Athletes, Arenas, and Cyberattacks: The Evolving Landscape of Cybersecurity in Sports

September 20, 2024

As cybersecurity threats continue to evolve, the sports industry faces unique challenges in safeguarding its data, athletes, and events. During a recent panel discussion at the Aspen Cyber Summit, Reynold Hoover, CEO of the 2028 Los Angeles Olympics; Eric Tysarczyk, Senior Vice President of the National Hockey League (NHL); and Jaia Thomas, an attorney representing athletes, provided key insights into the cybersecurity landscape in professional sports. The discussion highlighted critical issues ranging from protecting sensitive data to defending against sophisticated cyberattacks during major sporting events like the Olympics and professional sports games.

Cybersecurity at the Olympics: A Global Target

Reynold Hoover, a retired U.S. Army lieutenant general, outlined the immense cybersecurity challenges involved in securing the Olympic Games. As the largest sporting event in the world, the Olympics attract not only millions of fans but also a wide array of cyber threat actors. From the integrity of competition timing to safeguarding the vast network of accommodations and transportation for athletes and spectators, the Olympics’ infrastructure must be protected against numerous attack vectors.

Hoover emphasized that timing technology – such as the systems used by Omega to track race results – is vital to the Olympics, not just for the athletes competing but for broadcasters and other media as well. Any disruption in the timing systems could undermine the event’s credibility and the integrity of the game.

Hoover also discussed the air-gapped network employed at the Olympics to protect data and ensure that broadcasts and media feeds are securely managed through the International Olympic Committee (IOC). The goal is to keep cyber threats at bay while enhancing the fan experience, particularly with the use of social media and new ways for fans to follow players on the field.

Hoover stressed the importance of early cybersecurity planning and collaboration with the government , including the Cybersecurity and Infrastructure Security Agency (CISA). These partnerships are essential for defending against nation-state actors and disinformation campaigns that aim to disrupt the Olympic Games.

NHL: Protecting Fans, Players, and Data

Eric Tysarczyk provided insight into the unique cybersecurity challenges within the NHL. NHL arenas filled with fans and their devices create an environment rich with sensitive information, from ticketing data to streaming services.

One key area of concern for the NHL is the growing risk from sports betting. Tysarczyk explained that while traditional cybercriminals might seek to steal data, many betting-related threats come from frustrated gamblers. The NHL is also concerned about protecting players from harassment or doxing. He explained these instances could arise from an individual who lost money gambling on the game and may blame a player or official. But it is not limited to aggrieved individuals – nation-state actors can target players, especially when they take political stances that conflict with their home governments.

Another example Tysarczyk noted is the use of Hawk-Eye and goal-line technology, which provide real-time data during games. There is also player data going to medical teams and coaches. Tysarczyk emphasized that the NHL’s operations team is diligent in ensuring that this data is properly encrypted and only accessible by authorized personnel. Any breach of this data could undermine the integrity of the sport.

Additionally, Tysarczyk discussed the challenge of balancing innovation and security as the NHL continues to expand its streaming and distribution channels. The league relies heavily on third-party vendors for these services, which presents its own cybersecurity risks, as the National Basketball Association (NBA) learned in 2023 when a third-party vendor hosting the NBA’s data was hacked. The third-party risk management program has become a core part of the NHL’s strategy to mitigate potential vulnerabilities.

Athletes and Cybersecurity: Proactive Protection

Jaia Thomas shifted the conversation to the cybersecurity challenges faced by athletes, particularly in safeguarding their personal and health data. Thomas observed athletes often rely on their teams to make key decisions about their physical well-being, and any breach of their sensitive information could have severe consequences. Athletes’ health data is even more valuable now because of gambling. Cybercriminals are often motivated by financial gain, seeking to exploit famous athletes for personal profit.

Thomas stressed that athletes need to take a more proactive approach to cybersecurity, particularly when it comes to social media. While social media is a vital tool for building an athlete’s brand, it also exposes them to potential threats. NFL player Laremy Tunsil’s Twitter and Instagram accounts, for example, were reportedly hacked just prior to the NFL Draft. The hacker shared a video that appeared to show Tunsil smoking marijuana. Questions about Tunsil’s character that arose from the video resulted in Tunsil sliding down the draft board, losing about $8 million in the process. Thomas warned that athletes should be careful about what information they share, explaining that over-sharing personal details can lead to unwanted attention from cybercriminals.

Thomas also highlighted the importance of cybersecurity education for athletes. Many athletes, she noted, do not fully understand the complexities of protecting themselves in the digital world.

Conclusion

Cybersecurity in sports is a complex and evolving issue, with major events like the Olympics, the NHL, and other professional and amateur sports facing unique challenges. From safeguarding sensitive data to mitigating the risks of sports betting, disinformation, and cyber-attacks with physical impacts, the sports industry must remain vigilant. Cybersecurity incidents impacting the sports industry can lead to class action liability, financial, and reputational risk following breaches of personal information but they may also trigger cybersecurity regulatory scrutiny including pursuant to new cyber incident reporting requirements coming in 2025 under the Cybersecurity Incident Reporting for Critical Infrastructure Act of 2022. Early planning, strong partnerships, best practices, and robust cybersecurity education are essential to protecting athletes, fans, venues, and the integrity of the games. As the digital landscape continues to evolve, so too must the strategies employed by sports organizations to stay ahead of cyber threats.

Wiley Connect

Sign up for updates

Wiley Rein LLP Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek