From Russian-affiliated hackers taking health information from the World Anti-Doping Agency and doxing several prominent U.S. athletes, to a former Major League Baseball scouting director breaking into an opposing team’s data records, to a NBA basketball team falling victim to a phishing scam, cybersecurity is becoming an increasing worry for high-profile sports organizations.
With leagues, athletes and team franchises increasingly turning to technology — be it social media, virtual reality, big data or mobile apps — for strategy or business growth, hackers are also beginning to see the value of that data, explained Doug DePeppe, cofounder of the Cyber Resilience Institute, during a phone interview.
DePeppe’s small team has established one of the first information sharing and analysis organizations, or ISAOs, solely dedicated to sports. The ISAO will work to monitor, report and respond to cyberattacks specifically aimed at sports-related digital assets, along with feeding threat information to professional, college and high school sports organizations.
Based in Colorado Springs, Colo., the “Sports ISAO” recently worked to support the United States Olympic Committee at Summer Olympics in Rio De Janeiro. As part of this effort, the ISAO had several core responsibilities, including threat analysis and reviewing malicious social media activity in tandem with federal partners.
The professional sports market in North America is expected to be worth $73.5 billion by 2019, according to a 2015 PricewaterhouseCoopers report. A significant percentage of future revenue growth will be derived from “new media” opportunities, the report details, especially those that leverage the internet for distribution. In the future, DePeppe believes that there will be a palpable demand from these organizations for tailored threat intelligence and response services.
In recent weeks, the Sports ISAO has engaged in a series of partnership conversations with “major” sports organizations, said DePeppe, who described his ISAO as a hybrid non-profit that closely collaborates with a cohort of security, legal and advocacy organizations that in turn provide different operational capabilities.
The group relies on products and services rendered from for-profit companies like IT contractor Colsa Corporation, threat intelligence platform developer ThreatConnect and internet sensor firm FarSight Security. The Cyber Resilience Institute and DePeppe’s own cyberlaw and interdisciplinary advisory firm, Eosedge Legal, are also involved.
Beyond the private sector, the Sports ISAO has worked to integrate cyberthreat intelligence feeds that come from the Department of Homeland Security.
“We are starting to have a dialogue with DHS about mission space as it relates to critical infrastructure, sporting events and where we can align,” DePeppe said.
A growth in the presence and impact of ISAOs across the U.S. stems from a 2015 executive order to encourage the creation of intel-sharing groups over the next 10 to 15 years that are dedicated to specific communities.
As for staffing the Sports ISAO, DePeppe explained that he hopes to develop talent from the community by hiring interns directly out of college and high school. He hopes that doing so will offer an active learning experience that will ultimately result in a more talented cybersecurity workforce.
The Sports ISAO is expected to launch in a full operating capacity either later this year or early 2017.