CISA, NFL, and Super Bowl LVIII hold Cybersecurity Tabletop Exercise 

This week, CISA, the NFL, Allegiant Stadium, and Super Bowl LVIII partners held a Super Bowl LVIII Cybersecurity Tabletop Exercise to explore, assess, and enhance cybersecurity response capabilities, plans, and procedures ahead of Super Bowl LVIII.
The 4-hour Tabletop Exercise brought together more than 100 partners from the NFL, stadium, and federal, state, and local governments in preparation efforts designed to ensure the safety of events at Allegiant Stadium. The collaborators’ aim is to discuss plans and procedures, resources, capabilities, and best practices for protecting against, responding to, and recovering from a significant cyberattack during the event.
“This was a safe, low-stress setting to identify any gaps in those plans and ensure we all have a shared understanding of roles and responsibilities. In short, this exercise will help ensure we’re ready for any challenges that come our way on game day,” said CISA’s Deputy Executive Assistant Director for Infrastructure Security Steve Harris.
During the exercise, participants discussed a hypothetical scenario that included phishing, ransomware, a data breach, and a potential insider threat – all with cascading impacts on physical systems.
“At the NFL, we understand how important it is to practice like you play, and this week’s exercise is the first of many simulations we will conduct prior to Super Bowl LVIII,” said NFL Senior VP and CSO Cathy Lanier.  

George McGregor, VP, Approov had this to say:

   “It is very encouraging to see this exercise was organized by the NFL and partners and CISA.  
Such a workshop should be a critical exercise before any major sporting event, to check that security and contingency plans are complete.

   “Such events have a highly dynamic cybersecurity attack surface which changes rapidly as multiple partners and vendors, and thousands of fans come together and interact with ticketing systems and points of sale using stadium Wi-Fi and via mobile devices. As a key part of this exercise, mobile apps which access sensitive information must be verified as being protected from impersonation or manipulation. “

Table top exercises like these ones are good because it makes sure that all parties are on the same page. Let’s hope that the lessons learned from this exercise aren’t ever needed.

Leave a Reply

%d bloggers like this: