Newswise — Someone pulled a fire alarm during the February 2018 school shooting in Parkland, Florida, which killed 17 students and teachers. The alarm caused more students to move into the hallways and into harm’s way.
That detail worried Nate Evans, a cybersecurity program lead at the U.S. Department of Energy’s (DOE) Argonne National Laboratory who helps owners of sports stadiums and concert arenas lower their cybersecurity risks. It reminded Evans of a dangerous shift in recent cyberattacks.
“Hackers no longer use cyberattacks to cause cyber damage,” said Evans. Instead, “they are using these attacks to cause physical damage or put people in locations to maximize physical damage.”
To combat threats like these, Evans and his colleagues are launching an online survey as an assessment tool for team and stadium owners to find and fix cyber vulnerabilities. The survey will also help owners obtain credentials for the Department of Homeland Security’s Safety Act program. The program encourages businesses to offer anti-terrorism products and services; stadiums that complete the program, which is designed to strengthen physical and cyber defenses against terrorism, can avoid legal liability if an incident occurs.
“Hackers no longer use cyberattacks to cause cyber damage.” Instead, “they are using these attacks to cause physical damage or put people in locations to maximize physical damage.” — Nate Evans, cybersecurity program lead at Argonne
More importantly, the survey will make professional sports games safer and more fun for players, owners and fans.
Keeping both cyber and physical worlds safe
In many stadiums, fire alarms and ventilation systems are connected digitally, giving operators more control. While this setup is convenient, it also puts more fans at risk if criminals hack into the system and potentially lure crowds to danger.
Similarly, city planners often place urban stadiums and conference centers together; they may even share fire alarm systems and data centers. “One glitch might cause them to evacuate at the same time, which amplifies the problem,” said Evans.
Argonne’s online survey helps stadium operators pinpoint and mitigate these problems. It begins with a stadium’s physical security: Who can access certain areas? How are security forces and staff trained? What are the emergency response plans? But cyber security, says Evans, is playing an increasingly larger role in the survey as the cyber world controls more of the physical world around us — electricity, fire alarms, scoreboards, heating, ventilation, and air conditioning.
So how can teams and stadium owners counter cyber threats?
The first step, said Evans, is to physically isolate the controls for each system — power, lighting, fire safety, ventilation, plumbing, security, and surveillance. Simply relying on separate digital accounts that share the same servers is a mistake. Second, operators need to know which systems are dependent on others. Fire alarms, for example, depend on electricity, but does that power, in turn, depend upon other infrastructure — water, natural gas, etc. — that is also vulnerable to disruption?
Team and stadium owners also need to talk directly with all third-party vendors — information technology, concessions, security, etc. — that typically help run stadiums. “If a hacker breaks in and you can’t contact your IT staff, then how can you react?” asked Stephanie Jenkins, a cyber security analyst involved in the laboratory’s research.
Evans and Jenkins plan to offer the survey to owners of sports stadiums and concert arenas soon. Meanwhile, the team continues to advise professional sports leagues, including the National Football League, Major League Baseball, National Basketball Association, Major League Soccer, National Collegiate Athletic Association, among others, on cyber issues.
Argonne National Laboratory seeks solutions to pressing national problems in science and technology. The nation’s first national laboratory, Argonne conducts leading-edge basic and applied scientific research in virtually every scientific discipline. Argonne researchers work closely with researchers from hundreds of companies, universities, and federal, state and municipal agencies to help them solve their specific problems, advance America’s scientific leadership and prepare the nation for a better future. With employees from more than 60 nations, Argonne is managed by UChicago Argonne, LLC for the U.S. Department of Energy’s Office of Science.
The U.S. Department of Energy’s Office of Science is the single largest supporter of basic research in the physical sciences in the United States and is working to address some of the most pressing challenges of our time. For more information, visit https://energy.gov/science.