Tomás Maldonado, the Chief Information Security Officer (CISO) of the National Football League (NFL), is gearing up to protect the league’s data, systems, and networks during the 2023 NFL season. With the increasing digitization of various aspects of the NFL operation, Maldonado faces a myriad of threats, including generative AI-enabled phishing attacks and deepfake videos.
Maldonado and his team strive to ensure the security and safety of fans, players, and operations throughout the season. Cyberattacks during major events like the Super Bowl and the draft could have severe consequences for the NFL brand and the overall fan experience. Maldonado aims to maintain an incident-free record in cybersecurity, building on the streak since he became CISO in 2019.
One specific concern Maldonado highlights is the growth of generative AI tools and the impact they can have on the NFL. With the popularity and widespread following of NFL players, the league becomes an attractive target for attackers. Systems that house player and fan data, credit card information, and stadium access control are among the potential attack points. Deepfakes, which are AI-generated video or audio content, pose a particular threat as they can manipulate and spread false information about influential figures within the NFL.
Additionally, AI-enabled phishing attacks present a significant worry for the NFL. With generative AI tools, attackers can craft convincing phishing emails that are more sophisticated than traditional methods. To combat this, Maldonado emphasizes the need for awareness training among players, coaches, and staff. Protecting identity information and social media accounts with two-factor authentication is a crucial part of the security preparations for the 2023 season.
Maldonado’s security team collaborates with counterparts at each of the NFL’s 32 teams to enhance their security programs. The league prioritizes ten focus areas that require high-priority attention, including network security, detection and response, and identity and access controls. Through risk assessments and audits, Maldonado ensures that clubs have visibility into their security maturity and progress.
Cisco, as an official technology partner of the NFL, plays a crucial role in securing the league’s infrastructure. Cisco’s Talos threat intelligence service supports the NFL’s digital backbone, but its involvement extends to delivering security services. Tom Gillis, the senior vice president and general manager of Cisco’s security business group, highlights the importance of protecting against direct attacks on the network and combating social engineering scams powered by AI.
For IT leaders like Brandon Covert of the Cleveland Browns, the NFL’s security framework provides a reliable foundation for implementing controls and addressing various threats. Covert emphasizes the need to protect player health data, personal information, and fan data while also securing building automation systems and ensuring physical security for fans in a digitized stadium. The team has recently partnered with Binary Defense, a managed detection and response service provider, to adopt a more risk-based approach. Binary Defense proactively monitors threats, including any mention of higher-risk profile individuals affiliated with the Browns, both in the cyber and physical domains.
As the 2023 NFL season gets underway, Maldonado and his team remain dedicated to protecting the league and its stakeholders from the evolving landscape of cyber threats. Through collaboration, training, and a risk-based approach, they aim to ensure that fans can enjoy the football experience without any security incidents impacting their safety or enjoyment.