HPA Tech Retreat: Trusted Partner Network Gains Steam

PALM DESERT, Calif. — Today’s advanced methods of film and TV production is fueled by an ever-growing ecosystem of third-party vendors, offering content creators innovative ways to store, distribute and collaborate on what they create.

But this next-gen approach to production is also attracting advanced security attacks from hackers, looking for any and every opportunity to exploit the entertainment industry’s work.

That’s where the Trusted Partner Network (TPN) comes in. The industrywide content protection initiative — created by the Motion Picture Association of America (MPAA) and the Content Delivery & Security Association (CDSA), and supported by nearly 30 media and entertainment companies — establishes a benchmark of minimum security preparedness for all vendors, by providing assessments of production, post and distribution operations.

At the Hollywood Professional Association’s (HPA) annual Tech Retreat event Feb. 12, Guy Finley, TPN’s CEO and executive director of CDSA, and Ben Stanbury, TPN’s CTO, shared an update on TPN, and how it’s already increasing security awareness and preparedness in the industry:

• Less than a year since it launched, TPN has added more than 2,400 Hollywood vendors to its database, offering content companies the ability to easily identify when vendors have been subject to assessments, and under what standards.

• TPN’s Guardians program — a security education and collaboration network where vendors task individuals to manage education, training and community security programs — has had hundreds of sign-ups.

• On Feb. 11, TPN’s Media & Entertainment Information Sharing Analysis Center (ME-ISAC) shared its first industrywide advisory, detailing “how attackers have registered over 50 domains and 250 subdomains, hosted on three IP addresses, in what appears to be an attempt to host fake login pages related to M&E companies in an effort to steal credentials.”

Next, at the April 2019 NAB Show in Las Vegas, TPN looks to launch the second phase of its content security program, an app and cloud initiative, one that has the organization working with vendors and their customers to identify and prevent application, device, storage and workflow vulnerabilities.