The NFL’s New Defensive Strategy By Alex Moersen
As professional sports become more connected, unique cybersecurity strategies have been employed to ensure safety for players, personnel, and fans alike.
40
In 2016, former scouting director of the St. Louis Cardinals Christopher Correa was sentenced to four years in prison for hacking into the Houston Astros’ player-personnel database and email system in order to gain insights into their operations. Just a few months prior, the Milwaukee Bucks played victim to a security breach that saw players’ financial documents released, including Social Security numbers and compensation information. To wrap up the year, a Russian cyber espionage group hacked the World Anti-Doping Agency database and leaked the drug records of Venus and Serena Williams online. While there have been myriad advancements in the gear that ensures players’ physical safety, information security in the sports realm is still developing.
When Russ Trainor, Senior Vice President of IT at Sports Authority Field, started his position in 2008, he had 350 devices on the network. Today, that number is closer to 8,000, consisting of scoreboards, iPads, personnel computers, and much more. On top of that, sports teams and facilities have been charged with the responsibility of protecting player and personnel data while ticketing services often hold the information of many fans. With nearly 20 years of experience working in NFL information technology and cybersecurity, Russ Trainor knows his way around the technology behind the Gridiron and shared some of his insights about the merging worlds of sports and cybersecurity.
In just the last decade, professional sporting events have become technological hubs with numerous devices connecting to the same networks. While hosting Super Bowl LII, the U.S. Bank Stadium garnered 17 terabytes of WiFi. For comparison, a recent Taylor Swift concert at Sports Authority Field in Denver, CO only allowed 8.1 terabytes. This is a far cry from where sports facilities were just 10 years ago.
Where an NFL team is concerned, there are two main focuses: player information, especially as it pertains to medical records, and the playbooks. As Trainor describes it, “For me, it’s medical stuff. All my player records, player contracts … I need to lock them down.” While securing internal records is a relatively straightforward process, things get complicated when you consider how much movement there
INNOVATION & TECH TODAY | FALL 2018
The Team
is in the NFL as players transfer from team to team. In the case of the Denver Broncos, they have their own Electronic Medical Record system, but it’s important to keep those records secure when a player transfers to a different team. Unfortunately, this can be sometimes difficult to navigate. Peter Alexander, CMO of Check Point, one of the world’s leading cybersecurity firms, explained that “medical environments are traditionally very vulnerable environments.” This is typically caused by the numerous devices connected to the networks as well as the various people who need access to the medical records. Regardless, under the Health Insurance Portability and Accountability Act of 1996 (commonly known as HIPAA), it’s vital that teams protect the information of not only their own players, but the players of visiting teams as well. “People don’t think about that,” explains Trainor. “You have an X-ray machine on staff and you have access for both home and visiting teams, but you can’t share those images. So if an Oakland player messes his knee up, the Broncos can’t look at his knee. But their training staff can go in there, do the X-rays, and take that back with them.”
