SECURITY BREACH

Next Article

SAVE THE DATE

The biggest threat to sports and entertainment events today may be the unseen cyberattack with the potential to completely shut down a venue’s operations.

IN APRIL 2021, the sports world was “rocked” when the National Basketball Association’s Houston Rockets was the victim of a cyberattack. The group attempted to install ransomware, a type of dangerous code that essentially holds data hostage. Typically, a ransom is demanded, or the attackers threaten to make the sensitive information public. In this case, the group responsible claimed it had stolen 500 gigabytes of data.

While operations were not impacted, other teams and organizations may not be so fortunate if they don’t take the necessary precautions.

“While the threats have been mostly focused on data loss and sensitive information about players and finances, ransomware threats can cripple the sound and lights, interfere with concessions and put a major dent in revenue,” says Brian Finch, a cybersecurity legal expert and partner with Pillsbury Winthrop Shaw Pittman. “These cybersecurity attacks can be a real-time disruption of events and are one of the biggest threats facing sports facilities today.”

The cyber attackers represent a new breed of threat for sports venue operators, according to Microsoft’s Mark McIntyre.

“The cyber attackers can always stay a step ahead because they’re smart, they’re motivated because they want money or have a certain goal, and they don’t have to deal with laws or regulations, which allows them to work much

Editorial Credit: America365 | Shutterstock.com

Toyota Center, home to Houston Rockets basketball

Editorial credit: kovop58 | Shutterstock.com

faster than those playing defense can,” says Microsoft’s Senior Director and Chief Security Advisor in the Enterprise and Cybersecurity Group. “There’s ample evidence that criminal groups (target) where the major sporting events are because that’s where the money is, and I think we’ll see more and more attention on sporting venues.”

McIntyre uses the recently completed 2020 Summer Olympics in Tokyo as one such attractive sporting event to cyber attackers.

“These cybersecurity attacks can be a real-time disruption of events and are one of the biggest threats facing sports facilities today.”

BRIAN FINCH “This type of event is ripe for ransomwaretype attacks because you’re building facilities or you’re retrofitting facilities that are part of a larger urban grid or city grid, so you are naturally dependent on the power, water, electricity, and traffic systems all around there. You have this really interesting combination of critical infrastructure and gaming infrastructure coming together at a physical location,” McIntyre adds.

Microsoft has significant experience being onsite at large international sporting events, including the Tokyo Olympics, where it worked in real-time, 24/7 to help thwart any potential attacks. And according to Finch, there were concerns about cyberattacks coming from nearby sources.

“The biggest challenge for the event was obviously the pandemic, but there were disruptions to Olympic west pipes, and there was a serious concern that China or North Korea were going to try to disrupt the games to embarrass Tokyo and the Japanese government,” Finch shares.

While cyberattacks have become a more widely recognized threat that the sports industry is prioritizing as part of its defense strategy – the NFL, for example, has a cybersecurity official – there are still a variety of gaps and misconceptions that are leaving teams, organizations (and fans) vulnerable.

PROBLEMS AHEAD

The first mistake a sports security professional can make is thinking this could not happen to them.

“While the financial and reputational risks for professional teams and colleges are similar, albeit professional sports teams could pay a bigger ransom

than colleges or universities, we have seen attacks on K-12 schools, which in turn leads to a lot of questions about budget priorities,” notes Finch. “Ransomware criminals have proven to be pretty agnostic as to what they’re charging to whom.”

McIntyre agrees, adding: “The first mistake is thinking you’re not going to be attractive as a target. If you’re a D2 or D3 college program, you’re going to assume the attackers only care about Alabama. You have to get over the idea that you’re so small or obscure that no one cares about your data. The fact is the marketplace for attackers is so attractive, as it’s really cheap to launch cyberattacks.”

He also sees an emerging sport being especially at risk of a cyberattack: E-sports.

“E-sports is an industry that is heavily or completely reliant on the Internet. If you’re a criminal group and you take it down, you’ve just taken that whole sector offline or that event with thousands of people attending,” says McIntyre.

Another potential issue isn’t just the operating systems a cyberattack can impact, but the fans at those events, as well. More and more new stadiums and arenas are redefining “technologically

“The first mistake is thinking you’re not going to be attractive as a target…The fact is the marketplace for attackers is so attractive, as it’s really cheap to launch cyberattacks.”

MARK MCINTYRE

advanced” as they transition to a fully digital or electronic experience for fans. But the potential downside to a fully wired experience is that each fan could be potentially vulnerable.

“Each one of those people can be a threat vector or a point of failure, so to speak,” says McIntyre. “We’re all human beings. We all like to click on interesting videos of kittens and deals that look too good to be true, so we all end up becoming points of failure for the venues or for the security officials in those venues.”

The final and perhaps most important piece of the complicated cybersecurity puzzle is for sports venue operators to recognize and adapt to the converging physical and digital security environment.

“Thankfully, physical attacks rarely happen, but there are hundreds and thousands of cyberattacks happening every day, and these criminals are becoming more skilled and more and more capable every day,” Finch warns. “There needs to be a recognition that cyber is just as important as physical.”

On top of that, compromising IT security can ultimately lead to physical disruptions.

“These stadiums are massive capital investments, and there could be points of vulnerability where physical risks might come into play with IT risk,” says McIntyre. “If an attacker wanted to damage through IT to create physical havoc, they could take over a rail system, reroute traffic or take over the HVAC system to potentially hurt people in an event.

“It’s important for physical security personnel to remember that the line between traditional IT security and operational technology is pretty much gone, and IT and IoT very much go hand-inhand,” he adds. l

DIGITAL TRANSFORMATION DRIVES ENHANCED VENUE OUTCOMES

BY NICK TREDER Director, Sports & Entertainment, Johnson Controls

WE ALL KNOW firsthand that the COVID-19 pandemic has permanently changed how sports and entertainment events occur. We’ve made it through the NBA bubble, watched the NFL play to some empty stadiums, and suffered through postponements of Premier League play as they regrouped to accommodate high player test numbers.

The restart is so difficult for a variety of reasons, among them varying local regulations that change based on fluctuating COVID test numbers. But also consider that we’re presented with a whole new set of challenges that go way beyond the event itself. In many cases we have a need to protect growing numbers of fans frequenting large areas of real estate, including practice facilities, parking, restaurants, bars, residential, retail and commercial spaces. Fortunately, over the last decade, venues have experienced an increasing demand for the implementation of innovative digital technology to foster enhanced security and fan experience, along with operational and energy efficiency. For many venues, the infrastructure is already there to support many of the necessary technologies that will be required to ensure a safe and comfortable reoccupancy of venues.

We get asked all the time to help stadiums and arenas envision the way forward to a healthy, touchless, safe and sustainable facility for fans. This is our Healthy Buildings strategy — delivering healthy people, healthy places, and a healthy planet. And our formula for success is rooted in a marriage between the venue’s operational technology and informational technology.

Think about it — in the same way that digital technology is helping us unlock unprecedented opportunities for fan engagement through immersive technologies like augmented and virtual reality; or allowing us to gather data to tailor fan experiences and create new revenue streams; digital technologies and analytical capabilities like Artificial Intelligence can also make buildings more integrated, adaptive, proactive and self-learning. Bringing together traditional operational technology, IT systems and cloud applications infused with AI and cutting-edge technology, such as Digital Twin, enables insight, integration and collaboration that can be used to find a safe way to welcome fans back inside your doors while helping deliver on your Net Zero aspirations.

We are also seeing the adoption of digital technology to enable remote monitoring and management of security, life safety, mechanical, electrical and control systems, as well as provide remote energy efficiency analysis. The upshot is that with digital solutions, we can reliably operate facilities and minimize downtime with reduced staffing. Right now, you may regard a healthy building strategy as deploying COVID-19hardening measures. We see it as futureproofing your building against a range of risks, as well as helping you meet your sustainability goals. Think about the impact climate change, social unrest, and certainly the pandemic had on buildings this past year. Going forward, flexible, resilient, energy-efficient and carbonneutral spaces will be key, and in many cases, required. Creating these spaces requires cutting-edge technologies that together form a digital backbone that delivers a healthier building, higher productivity rates, and enables you to achieve your financial, environmental, social, and governance objectives.

We believe your healthy building journey never ends; it is a constantly evolving philosophy and investment strategy. Whether you are in the vision stage of your venue’s digital transformation, or you’ve discovered that your existing buildings no longer support your venue’s mission, applying data from both inside your buildings and beyond will allow you to manage operations systemically, deliver new experiences, provide better safety, ensure impactful sustainability, and so much more.