The sport of cybersecurity

Cybersecurity is no longer just a problem for governments or tech firms — it has now reached U.S. professional sports leagues. Unfortunately, the leagues’ efforts to safeguard the integrity of their sporting competition from these threats have been relatively slow to develop. Rather than formulate leaguewide cybersecurity standards, U.S. leagues appear to largely defer to their teams to protect themselves from cyber intrusions. Meanwhile, the leagues have also failed to enact specific rules to deter teams from targeting one another in cyberattacks.

This article set to identify the numerous potential competition-related cybersecurity risks the four major U.S. professional sports leagues — Major League Baseball (MLB), the National Football League (NFL), National Basketball Association (NBA), and the National Hockey League (NHL) — currently face. The authors also propose ways in which the leagues can better protect the competitive integrity of their games.

U.S. professional sports teams have typically been quick to adopt emerging new technology, including everything from iPads to biometric-tracking wearable devices.

However, there are a variety of areas in which teams could potentially seek to obtain a competitive advantage through the manipulation of commonly used technology.

The most significant area of potential concern for professional sports leagues is likely to be ensuring the security of the technology, such as tablets, relied on by teams while competing on the playing field (or the ice) during the course of a game.

In addition to these technologies, teams also rely on a plethora of shared data off the field in order to formulate strategies for upcoming games, make player decisions, and analyze potential trades. Preserving the accuracy and reliability of this data is thus of increasingly critical importance for the sports industry. The leagues have recently begun to employ new technology to capture detailed data regarding the events that transpire on the playing field. Through the use of intricate camera and sensor systems, teams can now track and record every event that occurs during the course of a game.

In order to harness the increasingly large amounts of data that U.S. professional sports franchises are accumulating, most teams have built their own internal, proprietary database systems. These databases represent a potential goldmine of information, documenting most of a team’s current internal thinking. By acquiring access to a rival franchise’s proprietary database, a team could thus discover a plethora of valuable information.

Teams are also increasingly utilizing wearable fitness-tracking devices to monitor their players. Even though the use of biometric data in the sports industry is not new, nowadays emerging technologies enable teams to monitor their players in ever more detailed — and potentially invasive — ways.

Finally, legalized gambling could trigger a number of cybersecurity-related concerns for professional sports leagues as they will need to invest resources in detecting the potential fixing of matches.

The author concluded that a polycentric approach that includes franchise owners, players unions, and federal and state-level policymakers is essential for the adoption of cybersecurity standards.


Cite: Grow, N. & Shackelford, S. (2018). The Sport of Cybersecurity: How Professional Sports Leagues Can Better Protect the Competitive Integrity of Their Games. Boston College Law Review, 2020.