Professional sports face unique cyber threats and challenges, especially the nexus between cyber and physical security. These unique challenges have led to close cooperation between the top organizations in the field.
This is from the CISOs of three of America’s biggest sports: Steve Grossman of the National Basketball Association, Thomas Maldonado of the National Football League, and Dave Munro of the National Hockey League.
One of the major challenges is the high degree of “cyber-physical convergence” in professional sports. A cyberattack at a major sporting event could “impact the health and safety of fans,” Maldonado said.
He gave a hypothetical example of how stadium parking lot signs could be changed, leading fans in the wrong direction, a physical danger. “Not many of his CISOs need to worry about that,” commented Maldonado.
All of the technology used in the stadium is network-based, from game production to lighting and temperature. “There are endless threats to deal with,” says Munroe. These different technologies are also handled by multiple people, adding to the difficulty.
Grossman added that a high-profile sport like the NBA has to manage a massive footprint that spans multiple stadiums, teams and geographic locations. As a result, “it takes a lot of coordination and collaboration to make sure everything is aligned,” he said.
Certain games, such as the playoffs, make cybersecurity even more difficult because the location and teams involved are not known until the event is near, Grossman commented.
Importance of collaboration
All three CISO panelists acknowledged that different professional sports face similar challenges and commonalities when it comes to offense. They have developed a close network of information sharing among themselves regarding the attack trends they are observing and the effective mitigation strategies they are using.
The panel, moderated by FBI Assistant Section Chief Joseph Szczerba, emphasized the importance of the relationships forged by sports leagues and government agencies such as the FBI and CISA.
Due to the physical safety aspects of sports cybersecurity and the national geographic areas that need to be covered, these relationships are critical to rapidly understanding and mitigating new threats.
Munroe emphasized the value of connecting directly with the FBI and CISA, allowing them to get in touch with these organizations quickly when needed. “This is one of the best things you can do him,” he added.
