NFL Tackles Cybersecurity Challenges for Super Bowl LIX with AI and Advanced Technology

Preparing for the Super Bowl requires defense to be played off the field - SiliconANGLE

Preparing for the Super Bowl requires defense to be played off the field The Kansas City Chiefs and Philadelphia Eagles have almost two weeks to develop a game plan for Super Bowl LIX in New Orleans Sunday, Feb. 9, but the technology team starts well before that. In fact, the planning and strategy for the next championship game -- Super Bowl LX, which will be held in Levi's Stadium in Santa Clara in February 2026 -- are well underway. Too early, you say? Well, it's premature for the teams that hope to play in the game to make travel plans, but it's a very different story for the information technology and cybersecurity professionals from the NFL and the San Francisco 49ers, the team that plays its home games at Levi's Stadium (pictured). A recent LinkedIn event by Cisco Systems Inc., one of the key providers of the Levi's Stadium network, featured an in-depth discussion of how much planning, effort and technology goes into providing fast, secure connectivity for the teams, broadcasters, vendors and, of course, the fans who will pack the stadium along with their tens of thousands of mobile devices. Aaron Amendolia, the NFL's deputy chief information officer, has worked for the league for 21 seasons. He leads the NFL's innovation team and oversees event technology and infrastructure. This year's Super Bowl in New Orleans will be Amendolia's 18, more than even the GOAT himself, Tom Brady. He and his team will be busy with the 2025 game, and they're already immersed in work for next year. Costa Kladianos is the 49ers' executive vice president and head of technology. He and his team handle tech for all home games, any postseason games the Niners host and numerous other events at the 68,500-seat stadium. After Super Bowl LX, another big job on his plate will be a different type of football: FIFA World Cup soccer games, some of which will be held at Levi's Stadium. "You start to think about all the connectivity needed for the Super Bowl," Amendolia said. "All the devices that come into a stadium on game day and all the buildout around that. We met with Costa's team to talk about preparation for LX." And on game day, he added, "we're planning for over 150,000 to 200,000 devices entering this building. But it's not just about game days, but all the preparation around it. We have many partners, broadcasters, vendors, a diverse group of technology showing up, connecting to the network, and doing everything you need to deliver the games." I've interviewed many stadium CIOs, and Amendolia's comments echo those of others, saying that the network is critical to every aspect of holding a game. Last year, I talked with a sports CIO who mentioned how a situation took the network down. He explained how he wasn't sure it would be up by the game and had to explain to the owners that a game could not occur without a network. Security systems, ticketing, point-of-sale, medical services and other critical services run on the network. The good news is the network did come back up in time, and the scare enabled the team to build a redundant data center. But this is the challenge that all stadium's CIOs face and it's magnified exponentially in a high-profile game, like the Super Bowl. Wi-Fi plays a massive role in overall stadium connectivity, according to Kladianos. It's about much more than fans logging in with their cell phones. "Wi-Fi is table stakes right now," he explained. "Everybody's bringing their device, everybody's sharing the great time they're having at the event, but it's also what all our backend technology, including point-of-sale systems, runs on. We love to run on Wi-Fi because it just makes us flexible. We can quickly move a sales system, our point of sale outwards. We can get into the lines and go to the in-seat service. It gives us that flexibility to what we want, especially around the gates, getting people through the gates quicker, checking their tickets." "AI requires a lot of bandwidth and processing power, and that has to go through the Wi-Fi in the stadium," Kladianos said. "That becomes super-important as we go there because we want fans not to realize the experience they're having in the Wi-Fi. We want them to know that it works. We currently have 1,200 access points throughout the stadium, and we're looking to expand that as we head to 2026 to ensure that everyone has the same great experience they have everywhere else." Managing all the devices that require Wi-Fi access is extremely challenging, according to Kladianos. "Even with your best analyst, you need technology and tools to correlate those events," he said. "AI is really where we're looking. Indeed, he added, "we're going to validate which AI solution is going to return the best results. It's exciting because you must correlate against something unique to sports. The sensors we have on the field with the players, the cameras we have doing optical tracking, our broadcast cameras capturing and getting that live event out to the points of sale, and the fan devices create a unique environment." "We look at AI as an opportunity, and we know with opportunities, there's also the other side of the coin, which is threats," Kladianos explained. "You want to be ahead of the game. So, with our partner Cisco, we're putting in the latest and greatest monitoring solutions and everything they offer on the security side, on our firewalls, using threat intelligence." Moreover, he added, the team can take all its data, all its logs on the back end, and quickly use AI to summarize threats, because AI can do it a lot faster. "I have analysts in the group, so that's really going to help us. In terms of other innovations in the stadium, our strategy for AI is the intelligent stadium," he said. "We want to see how AI can enable everything we do to engage our fans." Few events are as closely watched as the Super Bowl. The 2024 game had more than 123 million viewers in the United States, and the NFL continues attracting new fans worldwide. That growing focus makes each Super Bowl a top-level Homeland Security concern on par with a presidential inauguration. "Obviously, Super Bowl is a high-profile event, but also a high-value target for adversaries," said Amendolia. "Our cybersecurity team, our CISO, they're making sure that we implement AI responsibly, so we're not causing any vulnerabilities ourselves, and we understand what's going on in the outside world. It's a lot of education and putting the right tools in place, but also communication with our partners. You think of all the different organizations from across the world, international broadcasters, domestic broadcasters, and digital experiences that come to the Super Bowl; you're now bringing a whole ecosystem trying to get out their content around this live event with all the tools they bring in." Added Kladianos: "We have a full security operation center. We work closely with the NFL, local security agencies, the FBI and local police. We run different technology in terms of our high-definition camera systems using IP on the back end running through that network, making it super-important to have that low latency. These cameras are not just cameras; now, they're analyzing super HD and super zoom. Using some of the AIs and the cameras, you can spot potential threats before they happen." Amendolia said his cyber team is using logging tools such as Splunk's to bring everything to one place, as well as Cisco's suite of security tools. He cited some stats: "350,000 connections blocked to malicious and blacklisted sites. 39,000 intelligence services detected and dealt with. 1,600 intrusion attempts foiled. Those are just the years we've worked with Cisco at the Super Bowl. These distinct things keep incrementally increasing. The target is there." Though this is a sports-related story, the lessons learned can be applied to companies in all industries. A recent ZK Research/theCUBE Research survey found that 93% of respondents believe the network to be more critical to business operations than it was two years ago. However, I find that with most companies, the network does not get the same level of C-level interest as the cloud or compute platforms, but the reality is that the network is the business for most companies. Ensuring a secure, rock-solid network is crucial to business operations in all industries.

Super Bowl LIX cybersecurity playbook: How the NFL's CISO fights AI threats and digital attacks

Defending Super Bowl LIX and all high-profile National Football League (NFL) events from adversarial attacks that potentially include weaponized AI, endpoint attacks, deepfakes, and finely tuned social engineering skills requires experienced, battle-tested capabilities and solid leadership. Tomás Maldonado, the NFL's Chief Information Security Officer (CISO), is up for the challenge. Under his direction, the league's cybersecurity team safeguards 32 franchises, 30 stadiums, and marquee events, including Super Bowl LIX. Beyond the field, Maldonado's group secures related business ventures owned by NFL stakeholders -- protecting fan safety, ensuring in-game continuity and keeping the NFL's brand uncompromised. Maldonado brings more than 23 years of experience. He served as CISO at International Flavors & Fragrances, held an Executive Director/CISO role at JPMorgan Chase's corporate sector, worked as Vice President of Technology Risk Management at Goldman Sachs and was a Network Security Officer at Schroders. He credits this range of roles for building his "battle-tested" capabilities. In a recent discussion with VentureBeat, Maldonado outlined how the NFL integrates cyber and physical security, collaborating with agencies such as the FBI and Secret Service for SEAR 1-designated national special security events like Super Bowl LIX. While the NFL's scale is immense, he believes its methods can guide any security leader. Top 10 strategies from the NFL's cybersecurity playbook Below are ten strategies he and his team follow, applicable to organizations of all sizes. Major NFL events, including Super Bowl LIX, require security planning 12 to 18 months in advance. The league partners with federal agencies, local law enforcement and technology providers long before game day. "We treat it like a complex puzzle," Maldonado says. "When it's all said and done, it should be boring from a cyber standpoint but exciting on the field." During the offseason, his team conducts tabletop exercises to define each stakeholder's crisis role. By building tight coordination early, the NFL can swiftly scale defensive measures once the season starts or as the Super Bowl nears. Confidentiality, integrity and availability (CIA) form the NFL's foundation, but Maldonado's team adjusts priorities. Ticketing data and credentials need strong confidentiality and integrity leading up to a major game. "Right before the game, fans need secure tickets that aren't duplicated," Maldonado notes. Once the game begins, the availability aspect of the NFL's CIA triad strategy dominates. Stadium operations, broadcast feeds and streaming services must stay online so fans can watch without interruption. This flexibility helps the NFL adapt to changing conditions. Digital breaches can have physical consequences. A hacked scoreboard, compromised elevator or targeted social media threat may cause chaos in a packed venue. "A cyber incident could trickle down into health and safety issues," Maldonado says. He works closely with the NFL's physical security department, safeguarding stadium infrastructure from video boards to escalators. Other industries should similarly view cyber and physical security as one continuum. The NFL brings together 32 franchises, numerous agencies and diverse business interests. Maldonado underscores that patient communication fosters trust. "Because we're all focused on fan safety and a smooth event, we almost immediately find common ground," he says. He tailors his message for owners, local officials and federal agencies, highlighting how cybersecurity benefits business continuity and fan experiences alike. During games, Maldonado's team continuously monitors network traffic, ticketing systems and social platforms. They act quickly on suspicious indicators. "It's almost like we're playing a game with adversaries while the real game is on the field," Maldonado explains. "We definitely lean on our partners, specifically Cisco, to help us get that intelligence information, get that real-time data around what we're seeing and those threats we're facing so that we can pivot and make those decisions around blocking or tackling, or delaying appropriately, but with credible information at the time when we need it," Maldonado added. NFL security aims to remain invisible unless necessary. Minimal checkpoints and streamlined ticketing help fans move freely. "We introduce friction where it's necessary," Maldonado says. "You can't eliminate it all, but we try to keep the fan experience smooth." Monitoring runs in the background, surfacing overt measures only when alerts spike. Fan data is also protected, keeping everyday transactions hassle-free. With staff devices and venue networks in play, the NFL faces vast attack surfaces. Maldonado's team manages risks by focusing on critical assets as events approach. "We're very focused on critical assets as game day nears," he says. Ticketing systems and broadcast feeds typically receive extra protection first, minimizing downtime -- especially important for the Super Bowl's massive global audience. The NFL's operations span continents. Games in Europe or Mexico -- and sudden pivots like an entirely virtual draft -- demand flexibility. "Whether we're in Europe or playing in Mexico, we make sure our security standards don't drop," Maldonado says. His team navigates local regulations, foreign ISPs and unexpected challenges, underscoring the importance of processes that quickly adapt to new threats or protocols. Maldonado sees AI as central to the NFL's future. AI accelerates incident response, pieces together scattered data and spots anomalies at scale. "These technologies challenge our controls but also give us new opportunities," he says. AI-driven automation can lighten the load for analysts, reduce reaction times and improve both security and fan engagement. Other organizations can benefit from similar initiatives. No two NFL events are the same, so Maldonado's team learns from each one. After-action reviews identify missed threats or areas to refine, feeding improvements into future playbooks. "We do so many tabletop exercises that, when something does happen, we already have a plan," Maldonado says. Regular briefings keep owners and executives engaged, reinforcing a shared focus on emerging risks. This cycle helps the league adapt quickly to a fluid threat environment. Inside the Super Bowl security mindset "Because we're all focused on the same objective -- fan safety and a great event -- the coordination is almost immediate," Maldonado says. Months of scenario planning ensure each stakeholder knows their role under pressure. On game day, availability is paramount -- network failures aren't an option with millions of viewers watching. Confidentiality and integrity also remain crucial, protecting tickets, credentials and sensitive communication. If everything appears smooth, it usually means security teams have neutralized threats quietly. Maldonado values "invisibility": fans should never feel the tension of behind-the-scenes defense. The high-stakes challenge of game day defense Securing the Super Bowl can feel like playing two games at once: the famous one on the field and a defensive cyber contest behind the scenes. "There are rules for football," Maldonado notes, "but in cybersecurity, we push boundaries. We don't play fair with adversaries." His team distinguishes benign anomalies from real attacks in minutes or seconds. Real-time intelligence from partners like Cisco guides swift decisions -- blocking malicious traffic or isolating compromised systems on the spot. Looking ahead: AI, new threats and championship-level execution Maldonado expects threats to keep evolving. AI-powered attacks, deepfakes, and ingenious social engineering could target players, coaches, or league infrastructure. A single deepfake might erode trust or disrupt operations. "We see these as opportunities to grow," he says. By refining its dynamic CIA approach, forging strong alliances and preserving risk-based prioritization, the NFL readies itself for emerging threats. Maldonado views AI and automation as force multipliers for detecting intrusions and managing them in real-time. These methods also apply to smaller NFL events or local fan meetups. Different cities bring unique regulations, but the fundamentals -- preparation, collaboration, agility -- remain the same. Conclusion: A Playbook for Any Sector Robust cybersecurity often goes unnoticed. "When our security is invisible," Maldonado says, "that's a win -- because fans can simply enjoy the game." Behind the scenes, the NFL's security framework continually monitors threats and works with law enforcement to stay flexible. Leaders elsewhere can learn from this: plan early, unite key players and refine defenses constantly. As cyber and physical realms merge, speed, coordination and foresight become vital. "I spent a lot of time with our good partners at Cisco to design the solution that we have for the big event. Now we've also modeled that for our international games, and we're starting to move that internationally as well. That resilience piece I talk about-cybersecurity has moved past the standard 'No.' Blocking everything is unrealistic. You need to be resilient," advises Maldonado. By merging technology, physical oversight and human vigilance, the NFL stays a step ahead of those eyeing its "digital end zones." Maldonado's approach -- long-range planning, real-time awareness, agile partnerships and relentless learning -- is a model any organization can follow. Whether you're safeguarding data centers, global events or local gatherings, the strategy is the same: protect core assets, practice constantly and never get complacent. When security remains behind the curtain, it reflects steadfast leadership, skilled teams and ceaseless diligence -- the same qualities Maldonado brings to the NFL's dynamic digital battlefield.