CDSA

Speaking April 17, during the panel session “CDSA’s Security Community Across M+E” at the 2023 edition of CDSA’s Content Protection Summit at NAB (CPS@NAB), Content Delivery and Security Association (CDSA) leaders gave attendees a peek inside their organization to look at the various work groups and initiatives the association addresses on a daily basis.

CDSA provides the heartbeat of security in Hollywood and across media and entertainment, through its members and via their engagement through active collaboration within the organization.

Cyril Abdi, co-chair of CDSA’s Copyright & Licensing Working Group, turned the spotlight on the ongoing challenge of leaked content including from big franchises.

“We were seeing a lot of the spoilers from our movies being leaked early” or images from them being leaked, he recalled, noting there was even a Lego figurine that was stolen from a plant. Licensed toys are a somewhat unique problem in that it can be up to 24 months before a movie is released that a toy is licensed from. “There are a lot of hands that just touch these on the way” to the release, he said.

“That just gave us the idea of trying to create a group of industry experts that would look at how can we secure our storytelling, especially around these big licenses,” he said, noting the importance of making sure “our stories and our spoilers do not leave the building before we want them to leave the building.”

His group has created an instructional manual featuring major challenges, along with examples of how to “remediate” and “investigate those, and what are the best practices” that can be used to deal with them, he pointed out.

The Importance of ISACs

Chris Taylor, director of the Media and Entertainment Information Sharing and Analysis Center (ME-ISAC)  noted that an ISAC is a community that shares risk/ threat vulnerability data amongst companies.

“If any one of the media and entertainment companies observes an attack on their environment, by sharing the threat data of who attacked you, other people who haven’t been attacked yet, but will be soon by that same bad guy, can automatically have all of the appropriate blocks in place ahead of time,” Taylor explained. Companies can, therefore, vaccinate themselves from “various attacks that are out on the internet if we are able to share that data back and forth with each other, and then pull that data in and apply it to your various security products,” he said, adding: “That’s one of the core functions of what we do inside of the ISAC: [Combine] all of that data into one central repository and then make that available to all of you.”

And it’s not just M&E-related data, he noted. “We’re pulling in data about ransomware … phishing campaigns that are out on the internet,” he said, adding: “We’re tracking who the different piracy groups are, what are the IP addresses that they see the pirated content from? What are the websites where they’re hosting pirated streaming sites from?”

Overcoming a ‘Friction Point’

Keith Ritlop, co-chair of CDSA’s Production Security Work Streams, pointed out that his group looks at solving various challenges around productions. “At most major studios, there’s roles for full-time employees, contractors, things of that nature. But the production crew is largely ignored. And so this causes a friction point with onboarding, with offboarding, with integration with the various different applications that they use in content production and, in general, security tracking, auditing, logging.”

He added: “What we’re trying to do with the Production Identity Working Group ]is really identify these issues, call out major problems, [such as] with onboarding, with tracking users.”

Ben Schofield, CDSA technical director, went on to note that, on the community side, “we’ve got very broad representation” from companies including Amazon, Apple, Netflix and all the major traditional studios – and everyone’s got the same problem. Everyone’s got the same issues. And what’s really useful is for them to go be able to go back to their exec and say, ‘it’s not just us that have this problem, this is how other people are solving it.’”

To view the session, click here.

The 2023 Content Protection Summit was presented by Fortinet and sponsored by Convergent, Signiant, Verimatrix, Eluvio, NAGRA, PDG Consulting and EIDR. The event was produced by MESA, in association with NAB and CDSA.