Posted on September 12, 2017 by staff

FA increases cyber security over World Cup concerns


The Football Association is increasing cyber security ahead of next summer’s World Cup due to hacking concerns.

The governing body is concerned that sensitive information such as injury, squad selection and tactical details could be exposed during the tournament in Russia.

The advice is understood to have been put into action by the FA already, but worries over data theft have increased following last month’s Fancy Bears hack regarding the use of banned medicines in football.

The hacking group claimed the information showed that 160 players had failed drugs tests in 2015, with the number rising to 200 the following year.

The FA has written to Fifa with its concerns about IT security, and is thought to be particularly concerned about the leaking of its own correspondence with the governing body.

An email from FA head of integrity Jenni Kennedy, which revealed details regarding four anti-doping cases in May 2017, was released in the August hack.

In response to the FA’s letter, a Fifa spokesman said: “Fifa has informed the FA that [it] remains committed to preventing security attacks in general and that, with respect to the Fancy Bears attack in particular, it is presently investigating the incident to ascertain whether Fifa’s infrastructure was compromised.

“Such investigation is still ongoing. For the purposes of computer security in general, Fifa is itself relying on expert advice from third parties.

“It is for this reason that Fifa cannot and does not provide any computer security advice to third parties.”

Bryan Campbell, senior security researcher at Fujitsu UK & Ireland believes that the cyber security lessons learned from the World Cup can be put in place for any business.

“The steps taken by the FA to strengthen its cybersecurity ahead of the 2018 World Cup are equally simple and effective,” he said.

“It’s been known that hackers can exploit Wi-Fi connections to compromise or steal user data, and consumers have been warned on numerous occasions not to access unknown Wi-Fi sources.

“Now that the FA will provide its own internet access and staff and players have been asked not to use Wi-Fi in hotels or cafes, hopefully we can see the general public become more aware of this danger and avoid putting their data at risk.

“The FA also advised players to think twice before posting anything on social media, such as photos that can reveal details of their location or personal information, and this should apply to all internet users. The greatest defences are often the least exciting, and consist of doing the basic IT housekeeping well.

“These efforts should not be limited to one country, and instead have to become a regular occurrence for organisations of every size, and in every industry.

“Using the analogy of the World Cup, the same way training becomes a lifestyle and does not begin only after the team has arrived at the tournament, security surrounding operational and technical standards should be well practised before cybercriminal strike next time.

“To prepare for a potential attack, it is vital organisations move to a proactive approach focusing on the integration of threat intelligence and other information sources to provide the context necessary to deal with today’s advanced cyber threats.

“Implementing a strong security education programme underpinned by a robust security framework will allow companies to get on the front foot in combating these types of threats.

“It would also be great to see more companies work together to raise awareness about these easy steps we all can take to protect ourselves online.

“Security is a non-competitive issue, and a team game not an individual sport.”

England, who is top of their World Cup qualifying group, will confirm their place in Russia with victory against Slovenia at Wembley in their next qualifier on 5 October.

FA officials are understood to be increasingly concerned about IT security in Russia, and have been boosting cyber counter-measures.

Practical measure have seen the governing body strengthen online firewalls and introduce encrypted passwords for websites and devices.Players are also expected to be reminded of existing guidelines relating to their use of social media.