Radio’s Digital Transformation Creating New Cyber Challenges, Engineers Say.

Broadcast engineers are confronting a cyber landscape far different than the one they inherited a decade ago, as traditional air chains and isolated technical systems increasingly give way to IP-based infrastructure that brings new efficiencies — and new vulnerabilities.

That was one of the key messages during an FCC cybersecurity workshop last week where engineers and security executives warned that the industry’s modernization has created new openings for attacks that target stations, studio operations and critical broadcast infrastructure.

Wayne Pecena, Associate Director of Engineering at KAMU-FM/TV in Waco-Temple-Bryant, TX, said broadcasters have quietly become regular cyber targets — even if many incidents never become public.

“Virtually every major broadcast organization has suffered some type of event,” Pecena said, noting smaller operators and independent stations rarely disclose attacks publicly.

Expanded ‘Attack Surface’

The transition from dedicated broadcast hardware to software-driven and internet-connected environments has both transformed station facilities and made them vulnerable. Traditional technical operations centers increasingly resemble data centers filled with network-connected systems rather than standalone equipment. That shift creates operational flexibility, but also dramatically expands what cybersecurity experts call the “attack surface.”

“Because we want remote access, we have to open a door to that infrastructure,” Pecena said. “But we need to control who we open that door to.”

Pecena identified several threats specific to broadcasters, including attacks on studio-to-transmitter links, Radio Data System feeds and Emergency Alert System equipment. Dead air, false emergency messaging and hijacked content streams create unique risks beyond the types of attacks faced by most businesses. For stations, the consequences go beyond IT headaches.

“Broadcast engineers work very hard to ensure we don't have dead air,” Pecena said, warning that alternate programming, false emergency information and service outages can trigger revenue losses and public embarrassment.

Embedded Engineering Teams

Cox Media Group Executive Director of Radio Engineering Roz Clark said defending stations can no longer fall solely on engineers or a dedicated security team. He argued cybersecurity planning needs to stretch across the organization.

“What you don’t want to do is have anyone feel like this is handled by one entity or the other,” Clark said. “Everyone has skin in the game.”

Clark thinks broadcast engineering teams need to be embedded in security planning rather than treated as separate from broader IT or business continuity discussions. At Cox, he said annual continuity exercises increasingly incorporate cyber scenarios to test operational readiness.

“The reason we do that yearly is people, process, technology is constantly changing,” Clark said. “If you don’t rehearse it, you won’t know what has changed.”

For stations looking for practical starting points, Clark pointed to several “easy wins” including multifactor authentication (MFA), stronger network segmentation, endpoint protections and employee education. “MFA, segmentation, employee training, endpoint protection — that sort of thing needs to be in place,” Clark suggested.

Pecena also urged stations to adopt what cybersecurity professionals describe as a “defense in depth” strategy, layering protections rather than relying on a single tool or firewall. He also warned engineers not to underestimate social engineering and phishing attacks.

“One of the reasons it is popular and being used is because it works,” Pecena said. “A single successful phishing attempt can really negate a lot of cybersecurity applications.”

Artificial intelligence is seen as both a growing concern and a potential defensive tool for broadcasters. Pecena said AI increasingly helps identify unusual network activity, automate responses and detect threats faster than human monitoring alone can manage. But he warned that the same technology is also making attackers more effective.

Pecena said AI can generate more convincing phishing campaigns, create deepfake identity impersonations, rapidly discover system vulnerabilities and automate attacks at a scale previously requiring much greater human involvement.

“AI is going to continue to have a widespread use in defense strategy, but it’s also going to have an active use in the creation of threats,” Pecena said, warning that the technology is accelerating both the speed and sophistication of cyberattacks.