business benefits by modernizing its approach to today’s work-from-everywhere workforce. The example will offer proof that it’s possible to have consistent security from the perimeter edge to the cloud, while simplifying operations and obtaining the data intelligence needed for AI and ML to drive better user experiences.

• Christopher Elkins, co-founder and chief business development officer for global piracy and unlicensed media consumption data firm MUSO, will deliver the presentation “Responding to Demand: How Much are we Leaving on the Table?” This session is all about understanding and measuring the “demand” side fueling piracy, and what the businesses are potentially leaving on the table as we remove the bad guys/pirate-supply without backfill from the business.

• There’s a range of security measures that Software-as-a-Services (SaaS) application providers go through for approval by investors, content owners, and partners alike. And there are many audiences both internally and externally, each with their own set of demands, along with multiple levels of security to consider. Balancing risk with innovation is the key consideration and security should complement rather than stifle progress.

The differing perspectives and common themes of application security will be discussed at the Dec. 6 Content Protection Summit (CPS) in Los Angeles during the Convergent Risks-led panel session “Getting Application Security Right for M+E.”

With continual enhancements through rapid development cycles, being able to identify potential areas of vulnerability in advance can serve to make life less stressful. That theme will be explored by the panelists, including Mathew Gilliat-Smith, EVP for Convergent Risks, Edward Churchward, co-founder and CTO of Arch Platform Technologies, Stephen Chow, CEO of SetKeeper, and Jeremy Roche, VP of IT security for Extreme Reach. Chris Johnson​, CEO and president of Convergent Risks will introduce the panel.

• In the session “(Zero) Trust Issues – Fireside Chat,” Sean Kalinich, cybersecurity architect for Richey May, and Spencer Stephens, SVP of production technology and security for MovieLabs, will discuss the anatomy of a cyberattack and how the concept of zero trust architecture can minimize the blast radius of cyberattacks.

There is no silver bullet within the cybersecurity space. Many theories and frameworks have been developed to help organizations understand their maturity and risk posture but still successful cyberattacks are on the rise. With prevention being only one aspect of cyber resilience, newer architectures have emerged to minimize the impact of cyberattacks.

• Ben Schofield, technical director for CDSA, will be the speaker for “Driving Cost Savings in Effective Production Security Operations.” This will cover an update on our workstream to help bring the latest content security best practices into focus for production crew on set and location. Constructing a common template that can be easily adapted by productions and the use of a secure wiki to provide the latest information online to authenticated crew members and allow feedback and tracking of activity.

• “Residential IP Addresses: A Rising Threat to Content Exclusivity” will see James Clark, GM of media and entertainment for GeoComply, and Brian Paxton, managing director of Kingsmead Security, discuss the risks virtual private networks (VPNs) pose to the media industry and the effect it is having on cyber criminality. Over-the-top (OTT) streaming services are facing a new threat: hijacked residential IP addresses.

An estimated 200 million people have unknowingly had their home IP address hijacked, often because they have used a “free” VPN. Pirate viewers use these IP addresses to access territorially restricted content for free or at a reduced price. By hiding behind a legitimate domestic IP address, pirate viewers can easily bypass VPN restrictions because streaming providers can’t risk blocking genuine users.

• The afternoon keynote “Perspective from Leadership” will see Simon Crownshaw, worldwide strategy director of media and entertainment for Microsoft, and Allan McLennan, founder, chief executive and global market technologist for Padem Media Group, follow up their discussion at IBC and dig deeper with their leadership perspectives on the evolution of our M&E industry and related security issues that transcend technology.

• “DCIM for Risk Management in M&E Operations” will see MEDCA’s Eric Rigney, EVP, and Sean Tajkowski, technical director, bring the data center angle of security to the discussion. Imagine facility security and health alerts on your watch, monitoring the stage’s digital infrastructure, notifying you of a pending back-up failure or power outage. Data Center Infrastructure Management (DCIM) systems centrally monitor, measure, manage, and control the security and health of a facility’s digital infrastructure, from WiFi, storage, and servers, to power, cooling, and security access, and more.

M&E companies such as ARRI are already introducing DCIM products of their own, providing fault-finding information to staff located anywhere in the world. How can DCIM support virtual and traditional production operations today, and why aren’t they being adopted?

• Comcast’s Don Jones, director of strategic fraud intelligence, will present “Dealing with BotNets.” There are many threats to our companies, our operations, and our customers … and botnets are one of the major threats that continue to evolve and survive. In this session, Smith will share their work to better understand and deal with botnets in ways that we could/should leverage.

• “Getting There Before the Boom!” will have Michael Sohn, supervisory special agent (SSA) for the FBI Cyber Division and liaison to the national cyber-forensics and training alliance discuss how the FBI is working with Hollywood and other Los Angeles-based businesses across media and entertainment. This session looks at common threats and persistent bad actors across the M+E supply chain. How they are breaking in, what they are looking for, and where the FBI can (or can’t!) come in to assist. It also addresses the importance of partnership and community while providing relevant prevention tactics to ensure your company is best positioned to deal with whatever may come next.

• Michael Nouguier, CISO and director of cybersecurity services for Richey May Technology Solutions, and Jim Reavis, co-founder and CEO of the Cloud Security Alliance, will team up for “Wrap Your Head Around the Cloud.” With 94 percent of companies utilizing cloud services in 2022, an organization’s attack surface has changed dramatically. Understanding the benefits and risks of transition to cloud services is overwhelming.

Join this session as we break down the ambiguity of what the cloud is and dive into cloud security trends and emerging threats moving into 2023.

• “Growing the Business Through Strategic Enforcement: A Case Study” will see Ygor Valerio, CEO of LtaHub, and Richard Atkinson, president of CDSA, discuss a case study to show the clear business uplift gained through effective strategic enforcement.

• In “Private vs Public Enforcement” Valerio and Atkinson discuss why taking a “private” approach to enforcement and leveraging available “open source” data in your investigations, can be much more successful in enforcements versus taking a standard public/referral-type approach.

• Chris Taylor, director of the ME-ISAC and director of content security for Skydance, takes the stage for the presentation “APT Groups: What are They and Why Should You Care?” Major ransomware attacks are making headlines every week. Who is behind these attacks? How many of these attackers are there?

If we get attacked, how would we know which group we are fighting against? How would knowing that help us? Answers to all these questions and more will be shared.

• “Advantages Gained by our Members Through Information Sharing” will see Taylor and Aaron Perkins, customer success manager for Cyware, talk about the benefits of ME-ISAC. As an integrated part of CDSA, the ME-ISAC is leveraging the Cyware platform for alerts and communications in a collaborative environment. In this session, we will hear how these communications platforms can supercharge the communities/working groups and dramatically increase their overall effectiveness.

• “CDSA Working Groups Panel” will see the principals of CDSA details each of the CDSA Working Group, and share what they are focused on and why.

• To close the day, Fortinet’s Jacobs will be part of the panel discussion “Delivering Content Securely with Speed and at Scale? Yes, You Can!” Joined by Richard Atkinson, president of the Content Delivery & Security Association (CDSA), the discussion will detail how the media and entertainment industry is at an inflection point, with content volume and distribution methods exploding. Consumers and fans demand more and more of their favorites, while content creators struggle with a solid strategy to provide the goods. Jacobs will discuss whether it is possible to have all three.

From challenges within the content supply chain to design and deployment choices have yielded the best results and hold the most future promise. Selecting all three options — speed, security and scale — can ensure profitable growth as the new measure.

Presented by Fortinet and produced by MESA, CDSA’s Content Protection Summit is sponsored by Convergent Risks, Richey May Technology Solutions, GeoComply, Signiant, Verimatrix, Shift Media, EZDRM and EIDR.

To register for the event, click here.