Securing any world-class event is a massive undertaking that requires teams of security professionals to coordinate with each other and constantly share information. I’ve seen this collaboration up close due to my company’s involvement in helping to secure Super Bowl LV.
The Super Bowl is designated as a National Special Security Event, which means the Department of Homeland Security and other government agencies are deeply involved. State and local law enforcement are also key participants, as well as individual security teams from the National Football League, from the two teams playing, from the stadium itself, and from third-party vendors and event sponsors.
The Super Bowl is typically the most watched television broadcast in the U.S. every year, attracting 100.5 million viewers in 2020. The impact of the ongoing COVID-19 pandemic may push viewership numbers higher, both in the U.S. and around the world, since many other high-profile sports events have either been canceled or postponed.
As the official cybersecurity partner of the Tampa Bay Super Bowl LV Host Committee, we at ReliaQuest started work with all our cybersecurity peers last summer to define and agree on processes and escalation flow. Here’s a look at what it takes to secure such a high-profile event.
Expand your cybersecurity horizons
Securing the Super Bowl is highly complex since the task is so much more than simply ensuring the physical safety of the players, their support teams, the fans, and the stadium. From a cybersecurity standpoint, you must be able to monitor and secure the endpoints on all relevant computer systems, the traffic and communications across all related networks, and the access to and usage of all applications in the immediate area.
The work involves everything from ensuring the security of the game’s Jumbotron scoreboard to the broadcast television networks and to the wireless networks in use by the teams, the stadium’s staff, the fans, and the food and merchandise vendors. As cybersecurity partners, we define and apply rules to determine any incidents of unauthorized access as well as the potential introduction and installation of malware.
We’re also on the lookout for phishing attempts. For instance, if someone wanted to hack the Jumbotron, they might try to mount a phishing attack against the individual who’s responsible for uploading the scores. For wireless networks, we’re particularly interested in defining rules to flag wherever unauthorized connectivity and traffic occurs across different networks.
The Super Bowl also encompasses a whole series of game-related events, involving many vendors and thousands of previously vetted volunteers. These experiences occur in the run-up to Sunday’s face-off between the two football teams and may also be taking place as the game is being played.
When considering the security of the Super Bowl, you have to broaden your thinking to encompass every potential line of attack. Think about the ramifications of a single bad actor successfully hacking the iPad of a vendor selling food in the parking lot just outside of the stadium. Such a breach would likely be portrayed everywhere as a direct hit on the Super Bowl and so tarnish the reputation of the entire event as being vulnerable to cyberattack.
Increasing cyber risks
Every year, the cybersecurity risks multiply and the potential avenues for attack broaden as connectivity increases across the growing range of computer and wireless systems in use inside the Super Bowl stadium and in its immediate vicinity.
Monitoring social media and the dark web in the run-up to the game is crucially important to identify if anyone’s actively making threats against the Super Bowl. Perhaps, they’re claiming to have uncovered a vulnerability in a system and indicating that they intend to cause some physical or virtual disruption to the game, its broadcast or the surrounding celebrations.
We’re able to use the advantage of the months of lead-up to the Super Bowl to identify the most likely targets for hackers across system endpoints, networks, and applications as well as the methods they may use to gain entry. We can then ensure that we’re fully proactively protected against those types of attacks alongside our real-time monitoring, rules and alerts to pick up on any unusual activities.
Secure a sporting event: A super attractive target
Hacking attempts against the many different systems supporting the Super Bowl are happening all the time. There are always people rattling the doors to see if they can get inside. What I find so interesting about the Super Bowl are the different reasons fueling potential hackers:
- Kudos or chaos. There are people who will try to get into systems just to prove that they can, not with any intention of causing harm. They want the kudos of saying they hacked the scoreboard. Some hackers may be attacking for fun or to cause chaos because they actively dislike one of the teams playing. They may try to take over or take down that team’s social media accounts. Hackers may also aim to spread disinformation by falsely suggesting that the Super Bowl was hacked or by reporting fake game scores.
- Monetary gain. There will be high levels of e-commerce transactions occurring at the Super Bowl with fans purchasing food and memorabilia from a variety of vendors. Bad actors could attempt to hack those systems to commit identity and credit card theft. Other people perhaps plan to bet on the game and seek privileged insider information such as the latest data on the fitness of the players. We will also watch for any ransom threat should someone claim to have control over a system, say a Super Bowl broadcast, and try to exhort payment in bitcoin or else they’ll shut the broadcast down.
- Hacktivism. While the Super Bowl isn’t a political event, there may be people who are looking to make some kind of a statement. They’re not hacking into systems for personal gain, but to get across a message.
The use of many eyes
In the case of the Super Bowl, the adage we’re so fond of — “Security is a team sport” — makes so much sense. There is no way that any one organization could single-handedly monitor and protect the game, each one of the related events, and all of the interconnected systems. Instead, every cybersecurity professional plays their designated part, while coordinating closely with their peers on other teams.
The more people who have eyes on the situation and collaborate in pooling and sharing their knowledge, the better. It’s all about getting the right information to the right people at the right time to take action. For all of us on the cybersecurity teams, Super Bowl Sunday was a hands-on-keyboards workday with our end goal to ensure that all the fans and the players enjoy a safe and memorable experience.