The organization that oversees college sports programs across the US is bolstering its cyber security in various fields, the NCAA's chief information officer said at Cybertech Global 2020. Reputational risk is one of its biggest areas of concern
Cyber defense is a major issue for the National Collegiate Athletics Association, which oversees and regulates sports programs in over 1,200 universities and colleges across the US.
Thus, the organization is endeavoring to protect the personal information of student athletes, boost the cyber security of stadiums, mitigate reputational risks, and enforce compliance with its cyber defense standards, the NCAA's chief information officer said at the Cybertech Global 2020 Conference.
"College sports are huge" in the US so the NCAA bears important responsibilities, Judd Williams said in a January 29 speech. The organization is responsible for over 500,000 student-athletes and 19,000 teams in 24 sports. By comparison, the National Football League, Major League Baseball and the National Basketball Association each have about 30 teams, the CIO said.
Williams oversees the NCAA's strategic planning, budgeting, implementation and support of technology initiatives for the national office, among others. He previously worked for the FBI, rising to the position of senior IT manager. He also held positions with Northrop Grumman and SAIC.
The CIO called attention to several recent high-profile cyber incidents in sports, such as the 2016 phishing attack on the NBA in which player tax information was leaked; the 2017 discovery that the St. Louis Cardinals baseball team accessed the scouting database of the Houston Astros for two years; and the 2018 spear phishing of the International Olympic Committee in which internal e-mails were released.
"The landscape in sports is slightly different than what many of you may be encountering," he said at the conference in Tel Aviv. "Reputational risk is one of the biggest things we are concerned with."
As for other issues of importance, he cited protection of personal information of student athletes, mitigation of cyber risks to stadiums, ensuring fair play, maintaining the integrity of the game, and addressing what he called the normal security risks any organization has to face.
Williams added that the NCAA needs to rethink how it classifies data. "What we have found is that everything we have can be turned against us, and things we don't consider sensitive are now becoming sensitive and being used against us in litigation and in the media," so the mere classification of data doesn't fully protect the organization, he said.
In addition, the CIO emphasized efforts to adapt the cyber defense strategy to the different risks that the NCAA faces, enforce standards among the 1,200 schools that vary in their cyber defense maturity, and ensure compliance with standards by those who don't understand cyber risk in the sports industry.
College sports are very big business in the US. The NCAA's annual Division I men's basketball tournament, also called "March Madness", is one of the major events in American sports, drawing 68 teams and an estimated 80 million viewers. Williams said it is so popular that over $6 billion of corporate productivity is lost during the tournament.
