Sports Stadiums and Facilities Face a New Kind of Threat

Sports Stadiums and Facilities Face a New Kind of Threat

September 13, 2016

In recent years, numerous international sporting events have been the target of criminal activity in cyberspace and technical malfunctions caused by waves of cyber-attacks. Since the late 2000s, large sporting events and international tournaments have been the target of millions of cyber-attacks. However, most of them were typical IT attacks against networks/computers, rather than against the operational technology (OT) landscape or critical infrastructure.

During the 2014 FIFA World Cup held in Brazil, there was a drastic increase in malicious cyber activity. In a period of 30 days, starting three weeks before the tournament and through its first week, more than 90,000 attacks were launched against related organizations. In the 2012 London Olympics, 11,000 malicious requests per second were received and 212 million malicious connection attempts blocked. Another good example, is the 2016 Wimbledon Tennis Tournament, technology partner IBM saw a 302% year-to-year increase of security events and attacks on the official website for the tournament,

As the IT and OT landscapes continue to converge, the connection between these critical units creates a new attack surface and gateway for penetration to the OT through numerous vectors. These penetrations may result in malicious activity and harmful outcomes, such as system downtime or hijacking. Similar to smart buildings and structures, large-scale sports complexes utilize computer-based systems that monitor, manage and control various electrical and electromechanical functions, including: 

  • Illumination Control
  • Plumbing
  • Power Distribution
  • Security, Surveillance and Observation
  • Building Access Control
  • Fire Safety/Extinguishing

Usually, a number of workstations have full control of critical functions and hackers who manage to penetrate these systems can inflict devastating damage to key operations. Risks associated with cyber-attacks on smart sports stadiums and facilities are still unclear, yet broadly recognized as threats that can cause multiple negative consequences: massive power outages, shutdown of business operations, disruption of critical functions and services, destructive physical damage (e.g, malicious firmware updates destroying components) and wreaking havoc that may even result in loss of life (e.g, activating fire alarms to cause panic and emergency evacuation). Furthermore, cyber-attacks can also create negative social consequences, such as legal action, loss of confidence by customers, and a public backlash. 

Stadiums and sports arenas have the same vulnerabilities like smart buildings, namely critical functions managed by a centralized system that can be compromised. However, there is one major difference: malfunctions caused by cyber-attacks can impact the integrity of the game played. Direct cyber-attacks against sporting events can create a chain reaction of repercussions that can affect related-sectors such as: insurance, regulated gaming, sports broadcasting, advertising, ticket revenue, sports merchandise, professional athleticism and more.

In the last three decades, power outages have disrupted several major sporting events, including: Super Bowl XLVII (2013), Argentina vs. Brazil Soccer Match (2012), Minnesota Vikings vs. Chicago Bears NFL Football game (2010), 1989 Baseball World Series Game 3 and more. The outages caused serious reputational damage that also had negative financial consequences. Currently, cyber specialists understand that hackers and attackers have both the Capabilities and Motivation to target sports stadiums/arenas and international sporting events. Hackers and cyber-criminals are driven by various motives, including political and ideological beliefs, economic value, related criminal activity spilling over to cyberspace, strategic gains and other issues pertaining to national security. All these factors create a new impending threat.

One major cyber risk that is gaining more attention by facility managers is ransomware - malicious software that enables an attacker to access stadium control computers, seize sensitive data and then demand some form of payment to release it. McAfee Labs analysts detected more than 4 million samples of ransomware in Q2 2015, including 1.2 million that were new, and expects those instances to grow during 2016. That compares to fewer than 1.5 million total samples in Q3 2013, when fewer than 400,000 were new. Several cyber experts assess that more and more of these attacks will be directed towards arenas and stadiums. 

In conclusion, stadiums and arenas now face a new kind of threat that is exacerbated by two major factors: First, the intricacy and interconnectedness of critical functions in stadiums can possibly create a disastrous “domino effect” if attacked. Second, these risks are still not receiving enough attention or funding since they fall outside the scope of traditional IT.

Nation-E’s solution stands out with its multi-layered approach, proprietary hardware and software design and advanced technical features. We can provide protection for sports stadiums and arenas facing security threats, without changing the system architecture or topology.