Why Securing Connected Sports Stadiums Is a Must
JULY 25, 2016 • Blog Post • BY MAEGHAN OUIMET, WIRED BRAND LAB
IN THIS ARTICLE
- Smart stadiums provide fans with Wi-Fi, turn-by-turn navigation and the ability to order beer right to their seats, but these new conveniences come with new cybersecurity risks
- Experts share best practices for stadiums to protect their IT infrastructure—and their fans—at the next big game
If stadiums prioritize cybersecurity, live sporting events will be a win for fans
Welcome to the new digital in-stadium sports experience: connect with wireless sensors to remember where you parked your car, scan your ticket from your phone to enter the stadium, find a Wi-Fi network to bypass the overloaded cell networks, check in using your phone's GPS to let friends know your location, order and pay for a cold beer right from your seat and enjoy the game!
Not so fast.
Though this new experience has become the norm at many stadiums, it's also creating vulnerabilities that cyber criminals can exploit. With the growing amount of data exchanged in stadiums and arenas around the world, hackers often lay in wait. After all, why bother capturing a few credit card numbers at the corner cafe when they can do the same to thousands of people in one place?
Experts say the solutions for the growing threats at sporting events rely on an educated public and an adaptable IT department.
Vulnerabilities hiding in plain sight
"It's a constant game of leapfrog," says cybersecurity consultant Corbin Ball. "Cyber criminals attack, and we adapt."
Despite this, tools do exist to mitigate the threats. The NFL, for example, created a secure mobile application for Super Bowl 50 to help thwart potential threats through the building's 13,000 Wi-Fi access points. The NFL monitored for scam websites before the event and brought in a cybersecurity team to track all data activity during the game. And it workedso far, no cyber crimes have been reported.
At large sporting events like the Super Bowl, or even a regular season game, cybersecurity success means parsing relevant data. But monitoring 90,000 football fans' data is a daunting task. Reg Harnish, CEO of GreyCastle Security, says stadium cybersecurity supervisors should prioritize, focusing less on the Snapchats and more on point-of-sale transactions during events.
"Ninety-nine percent of the traffic during a game is going to be social media, people tweeting or streaming replays," Harnish says. "Stadiums need to segregate all that traffic from the important stuff," such as credit card information and passwords.
Game planning cybersecurity
Harnish, who works on cybersecurity for MLB and NFL teams, says creating secure applications and focusing on point-of-sale and other important data exchanges is just half of the cybersecurity solution, though. Patron participation is the other, starting at the gate, physical screenings should go hand-in-hand with cyber screenings.
"The screenings that occur if you're going to a Knicks game are pretty intense these days," says Harnish. "But we"ve virtually done nothing on the cyber side." His suggestion? "Think about what we do at TSA with Precheck—we go through a process beforehand that verifies who we are. I could see something like a Precheck before sporting events, something that's easy," he says. "You probably don't need the same level of screening that you would to fly on a plane, but I could see something like that making it more convenient."
As thephysical infrastructure of stadiums becomes more connected, Marcus Wehmeyer, solutions architect at Aruba, suggests IT professionals should monitor and restrict these growing digitalaccess pointsin the building as well.
"One easy way is to ensure physical access is restricted, meaning RJ-4x ports are not easily accessible to fans or are restricted with 802.1x or some other NAC solution," he says. "Moving as many services as possible to the wireless network while still maintaining security levels is another way to ensure physical access to the network is harder to gain for unauthorized users."
Ticket holder responsibility
Screening, however, doesn't absolve people from doing their part. Avoiding cyber attacks at sporting events comes down to educating patrons about the risks. These warnings can be simple reminders not to sign on to an "evil twin" Wi-Fi hotspot or to preregister their devices with the stadium, establishing a digital certificate of sorts. The education shouldn't be invasive, Ball says. Encourage people to use an up to date operating system when they enter the stadium, or subtly remind them throughout the event which Wi-Fi network is the stadium's (while the IT department monitors for "evil twin" networks).
The biggest problem in cybersecurity is the psychology of individuals.
Wehmeyer believes in the next few yearsnew technologies will arise to offer better, more cost-effective encryption options (possibly throughquantum computing technologies)tohelp mitigate cyber crime.Despite the technological advancements, however, Harnish says we've got a long way to go when it comes to fans' recognition of the issue. Until there's more buy-in, stadiums will continue to play "leapfrog" while implementing smaller fixes (like creating secure apps a la Super Bowl 50 or monitoring for phishing scams before an event).
To date, though, it seems cybersafety will continue torelyheavily on the fans entering the stadium.
"The biggest problem in cybersecurity is the psychology of individuals," says Harnish. "There are no guarantees in cybersecurity, and the human mind does not relate well to that."
Is your business ready for the digital workforce revolution?
Download this white paper to learn how to transform your workplace.