NFL, CISA Look to Intercept Cyber Threats to Tremendous Bowl LVIII

The NFL is workshopping sport performs for Tremendous Bowl LVIII — of the cybersecurity kind.

Trying to juice up its protection, the league labored with the Cybersecurity and Infrastructure Safety Company (CISA) and Tremendous Bowl LVIII stakeholders throughout a tabletop train that CISA mentioned was meant “to explore, assess, and enhance cybersecurity response capabilities, plans, and procedures” forward of the massive sport on Feb. 11, 2024, at Allegiant Stadium in Las Vegas.

The four-hour tabletop train introduced collectively greater than 100 companions from the NFL, stadium, and authorities in any respect ranges, in response to the announcement on Sept. 21. Throughout the train, members mentioned a hypothetical situation that included phishing, ransomware, an information breach, and a possible insider risk — all with cascading impacts on bodily programs.

“This was a safe, low-stress setting to identify any gaps in those plans and ensure we all have a shared understanding of roles and responsibilities. In short, this exercise will help ensure we’re ready for any challenges that come our way on game day,” mentioned Steve Harris, CISA’s deputy govt assistant director for infrastructure safety.

The Super Bowljust like the World Cupis among the most-watched sporting occasions globally, and a profitable cyberattack disruption can be a significant coup for any cybercrime group. In different phrases, these kinds of occasions are the white whales of the goal sea.

George McGregor, vp at Approov, famous that the cyber-threat surface for sports continues to expand as nicely, as good stadiums and ever-more-digital infrastructure to help fan and workforce operations proliferate.

“Such a workshop should be a critical exercise before any major sporting event, to check that security and contingency plans are complete,” he mentioned in an emailed assertion. “Such events have a highly dynamic cybersecurity attack surface which changes rapidly as multiple partners and vendors, and thousands of fans come together and interact with ticketing systems and points of sale, using stadium Wi-Fi and via mobile devices. As a key part of this exercise, mobile apps which access sensitive information must be verified as being protected from impersonation or manipulation.”