NFL, CISA Look to Intercept Cyber Threats to Super Bowl LVIIINFL, CISA Look to Intercept Cyber Threats to Super Bowl LVIII
The league is working with more than 100 partners to workshop responses to a host of hypothetical cyberattacks on the upcoming Big Game in Las Vegas.
September 22, 2023

The NFL is workshopping game plays for Super Bowl LVIII — of the cybersecurity sort.
Looking to juice up its defense, the league worked with the Cybersecurity and Infrastructure Security Agency (CISA) and Super Bowl LVIII stakeholders during a tabletop exercise that CISA said was meant "to explore, assess, and enhance cybersecurity response capabilities, plans, and procedures" ahead of the big game on Feb. 11, 2024, at Allegiant Stadium in Las Vegas.
The four-hour tabletop exercise brought together more than 100 partners from the NFL, stadium, and government at all levels, according to the announcement on Sept. 21. During the exercise, participants discussed a hypothetical scenario that included phishing, ransomware, a data breach, and a potential insider threat — all with cascading impacts on physical systems.
"This was a safe, low-stress setting to identify any gaps in those plans and ensure we all have a shared understanding of roles and responsibilities. In short, this exercise will help ensure we're ready for any challenges that come our way on game day," said Steve Harris, CISA's deputy executive assistant director for infrastructure security.
The Super Bowl, like the World Cup, is one of the most-watched sporting events globally, and a successful cyberattack disruption would be a major coup for any cybercrime group. In other words, these types of events are the white whales of the target sea.
George McGregor, vice president at Approov, noted that the cyber-threat surface for sports continues to expand as well, as smart stadiums and ever-more-digital infrastructure to support fan and team operations proliferate.
"Such a workshop should be a critical exercise before any major sporting event, to check that security and contingency plans are complete," he said in an emailed statement. "Such events have a highly dynamic cybersecurity attack surface which changes rapidly as multiple partners and vendors, and thousands of fans come together and interact with ticketing systems and points of sale, using stadium Wi-Fi and via mobile devices. As a key part of this exercise, mobile apps which access sensitive information must be verified as being protected from impersonation or manipulation."
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods
Oct 26, 2023Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023