Professional sport faces unique cyber-threats and challenges, especially sounding the tie-in cyber has with physical security. These distinctive challenges have led to close collaboration between top organizations in this sector.
This is according to CISOs from three of the US’ largest sports - Steve Grossman from the National Basketball Association, Tomás Maldonado at the National Football League and Dave Munroe from the National Hockey League.
One major challenge is the high levels of “cyber-physical convergence” in professional sports. Cyber-attacks in big sporting events could potentially “impact the health and safety of fans,” Maldonado pointed out.
He gave the hypothetical example of signs in a stadium car park being changed to point fans in the wrong direction – potentially towards physical danger. “Not many CISOs have to worry about that,” Maldonado commented.
All of the technology used in stadiums is network based – from the production of the game to lighting and temperature. “The threats you have to manage are endless,” Munroe said. These different technologies are also handled by multiple people, adding to the difficulties.
Grossman added that high-profile sports like the NBA must manage a large footprint, encompassing multiple stadiums, teams and geographic locations. As a result, “there’s a lot of coordination and collaboration needed to make sure everything is aligned,” he said.
For certain games, such as playoffs, the location and teams involved are not known until close to the event, making cybersecurity even more challenging, commented Grossman.
Importance of Collaboration
The three CISO panellists all acknowledged that different professional sports face similar challenges and commonalities in terms of attacks. They have developed a close information sharing network between them – around attack trends they are observing and effective mitigation strategies they are using.
The panel was moderated by Joseph Szczerba, assistant section chief at the FBI, and he highlighted the importance of the relationships developed by the sports leagues and government agencies, such as the FBI and CISA.
Due to the physical safety aspect of sports cybersecurity, and the nationwide geographic region that needs to be covered, these relationships are critical to understand and mitigate new threats quickly.
Munroe emphasized the value of having direct connections to the FBI and CISA, allowing him to get in touch quickly with these organizations when needed. “It’s one of the best things you can do,” he added.