The Super Bowl, which serves as the postseason championship game for franchises in the U.S. National Football League, has at various times in it’s 48-year history been a barometer of big technological trends. In 1984, for example, a pivotal ad for the first Mac aired during the contest, heralding the start of the personal computer revolution and demonstrating the potential of engaging with the game’s massive television audience.
In more recent years, Super Bowl venues such as MetLife Stadium in New Jersey and University of Phoenix Stadium in Arizona have been outfitted with sophisticated infrastructure to support innovations such as Bluetooth beacons and 4G LTE networking. The 2014 Super Bowl in fact was a coming out party for the Internet of Things, with users of the NFL Mobile app able to receive contextual notifications about nearby concession lines and restrooms.
Super Bowls have been by and large free of cyber security incidents, despite the growing reliance of both the NFL, broadcast networks and viewers on the Internet and devices other than traditional TVs. A Wi-Fi password was publicly broadcast on live TV in 2014, but these types of slip-ups have so far been the exception rather than the rule.
There is plenty to learn from the Super Bowl in terms of devising and optimizing network security, though. Many enterprises, service providers and technology organizations face challenges, such as supporting new devices and rolling out additional services, that the NFL and its partners have also dealt with. What specifically can the Super Bowl tell us about cyber security?
Cyber security at the 2015 Super Bowl: Key practices and takeaways
This year, Glendale, Arizona, hosted its first Super Bowl since 2008. Although one of the participating teams – the New England Patriots – was the same as 7 years ago, almost everything else was different, especially in terms of what technology fans and broadcasters were bringing to the game.
In early 2008, smartphones had yet to become mainstream. The only iPhone released at the time ran on slow EDGE networking and mobile apps as we know them didn’t really exist. Fast forward to 2015, and seemingly everyone is using a mobile device. The January 2015 edition of Cisco’s Mobile Visual Networking Index found that the average mobile data user in North America consumes 2 GB per month and is on track to use 11 GB by 2019.
Meanwhile, the Super Bowl itself has adapted to these changing habits. Whereas it was once only shown on broadcast TV, this year it was available as a free live stream from NBC. A Chevrolet ad during the game even joked about streaming it from a truck equipped with an embedded 4G LTE modem.
With so many more mobile devices and networks in play, cyber security was a priority for Super Bowl XLIX. Event organizers focused intently on:
- Redundant IT systems that could withstand cyber attacks.
- Information sharing between state, federal and private sector agencies.
- Careful attention to infrastructure such as electrical grids and public safety systems.
The event went by without an incident, although elsewhere on the technical front there was some inconsistency with the live stream. Such seamless security at an event of the Super Bowl’s scope is impressive and a valuable testament to the power of testing, one that some advertisers could have learned from, as InformationWeek’s Joe Stanganelli noted.
Just as Super Bowl organizers have had to integrate many new technologies to support the game’s staging and broadcast, enterprise IT departments have, in recent years, had to wrangle with multi-vendor environments that feature complex mixes of legacy, virtualized and cloud infrastructure. These mixed assets will require extensive testing to ensure that they not only work well together but also are secure.
Consider that software-defined networking – the practice of shifting network intelligence from proprietary dedicated appliances to software running on commodity hardware – was a $200 million market in 2014, but could balloon to $2 billion by 2016, according to a Corus360 report. This growth would be a huge change for CIOs and their teams – not on the scale of having to support a Super Bowl live stream, sure, but one that will still necessitate proactive and long-term thinking about best practices for security.
The Super Bowl, drones and what’s ahead for cyber security
This year’s Super Bowl showed the type of holistic cyber security approach – i.e., one that takes networks into account as well as critical infrastructure – that is increasingly merited. The event hinted at tomorrow’s security challenges, too – on game day, there was a 30-mile “no drone zone” around University of Phoenix Stadium.
The restriction was even tighter than the ones in place for conventional aircrafts. Anxiety about drones – basically small, unmanned and remote controlled aerial vehicles – has been mounting following their unexpected presence at sporting events like golf’s U.S. Open. While these vehicles are still largely the province of governments, they are gradually turning into consumer-grade devices, too, which may create security issues for the Super Bowl and other events due to the limited options available for controlling their use.
“Conventional methods to detect and mitigate threats from drones are limited; radars either don’t detect drones or characterize them incorrectly (i.e. migratory birds),” explained CACI International vice president Michael Kushin in a column for the Federal Times. “Additionally, if radar does detect the drone, it cannot mitigate the threat or identify the source.”
The restrictive zone at this year’s Super Bowl could be a sign of what’s to come, although we should expect cyber security vendors to eventually come up with more sophisticated solutions. Deep discovery tools could be extended to drones, keeping tabs on their movements as if they were just another type of network activity. No-fly zones may also be enforceable via firmware/software updates.
The Super Bowl may represent the end of its respective NFL season and a subsequent half-year offseason. However, it’s usually a good look into what is making waves in consumer technology and cyber security, enterprises can learn a lot from how organizers have approached issues like mobile devices, cyber attacks and drones.