Smart Venue Security In 2018: The Sport Industry Grapples With Advanced Threats

Smart Venues offer fans new experiences by using artificial intelligence software. For example, Xperiel delivers targeted augmented reality experiences, WaitTime identifies the shortest queue and iBeacontechnology helps fans navigate the venue. However technology developments are a double edged-sword for Smart Venues as they must also protect fans against new perils. A consortium of AI experts from across civil society, academia, and industry gathered in February of 2017 to discuss and to produce a report on threats to compromise digital, physical and political security, stating:

We expect progress in AI to expand the set of actors who are capable of carrying out the attack, the rate at which these actors can carry it out, and the set of plausible targets.

What are these threats? For venues, these threats come in three forms, airborne threats, operational threats and revenue threats.

AIRBORNE THREAT: UNMANNED AERIAL VEHICLES

Drones are faster, smarter and easier to manage than ever before. Consumer purchases of these Unmanned Aerial Vehicles (UAVs) skyrocketed 40% in 2017 with global sales of 3.4 million units. To date, there have been no major attacks, but some notable disruptions. A drone dropped anti-media leaflets on fans at Levi’s stadiumand in the UK a drone flew over a soccer match at Crawley Town stadium forcing players to evacuate the pitch. FAA regulations stipulate drones must stay 3 miles away from stadiums, yet, as these incidents illustrate, these regulations are difficult to enforce.

What’s happening: No-fly zones are the new normal. Smart Venues are experimenting with technologies to secure venues from vendors like DeDrone, Black Sage and MyDefense. During the Super Bowl, the FAA implemented Temporary Flight Restrictions around U.S Bank stadium, doubled air traffic control and grounded all drones within 30 miles of the stadium.

For the PyeongChang Olympics, Korean drone maker DJI updated its drone software to include temporary no-fly zones around the Olympic venues. For the Commonwealth Games in Australia, security personnel used anti-drone guns with signal jamming technology. This technology allows law enforcement to take control of the device but is illegal in the US as it interferes with other signals like WIFI, GPS and mobile.

The bottom line: Drone sales are proliferating and venues are ill-prepared to defend against drone attacks.

OPERATIONAL THREAT: HACKING THREATS PROLIFERATE

Automating building controls allows venue operators to remotely manage air-conditioning, lighting and fire-detection. It also creates a plethora of endpoints for hackers to attack. The wide-spread connectedness of these systems allows hackers to automate vulnerability discovery and attack faster with increased precision. These factors contributed to breaches rising 45% from 2016 to 2017. DDoS attacks, where a hacker uses connected devices to overwhelm an internet server until it is disabled, have increased in size and frequency.

The potential vulnerabilities of the smart venue are myriad, from shutting down power to disabling the network to commandeering the jumbotron. These attacks threaten to shut down all services running on the server or network with the potential impact to fans ranging from inconvenient to deadly.

What’s happening: The challenge of securing a high-tech venue was evident in Korea; PyeongChang simultaneously received accolades as the ‘most tech-centric Olympics ever’ and consternation as ‘the most hacked Olympics ever.’ Despite extra precautions by South Korea’s security force, Fancy Bear hackers managed to shut down internet services and compromised mobile entry and other services. Leading up to PyeongChang, the same group hacked private medical records of Olympic athletes and released them to the public.

Securing venues against these threats demands new technologies. Cisco's Connected Stadium platform helps venues design the right architecture to support their infrastructure, ticketing, content distribution and Point-of Sale needs. Armored Things helps Smart Venues deal with threats and misuse of these Internet of Things devices with technology that monitors the operational integrity of devices and allows operators to mount an effective response to cyber-physical incidents.

The bottom line: The Olympics showed that operational vulnerabilities requires continuous innovation from security providers as well as contingency plans that emphasize backup systems, provide failover power and data redundancy.

REVENUE THREAT: TICKETS ARE FOR HUMANS NOT BOTS

Technology has changed the face of ticket scalping. Instead of selling tickets on a corner, scalpers commandeer armies of bots that compete for tickets where the winner is billionths of a second faster than the competition. In 2016 Ticketmaster thwarted 6 billion bots, that’s approximately 12 bots per ticket sold. The situations has evolved from pricing annoyance to security threat and highlights how little control operators have over who enters their venue. Tickets change hands whether through an initial bot purchase, or handing a paper ticket to your friend at the gate. Part of securing venues includes knowing who is there.

What's Happening: The problem of associating ticket purchases with human identities is both a security and marketing conundrum. On the security side, Ticketmaster’s Verified Fan Program allows fans to pre-register with verified email address for ticket access. Alternately their Presence Program partners with LISNR to create custom high-frequency identifiers which are emitted by the purchaser’s smartphone; these act as an entry token and another way to verify fan identity. Madison Square Garden is taking another approach using facial recognition technology to identify fans and control venue access, yet the technology is not as accurateas it should be. Alibaba is simultaneously developing the solution and conducting research on its shortcomings.

The bottom line: The benefit of putting tickets in the hands of identified fans was evident at the Golden Knights playoff series. Eager to expand one of the NHLs best ‘home ice’ advantages they offered season ticket holders low-cost tickets that could not be transferred to secondary resellers like StubHub. The Knights historic run this year may incentivize other teams to follow suit.

THE TAKEAWAY: Smart Venues are in unchartered territory, they are facing threats so new they can only look to themselves for the answer. Larger events such as the Olympics and the Super Bowl are leading the way with advanced security solutions to protect against new threats such as drones, DDoS attacks and bot-based ticket fraud. Developing these solutions demonstrates how sport continues to be a testing ground for new technologies. This is crucial to the future of venues and cities, as Francesca Bodie of OakView Group noted in our CES panel From Smart Venues to Smart Cities:

Venues and the private sector should be the catalyst for the cities to get smarter. We as the private sector need to remain committed to being the catalyst that jumps through those hoops that makes it scalable. Because without that, the city's municipal entities are so focused, as they should be, on infrastructure and public schools and life and safety, that if the private sector does their job everybody's going to eventually benefit from the system.

Venue operators must act quickly to develop a plan to protect against malicious use of advanced technologies and the increasing role of artificial intelligence in attacks. Not only do their fans demand it, but the cities around them demand it too.