Securing AV Systems
Protecting AV control, configuration, and content means providing more than a plastic security panel over a rack-mounted equalizer. It should also be part of the AV design.
BEFORE THE digital age of AV, security for an AV system meant either adding a locked door for the whole system or physical security panels on individual pieces of equipment. Audio equipment, in particular, such as equalizers, compressors, and amplifiers needed protection against anonymous tweakers. Some of these panels even had keys of their own. But with today's AV systems, it's no longer that simple.
Before DSP and networking took hold in AV, there was digital control of analog devices, primarily using the big three control technologies: RS232, IR, and relays. Because the control signals only went from the control system processor to each device on dedicated wiring, and control system programming was a relatively rare and esoteric art, there wasn't much security required in these systems except for the same old audio device protections. Later, with the advent of analog devices with built-in digital control at the front panel, physical security panels became less necessary in some cases. The front panel could simply be locked out while the analog device behind it kept working.
Now we have other concerns. DSP has become mainstream — at least for audio systems. And Ethernet, both wired and wireless, is now mandatory for almost any pro AV system. Spread spectrum, Bluetooth, and other wireless technologies are also showing up. All of these options have added more flexibility in pro AV system design, but have also added more ways for the system to be compromised or hacked.
What is AV security?
The term “security” can mean a lot of different things in an AV system, but it's almost always about access and control. While in the beginning it was mostly about access to knobs, we're now concerned about a broad range of issues, including:
- Electronic access to individual pieces of equipment such as projectors and DSP devices that may reside directly on an Ethernet network
- Physical access to installed equipment to prevent theft and tampering
System control and monitoring
- Access to a room's control system, allowing unauthorized control of the AV system
- Access to an organization's AV system monitoring and/or scheduling systems
- Access to specific control system capabilities
- Access to the control system program code
- Access to a DSP device's programming
- Access to locked presets for restoring locked settings from the commissioning process
- Online access to stored audio and video content
- Access to videoconferencing or other live streaming content
- Access to wireless audio or video signals (such as wireless mics) outside the intended AV space
Integrating AV security
Like the basic IT learning curve we have to surmount in the design of new pro AV systems, we also have the additional parameters of security to embrace in both the physical and electronic realms. With newer technologies available, less hardware is now required to construct an AV system. This in turn results in more AV systems being installed in furniture in end-user spaces, which often requires a physical security design to prevent theft while still allowing user access to some of the equipment. And we also have to accommodate system maintenance access.
Although designing furniture that's both secure and functional isn't an easy task, the electronic security functions can be the most challenging — assuming they're even considered during design. Just enumerating all of the security issues can seem overwhelming.
For example, in an audio DSP device that handles speech reinforcement, program playback, and audio-conferencing functions, the final operational setup may be very complex. In a consultant-led project, the consultant (or even a third party) may do the final commissioning of the system. It would be best to save the final “commissioned” setup within the DSP device as a preset that's separately and securely stored from the day-to-day operational presets, which may be manipulated by users. There may even be other stored presets an integrator may want to retain that are separate from the commissioned and live operating setups. To secure these from modification, multiple password capability, which may not be accommodated by the equipment, could be necessary.
Access to this DSP device will also be required by the control system — possibly over an Ethernet network. Should it be a dedicated network? Is a gateway to the main network needed for monitoring, diagnostics, or other control functions? Is a virtual private network acceptable, or is a separate physical network required? If H.323 videoconferencing is involved, will access to the endpoint be restricted? Will the signals need to be encrypted?
All of these security related questions can have a more than trivial effect on the system design and operation. And the answers will be different for different installations. The tools to solve the problems posed by these security questions are not necessarily AV tools. They involve issues of network cabling, network electronics, control and network system programming, firewall configuration and gateway setups. The AV part may only be whether the AV equipment itself supports such features as multi-level or multi-lateral password protection, firewall configuration, network address translation, HTTP over SSL, and TCP/IP port re-direction. It may have very little to do with the actual audio and video design.
Part of the design
It was once the case that acoustics, lighting, and space planning were all too frequently missing elements in AV design and installation. Although this still happens today, AV system security has now become the often neglected issue until the system installation is well underway or complete.
To discover, evaluate, and incorporate adequate security measures in the AV system, close coordination is required throughout a project from the program phase to system commissioning. It not only involves the AV designer, but the integrator and end-user organizations — once again crossing the lines between IT and AV for much of this work.
While we've made progress toward more secure design in AV systems, it's up to designers, integrators, manufacturers, and end-users to recognize and address this issue. Perhaps we can even learn from other industries with similar concerns and technologies, such as industrial process control and building automation, where a hacked system may have more dire consequences than simply bad audio.
To incorporate system security into AV, the AV industry must once again stretch to keep up with the demands of ever-changing technologies and end-users. We all need to recognize that AV system security is the responsibility of the AV project team, and is now as important as the fundamentals of audio, video, and control have always been.
Tim Cape is a contributing editor for Pro AV, the principal consultant for Atlanta-based technology consulting firm Technitect LLC, and co-author of “AV Best Practices,” published by ICIA. He's an instructor for the ICIA Audiovisual Design School and an active member of the consultant's councils for both ICIA and NSCA. Contact him firstname.lastname@example.org.