The way public safety personnel and law enforcement approach large-venue security planning for major sporting or entertainment events has drastically evolved over the last half-decade. Beyond the video surveillance, Jersey barriers and security fencing are very real concerns about the effects cybersecurity intrusion.
From the DNC hack to cyberattacks disrupting the Opening Ceremony of the Olympic Games or targeting venues hosting the Iran nuclear talks, high-profile events are prime targets for hackers. Even if the hosts have a sound security infrastructure for day-to-day operations, they often do not have the resources necessary to lock down a large scale, high-profile event which requires additional physical and cybersecurity to protect against disruption, revenue loss or other irreversible damage.
As a result, ProtectWise, an innovative cloud security company that provides comprehensive, long term network memory and immersive visualization. is working closely with organizations to build “pop-up” security operations centers (SOCs) to help traditional defenders during times of abnormal traffic and network distress at large events. These can apply to sports championships, election polls, top-secret federal events, and blockbuster concerts.
The fact is important annual events in the sporting industry only have a certain window to generate revenue. If a businesses’ point of sale (POS machine) or two gets infected or a web server goes down during a game, its bottom line is impacted and so is its ability to conduct the event again. The urgent question faced by those hosting major events is: How do you create a physical and cybersecurity environment with the ability to detect and respond quickly?
SecurityInfoWatch.com editorial director Steve Lasky recently discussed these cybersecurity issues with Greg Kruck, Senior Sales Engineer and
David Weissman, Regional Sales Manager, both at ProtectWise
SIW: Given the current history of global high-profile attacks on sporting and entertainment venues, what would you consider the most challenging threats facing organizers and facility operators, especially in the United States?
ProtectWise: In terms of the most challenging cyber threat, the importance of social media to publicizing events means that venues necessarily must provide greater network access than in the past. The more tweets, Instagram likes, and social media attention, the greater the impact of the event. Therefore, venues are highly motivated to grant attendees access to networks. The more access granted, the greater the opportunity to traverse weakly-segmented networks from public access to private subnets where power, media assets and critical venue assets reside—and we’ve seen all too often that a great many organizations have poor network segmentation even during normal operations. Critically, the traffic during high-profile events deviates from baseline traffic that venues’ cybersecurity analysts typically see, obfuscating attacks that might typically be caught.
SIW: The public safety plan for a high-profile, high-attendance sporting event like the Super Bowl must be comprehensive and will leverage technology and data. The Super Bowl is considered a SEAR 1 national security event, meaning the national and international profile of the game qualifies it as a credible target for terrorists. With Atlanta getting ready to host the annual Super Bowl, how can all parties involved in securing the city and venue - local, regional and federal law enforcement, DHS, stadium security officials and surrounding private organizations - create and implement a workable security and risk plan?
ProtectWise: Communication and subject matter expertise are key components to any effective risk mitigation plan, whether it be physical risks or cyber risks. When it comes to the IT assets of Mercedes-Benz Stadium or any other venue hosting a high-profile, high-attendance event, cybersecurity stakeholders aren’t just looking to detect attacks, they’re looking to communicate with law enforcement about threat actors, supporting anti-drone operations, leveraging facial recognition software, and looking at traffic that’s far outside the norm. The only way to be successful is to over-communicate and leverage experts who might not be as familiar with the standard baseline, but who can work in concert with typical staff so the venue gets the benefits of focused subject matter experts who can optimize use of the resources available and staff who know what “normal” looks like to reduce false positives.
SIW: When dealing with a massive sporting event like the Super Bowl, you are dealing two distinct security threats - physical (including perimeter, access control, video surveillance and visitor badging management), along with network and data security issues. How can security officials mesh both their physical and cybersecurity mitigation plans to provide a cohesive ring of safety and security for attendees and staff?
ProtectWise: In our experience with past surge/pop-up SOCs, an individual from law enforcement and/or venue security have been present in the SOC for efficient communication. In many cases, the physical mitigations depend on IT systems, like facial recognition technologies that can detect known ticket-forgers and threat actors identified on social media, so having IT staff available to provide deeper insights into how the technologies work and reconfigure them on the fly as necessary if law enforcement requests. There are times when law enforcement requests IT to focus in on a particular individual or device, and times when IT gets a detection and feeds that information to law enforcement. Once again, open and frequent communication ensures the greatest level of risk mitigation.
SIW: Discuss how local public safety and DHS can coordinate their command and control procedures to mitigate risk and how a Pop-Up Security Operations Center is created and put online to provide an effective and proactive security tool.
ProtectWise: Surge/pop-up SOCs aren’t a single tool; they’re a combination of standard tools and staff used by the venues along with on-demand tools and subject matter expert staff brought in to proactively address risk presented by high-attendance events. While most organizations bring in subject matter experts post-incident, the goal of a pop-up SOC is to proactively bring in experts for risk mitigation versus remediation, which is especially important when tens of thousands of attendees are present at an event.
SIW: Explain how implementing license plate readers placed around the city, tracking social media for possible threats, monitoring radiation detectors, and employing video surveillance with analytics tools can provide extra eyes and ears throughout the stadium and surrounding areas during an event like a Super Bowl.
ProtectWise: In our experience, venues typically have facial recognition software, social media monitoring tools, and drone detection platforms already in place in the course of normal business. However, the reliance of law enforcement on these solutions grows exponentially when major events come to town—no matter how many law enforcement agents are on the ground, proactive identification of threat actors attempting to enter venues can greatly contribute to risk identification and management. As an example, one ProtectWise customer who leverages the pop-up SOC model for championship events has leveraged a) social media analysis tools to identify an individual bragging about creating fake tickets, b) facial recognition software to identify the individual attempting to enter the venue, and c) communication with law enforcement and physical security staff to apprehend the individual.
SIW: Most attendees at a Super Bowl can understand the benefits of hardening the venue with physical security technology but may never consider the importance of cybersecurity as an important element of a safe event. Talk about why enhanced cybersecurity is a key element in protecting something like a Super Bowl and what potential threats are in play.
ProtectWise: As simple examples, NFL teams depend on technology to communicate on the field from coaches to players in huddles, and the press depends on connectivity to broadcast the game. Either disruption would impact the reputation of the league and the teams, from a revenue standpoint or from a gameplay standpoint.
SIW: Please provide some cloaked examples of successful temporary networks at large events and how they were integrated into the security plans.
ProtectWise: A large annual sporting event was being held at a relatively new stadium. Even though the facility was more recently established and taking into consideration the leaps and bounds that had been made in network communication, the organization still needed the pipes to be much longer to meet the expected standard from attendees including the media and league officials. This led to a temporary network to be created to facilitate the event. Security was a consideration from the start when the architecture was conceived. As a result, the temporary network has since replaced the existing network.
