Cybersecurity experts are taking advantage of the Summer Games in Rio de Janeiro to explore ways that intelligence gathering strategies, used for decades by the federal government, can work for the sports community.
The Cyber Resilience Institute has teamed up with the Colorado Army National Guard and a host of cybersecurity companies to conduct a trial run of the first "information sharing and analysis organization," or ISAO, for the professional sports industry.
"The notion is that if you share cyber threat information, you can break the cycle of attack, because other parties can prepare their defenses before the attack," said Doug DePeppe, founder of the Cyber Resilience Institute in Colorado Springs. "You've got to know what the adversary is doing, because they can circumvent any control. The internet is not secure, period."
ISAOs, which joined the intelligence-gathering world stage about a year ago, are public-private partnerships that mirror the structure of similar entities used by the Department of Homeland Security to identify security threats.
Stakeholders - which could be private companies, nonprofits, government agencies or a combination - hire ISAOs to detect and respond to virtual threats before they become reality. Threats might include a harmful digital virus, a hacker trying to access a social media account, or even an encrypted file containing information about a physical threat that has been encoded to be indecipherable to the public.
"Our strategy for starting up the sports ISAO is consistent with a lot of success in other sectors of leveraging sport and the interest in sport as a vehicle for social change," DePeppe said.
In addition to representatives from the National Guard's Defensive Cyber Operations Element and the Cyber Resilience Institute, the ISAO will include student interns from Cheyenne Mountain High School, Air Academy High School and Mercyhurst University's Ridge College of Intelligence Studies and Applied Sciences in Pennsylvania.
Other partners in this phase of development include FireEye, Intel Corp. and 12 other cybersecurity companies that will offer specialists or tools such as lists of known malware and searchable databases useful for detecting security threats.
Participants will develop a proof of concept for the ISAO in August, supporting stakeholders and athletes in the Olympic Games by passing on information about possible cyber threats to prove that standard ISAO intelligence gathering can be beneficial in the sports industry. The effort will be based at the Colorado National Guard's Northern Colorado Readiness Center in Colorado Springs.
DePeppe and others will present the results at a two-day conference about public and private partnerships that will be held in Colorado Springs at the end of August by the Department of Homeland Security and U.S. Northern Command.
The hope is that the ISAO, which officials are calling the Cyber-Bucket Brigade for the sports world, can become a legitimate organization, based in Colorado Springs, that offers its intelligence-gathering services to professional sports teams across the country.
"All these sports teams have a huge investment in data and IT and technology and cyber in general. If they're not careful, things can happen," said Lt. Col. Brad E. Rhodes, chief of the cyber operations element. "How many times have we seen (cyber security) breaches across other industries? It's probably only a matter of time before we see something like that in sports."
Altogether, more than 40 people will be working at the readiness center during the Olympics to identify and research potential threats, determine the level of harm or consequence associated with the threat, and decide whether the threat should be reported to a stakeholder or law enforcement entity.
Participants from the National Guard's cyber operations element will focus on providing background and advice on handling the threats, and student interns will spend much of their time gathering information on possible threats and writing intelligence reports. Analysts and managers will work to determine threat levels. In some cases, Cyber Resilience Institute officials might refer information to the FBI or Homeland Security.
"This whole information sharing environment - the ISAO movement, what we're doing, adopting military intelligence approaches - is consistent with the state of the practice," DePeppe said. "Now, we are not waiting to be attacked and responding; we are detecting threats through internal searches and external searches. That's the way you have to do it."
Contact Rachel Riley: 636-0108