When Super Bowl LVII between the Kansas City Chiefs and Philadelphia Eagles kicks off in Phoenix on Feb. 12, most everybody’s eyes will likely be on the gridiron. But farther afield, malicious actors and cyberattackers could also be seeking to rating their very own sort of landing — by shutting down methods, perpetuating ransomware, or finishing up hacktivism.
The 2022 FIFA World Cup event held in Doha, Qatar, over the winter raised related operational issues, and cybersecurity specialists observe that large-scale occasions on the whole provide a really broad assault floor space to menace actors of all stripes, because of the sheer variety of methods concerned in carrying it off.
“The factor that is tough for safety groups is that it’s not only one entity or single community they need to take care of,” says James Campbell, CEO and co-founder of Cado Security. “An occasion just like the Super Bowl entails quite a few suppliers, media firms, and so forth, all of that are liable for searching for his or her networks, collectively making up how the Super Bowl is run.”
Campbell provides that one of many greatest disruptions to the Super Bowl can be stopping it from being televised. With tens of millions of individuals worldwide watching, and given the promoting and income generated from the Super Bowl, if a menace group needed to get a sure level throughout, proscribing the flexibility to broadcast it reside would do the trick.
“That would in all probability have the most important impression, apart from bodily making certain the Super Bowl does not [actually take place] — a more durable job,” he says.
Critical Steps for Securing the Super Bowl
Bud Broomhead, CEO at Viakoo, factors out that the massive variety of third events concerned within the occasion from a technical perspective implies that making certain that a number of networks are segmented from one another is a vital first step in defending the occasion — in order that if one system is breached (Rihanna’s microphones), the menace actors cannot attain one other system (video surveillance, as an illustration).
He provides the massive variety of Internet of Things (IoT) gadgets and advert hoc networks that third events will deliver to the occasion — by stakeholders as various as caterers and sound engineers — means a number of factors of failure. Thus, layers of testing for worst-case eventualities will likely be vital main as much as the occasion.
“There will have to be general testing of these methods forward of the occasion to make sure ample redundancy exists,” Broomhead says. “Security for a giant occasion just like the Super Bowl should even have a give attention to resiliency — if unhealthy issues occur, is there an already established plan to attenuate the impression?”
Darren Guccione, CEO and co-founder at Keeper Security, notes that on the IoT entrance, many bodily management methods are “sensible” — i.e., Internet-facing; as such, they need to be of specific concern.
He poses a hypothetical: The broadcast community gear and servers sitting within the knowledge room within the Super Bowl could also be hardened with up-to-date patches, firewalls, and different defenses, however what concerning the constructing administration system? This may be a individually managed community — and never as effectively secured.
“Suppose menace actors assault IoT and switch off the air-con within the constructing administration system,” he says. “In that case, all these computer systems are ineffective since you should instantly flip off all of your servers, or else they soften inside 20 minutes.”
The state of affairs of an assault by way of the HVAC system is acquainted from the notorious Target breach of 2014 — all it takes is one worker falling for a phish.
“Leading as much as the large sport, IT professionals must be looking out for phishing assaults, malware and viruses, and social engineering assaults as menace actors try to achieve entry to the pc methods used to handle the occasion,” Guccione advises.
Despite the what-ifs, the excellent news is that cybersecurity is firmly on the radar display screen for this upcoming weekend: In addition to preparations on the a part of the occasion organizers and all the third-party stakeholders concerned, a wide range of authorities organizations even have thorough cyber-defense plans in place for the occasion, together with the Arizona Cyber Command and the Federal Aviation Administration.