Why broadcast security fails at the operational layer

While enterprise IT departments have spent years hardening networks with firewalls, endpoint detection systems and zero-trust architectures, broadcasters face a fundamentally different challenge: production environments filled with specialized devices that were never designed to work with modern security tools.

This operational blind spot is creating vulnerabilities that traditional IT-centric security approaches can’t address.

Broadcasters adopt zero trust architecture for remote security

“Unmanaged proprietary devices running non-standard operating systems and atypical network protocols remain the most common vulnerabilities in broadcast environments,” said Jamie Horner, SVP of corporate strategy at Providius. “Many networks are still flat and lack proper segmentation, making lateral movement easy once an endpoint is compromised.”

The problem isn’t a lack of security awareness; it’s that broadcast operations exist in a different reality than the enterprise IT systems most security frameworks were designed to protect.

The hidden vulnerability layer

Traditional security models assume devices can support modern authentication protocols, accept software updates and tolerate the performance overhead of endpoint protection agents. Broadcast production equipment often can’t meet any of these requirements.

“The biggest vulnerabilities are not in the encryption at all, they are in the devices that sit quietly in the chain with unpatched operating systems, forgotten backdoors, or passwords stored in clear text,” explained Sergio Ammirata, Ph.D., founder and chief scientist at SipRadius. “Broadcasters often assume a workflow is secure because the stream is encrypted, while completely ignoring the hardware and virtual machines that handle it.”

This creates a dangerous disconnect. Security teams implement controls designed for laptops and servers, while the actual operational technology – encoders, routers, switchers and monitors – operates outside those protective barriers. A single compromised device in the production chain can provide an entry point into the entire network.

The transition to IP-based, cloud-connected workflows has exacerbated this problem rather than solving it. Legacy equipment designed for closed SDI environments now sits alongside cloud-connected systems, creating a critical gap, according to Stephan Würmlin Stadler, VP of product at Appear.

Advertisement

“Broadcast environments face growing risks as legacy, on-premise systems intersect with increasingly IP-native and cloud-connected workflows,” said Würmlin Stadler. “This creates gaps where misconfigured devices, poor segmentation and non-media aware firewalls leave both live and file-based content exposed.”

The issue extends beyond just old hardware.

Even newer systems often run specialized, proprietary operating systems that don’t receive regular security patches or can’t support standard enterprise security tools without disrupting real-time operations.

Michael Benda, chief security officer at Big Blue Marble, pointed to the systemic nature of the challenge.

“Legacy studio and playout technologies running on outdated or proprietary platforms with limited hardening options, combined with fragmented governance across engineering, editorial, IT and product teams, create gaps in oversight and inconsistent security practices,” said Benda.

The IT divide

Part of what makes this problem so persistent is organizational. Many broadcasters still treat cybersecurity as primarily an IT concern, while the most critical vulnerabilities exist in operational technology that IT teams may not even have visibility into.

“A recurring challenge is the perception that cybersecurity is an ‘IT issue’ rather than a direct broadcast risk, so many organizations still underestimate how incidents can disrupt live programming, compromise content integrity or damage audience trust,” Benda said.

This perception gap means security investments flow toward protecting office networks and data systems while production environments – where the actual valuable content lives – remain comparatively exposed. Engineering teams may resist security controls they view as threats to operational stability, while security teams lack the specialized knowledge to secure broadcast-specific protocols and workflows.

Addressing these vulnerabilities requires moving beyond traditional IT security models toward approaches designed for operational networks. According to Horner, this means “continuous visibility and verification at the operational layer, not just IT-centric perimeter defenses.”

Rather than forcing broadcast devices into enterprise security frameworks, organizations need tools that understand the unique requirements of real-time, time-sensitive media systems. This includes monitoring device behavior and network traffic patterns to detect anomalies without requiring endpoint agents or authentication protocols that production equipment can’t support.

“The organizations making real progress are the ones treating every device, switch, and relay as a potential entry point and verifying each one instead of trusting labels like ‘secure,'” said Ammirata.

This operational approach also requires addressing network architecture fundamentals. Flat networks that made sense in isolated SDI environments become major liabilities when those same networks connect to IP infrastructure. Proper segmentation can limit how far an attacker can move laterally once they compromise a single device.

Advertisement

A persistent challenge

The legacy device problem won’t disappear quickly.

Broadcast equipment has long replacement cycles, and the specialized nature of production technology means there will always be devices that don’t fit neatly into enterprise security models.

What’s changing is the recognition that broadcast operations need security approaches built for their specific environment.

“Until broadcasters recognize that their environments require security models built for operational networks, relying on IT-centric tools or ignoring the gaps will continue to leave them exposed and vulnerable to avoidable risks,” said Horner.

For an industry built on 24/7 reliability and real-time performance, that’s a risk that’s becoming increasingly difficult to justify.