The defense strategy that led the Denver Broncos to victory at Super Bowl 50 was a fitting celebration of what might have been the last NFL game of winning quarterback, Peyton Manning’s, Hall of Fame career. Less poignant, but also well worth celebrating is the San Francisco 49ers’ successful collaboration with the city of Santa Clara, law enforcement, private industry and the general public to avoid a major security incident.
In its 50-year history, the Super Bowl has never been victimized by a high profile attack. That’s some record, especially for an event deemed a national security concern by the U.S. Department of Homeland Security. It’s worth taking a look at the planning and strategy that went into securing the February 7 Bowl, and how government can adapt it for public sector cybersecurity.
Blocking Threats With a Layered, Defense-in-Depth Network Security Infrastructure
From the vantage point of a cybersecurity expert, the Super Bowl 50 security strategy looked a lot like a layered, defense-in-depth network security infrastructure.
At the center was a consolidated data command center at Levi’s Stadium, the relatively new, high tech home of Super Bowl 50 hosts, the San Francisco 49ers. From here, security officials monitored and analyzed multiple types of information channeled via data and camera feeds from critical asset points in and around the stadium—including major intersections where traffic bottlenecks could impact response times to potential threats.
Private citizens had access to the system via mobile apps and web—enabling them to avoid congested areas and report suspicious behaviors before they reached the stadium. Guidelines were released well in advance of game day to ensure all ‘users’ were aware of what to look for, as well as protocols for averting risk and reporting potentially dangerous situations.
The information gained has value beyond Super Bowl 50 and can be analyzed and applied to security planning efforts for future, high profile sporting and entertainment events at Levi’s Stadium and other venues.
If you were to translate the Super Bowl security strategy into a list of cybersecurity best practices for government, they’d look something like this:
- Build a defense-in-depth strategy to monitor all potential attack vectors relative to the location of assets that require the most protection. With a consolidated view of all threat vectors across your entire threat environment, you’re more likely to catch potential problems and respond to them before they cause widespread and/or irreparable damage.
- Create a culture of security. Cybersecurity doesn’t occur in a vacuum. This is especially true in complex, government IT environments that employ large numbers of diverse people in a variety of high- and low -level roles—all who need to interact with your data and systems to do their jobs. All need to understand the critical nature of cybersecurity and be equipped with the knowledge and tools to to protect it.
- Assume the worst to plan for the best outcomes. Government agencies and events like the Super Bowl share a number of risk factors that make them an attractive target—like notoriety, expansive threat surfaces, multiple access points and large data stores to name a few. Assuming your agency WILL be targeted for attack is the proactive stance you need to take to assess all risks, identify what needs the most protection and solutions to secure them.
Super Bowl 50’s victory over attack was a team effort. So should be cybersecurity at your government agency. An experienced systems integrator that understands the risks to government networks and how to develop strategies and deploy solutions to fight them can play a vital role on your team. Xiologix partners with leading network security providers to help government agencies build winning, defense-in-depth cybersecurity infrastructures.
