2017 Security Innovation in U.S. Bank Stadium, Where Technology Is King
U.S. Bank Stadium is not just a location, but an epicenter of security technology, excitement and Minnesota pride.
All told, it might be the most-watched stadium construction project to date. Thanks to EarthCam, a provider of stadium construction cameras, more than 16.7 million people tracked the 32-month construction progress for Minnesota’s new fortress of football, the U.S. Bank Stadium.
EarthCam used live streaming video and time-lapse webcams that included the company’s 10-billion-pixel panoramic system, the GigapixelCam X10. The cameras were installed in sub-zero temperatures in order to capture the early morning deflation of the Metrodome, which can be viewed in a cinematic opening shot of a time-lapse movie that EarthCam’s editors created and produced.
The Minnesota Vikings had two important EarthCam milestones. EarthCam’s first GigapixelCam X10 was installed at the stadium to capture all the angles and details of the interior construction, creating a record-breaking 16-billion-pixel panorama. EarthCam’s new Hall of Fame – a custom Instagram-like feed that showcases jobsite images throughout the life of any project – was added to the Vikings’ website in order to generate buzz and encourage sharing on social media for an interactive fan experience.
From January 2014 to September 2016, more than one million high-definition images were captured of the construction process for the stadium. Views of the project were made available online on multiple websites and also through the Vikings mobile apps so fans could truly be a part of the experience. EarthCam’s time-lapse editors and producers pored over the catalog of photos and hand-edited them into a time-lapse movie.
And now that the stadium is open and fully functioning, Security magazine is honored to offer you a peek inside, to learn about the technology involved in operating the 66,200-seat stadium that’s located in downtown Minneapolis, Minnesota.
For example, U.S. Bank Stadium provides several unique features compared to all other NFL stadiums, including the largest transparent ethylene-tetraflouroethylene (ETFE) roof in the nation and five 95-feet high pivoting glass doors that open to a nearly three-acre plaza and the Minneapolis downtown skyline. While the stadium’s roof is fixed, the transparent ETFE and the nearly 200,000 square feet of glass throughout the building gives fans an outdoor feel in a climate-controlled environment. The LED lighting – the first of its kind in a new NFL stadium – can adjust color temperatures and turn off and on quickly to allow for unique pre-game and halftime entertainment and an enhanced viewing experience.
Also, Vikings fans are as close to the action as any NFL stadium, with seats just 41 feet from the sideline. Seven levels in the stadium, including two general admission concourses with 360-degree circulation and various views into the bowl, are connected via escalators, elevators, stairs and a continuous ramp. Two of the largest HD video boards in the NFL are located in both the east and west end zones, and approximately 2,000 HD flat screen televisions are placed throughout the stadium. Approximately 1,300 Wi-Fi access points allow stadium-wide internet access. There are wider concourses, more restrooms, increased and enhanced concessions, accessibility for fans with disabilities and space for pre-game events and activities. The stadium also includes Vikings history and memorabilia, a team store and a museum-quality art collection.
In addition to the expansive glass and the transparent ETFE roof, all of which allows natural light into the stadium, the Vikings have funded an upgrade to illuminate the field with high-performance LED stadium lights, making the U.S. Bank Stadium the first NFL stadium to utilize LED lighting from the onset. The LED lighting will provide a significant increase in illumination compared to traditional metal halide lights that have been common at stadiums for more than 30 years. LED lighting also provides natural and more uniform light, which improves the overall clarity of the playing surface, to create a better stage for players and fans, both in the stadium and those watching on high-definition television. The lights can be turned off and on quickly, allowing for unique entertainment opportunities during sporting event breaks. Last, the new LED system is also consistent with the stadium’s mission to be as environmentally-friendly and energy-efficient as possible. It is projected to consume 75-percent less energy as compared to a traditional metal halide system.
SMG is the new stadium operator. SMG has extensive experience in operating major sports venues, managing more than 200 facilities worldwide, including six NFL stadiums (Soldier Field in Chicago, Mercedes-Benz Superdome in New Orleans, NRG Stadium in Houston, Everbank Field in Jacksonville, University of Phoenix Stadium in Glendale, Arizona, and the U.S. Bank Stadium). SMG facilities have hosted nine Super Bowls over the years and will host back-to-back Super Bowls starting this year in Houston and Minneapolis in 2018. In January 2015, SMG hired Patrick Talty, who has previous stadium management experience, to serve as U.S. Bank Stadium’s general manager. Talty, with Billy Langenstein, Director of Event Services, are securing the stadium for fans, staff, players and visitors. According to Langenstein, the security approach is the same, whether the stadium hosts an NFL game or a music concert.
“Of course, for NFL games, we abide by NFL best practices,” Langenstein says. “But for all events, we employ practices such as a 100-foot perimeter, bag checking, walk-through magnetometers and more. Overall, we keep the practices the same, so that when fans come to the stadium, they know what to expect. Safety and security is the most important thing that we do, and we work very hard to achieve it.”
With regards to securing the stadium perimeter, Langenstein says that the stadium’s urban setting provides a challenge. “We’re space constrained,” he notes. “We don’t have huge parking lots where we can put up fences. Instead, we have to do temporary road closures to secure our perimeter. Yet, we are fortunate that we get to work with new security equipment to help us do our jobs.”
SMG has an on-going partnership with Parsons Technologies, which was responsible for the installation and commissioning of network infrastructure, Wi-Fi, distributed antenna, audio/visual, public address, broadcast and video production systems in addition to the video surveillance and access control systems. Stetson Nold, M.A., a Senior Systems Specialist with Parsons, says that they continue to provide support for all of these technologies that include access control by Lenel and video surveillance management by Avigilon with Avigilon, Samsung and Sony security cameras.
“One of the challenges with a project this size is providing the best technology and value for the budget,” says Nold, “so we looked for security partners that would adequately meet the design specifications, but also the design specifications and the requirements of the NFL, which requires very clear video footage of the entire bowl area of the stadium.” The stadium has 65 16-megapixel cameras that have high enough quality for an operator to read large text on a fan’s t-shirt or sign, he says. Outside the bowl (seating) area, meaning the stadium concourses, are 300 additional Samsung cameras. The security control room includes video feeds, weather stations and the monitoring of 365 stadium doors.
The entire security platform is scalable, Nold says, which is why these platforms are such a great fit. “Even the server architecture has been designed with room for expansion. And it has to be, he says. “As the stadium was built, we had to meet an excellent design specification by Elert and Associates, and as the doors opened we have continued to work to improve to meet the needs of how the stadium operates today. We predict even more growth and change as the stadium prepares to host the Super Bowl in 2018.”
While Parsons Technologies picked the exact security technology, Talty, Langenstein and Security Manager Marlon Gonzalez developed the plan for where cameras would ultimately be placed, how the central command rooms would operate and more. “We really took a deep dive into our video analytics,” Langenstein says. “The placement of the cameras were decided with Parsons Technologies, but we took it further in terms of how they were positioned and what we would see when we zoomed in on images, such as locker rooms, our concourses, the gates and exterior grounds.”
The result with the camera analytics is situational awareness: Langenstein and his team can investigate security incidents by analyzing motions that set off an alarm that is then investigated.
Adding to Nold’s comment about scalability of the security system, Langenstein says that license plate recognition may be implemented in the future, along with fire and heat sensors that are built into the cameras. He is exploring facial recognition cameras and drone technology. “For a major stadium, (these) may be beneficial down the road, but our mitigation is more about using bag checking and our magnetometers, for now,” he says. “But it will be interesting to see what happens with the industry over the next five to 10 years with regards to facial recognition. Our cameras on the stadium plaza are helping us with crowd control and identifying suspicious activity.”
With regards to the amount of technology employed at the stadium, Talty notes, “This is my second NFL facility that I’ve opened; the first was the University of Phoenix stadium. When we first opened that, we had a few computers in a command center, with one monitor to monitor all of the security cameras, a few phones, some radios and 12 televisions. Fast forward to today and we’re monitoring social media, our ticket scanners, the weather, incidents and using constant communications with iPads. So it’s been very interesting. Technology has gotten better and more effective, and people have figured out how to use it to its advantage. We do have a lot of the right technology. But we are always looking for new, something that helps build, enhance and most importantly support our program. I don’t think there was any technology that was left out [in the process]. I think it’s more of a situation that we’d like to have more of what we have, such as more security cameras, for example.”
Adds Langenstein: “Beyond the security technology, we are fortunate to have relationships with our public transportation, metro transit, law enforcement departments, Monterrey Security, Homeland Security and the FBI. The relationships we have with the city is so important, and that’s what’s helped us with successfully opening and currently operating the stadium. When we were putting together our security program, the coordination with all of our resources and relationships we have with our public safety teams and our partners has been the greatest success with where our program is today.”
Talty notes: “The Vikings team put a lot of care into the fan engagement, which includes ensuring their safety. They spent money on technologies, to ensure that security is robust. We are very lucky that the money was spent to give us the technology that we need to secure this facility.”
Mobile Security Predictions for 2017
Over the past few years, most businesses have seen an influx of various mobile devices and remote working solutions which were unimaginable a decade ago. However, 2017 may prove to hold the most dramatic shift toward complete mobile working environments we have seen to date. Instead of simply being an afterthought for IT departments, today we’re seeing a shift from mobile-first to mobile-only, as more and more mobile devices are being used in the workplace. And while mobile-only efforts initially focused on remote and field-based employees, it’s becoming a more realistic option for nearly all employees. Our smartphones keep us connected to our colleagues at all times, and we have access to information with the touch of our fingertips. This ability to be in constant contact with one another and easily collect information is allowing us to be more agile and efficient from anywhere and at any time, but is also bringing with it new data security challenges.
This increase in mobile devices being used to access corporate information means that the number of devices needing to be secured by an enterprise IT department has now doubled, or in some cases tripled. Advances in smartphone technology are also changing the equation. While smartphones were once seen as a less-functional but more convenient “companion” to an employee laptop, today’s smartphones are in many ways superior to their desktop or laptop counterparts, including HD cameras, GPS, accelerometers, and other sensors. This means there are even more endpoints for a cybercriminal to breach, all while hacking techniques are becoming more sophisticated and mobile malware more advanced.
These challenges are only going to grow as more businesses look to integrate mobile app experiences, which offer employees a more productive experience working through their mobile devices, but can also leave the enterprise vulnerable if not properly secured. According to a recent study by Lookout and Ponemon Institute, the economic risk of mobile data breaches can be as high as $26.4 million for the enterprise.
As we move from mobile-first to mobile-only, organizations need to think about security differently from a mobility standpoint. And while this is an overarching shift, there are some specific considerations for CSOs as we enter 2017:
The workplace becomes more remote. More employees are working from home or remotely more than ever before. More importantly, there is an increase of remote field and service workers who rely on technology to access company data and client information on-the-go from the device of their choice. For example, KVC Health Systems case workers rely on mobile devices to provide in-home support to the families and children they serve. As workers spend more time accessing sensitive data while serving their clients or out in the field, it’s important that this access is not only included in the security strategy, but that employees are encouraged to remain within simple security guidelines which have been developed with mobility in mind.
Geosecurity will go mainstream. Governmental security and privacy policies around the globe will put more attention on geosecurity, which is the concept of using geographical and time-dependent information as a factor in authentication. Organizations using geosecurity will be able to restrict and manage access to corporate information when workers are in areas where cellular or Wi-Fi signals may not be secure.
Security will need to account for the rise of mobile “citizen developers.” Demand for enterprise mobile apps continues to surge, and according to a Gartner report, enterprise mobile demand will outstrip IT’s capacity to deliver by a factor of five through 2018. Google just introduced App Maker to help non-technical professionals build mobile apps on top of Google G-Suite applications. These factors are important for CSOs to consider, due to the expense and scarcity of mobile design and development talent. Next year, low-code and no-code technology will pave the way for non-technical professionals to create production-ready mobile apps. With the development paradigm shifting, the security protocols and solutions enacted by CSOs and CISOs will have to shift to mirror this change.
Mobility efforts that sacrifice user experience for security will fail. A good user experience is essential to mobile app adoption. If security policy negatively impacts user experience, organizations will be disappointed to learn that they achieved security by delivering an app that no one will use.
There is no doubt that mobility has changed the way we work, and that employees are embracing the flexibility and added productivity these advances have provided. With the growth of mobility in the enterprise, it is clear that this shift to mobile-only will present challenges for IT teams. To keep pace with the industry, CSOs need to rethink their traditional security strategies and start thinking about mobile.
How Automation Technology is Solving the Security Staffing Shortage Issue
As cybersecurity incidents continue to increase in both complexity and frequency, businesses of every size in every industry and in just about every country across the globe are recognizing the glaring need for stronger defense strategies. The problem is, there simply aren’t enough talented IT security professionals to fulfill this growing need. In fact, a study by Intel Security and the Center for Strategic and International Studies (CSIS) revealed that 82 percent of IT decision makers report a shortage of cybersecurity skills.
And the problem goes well beyond simply not having enough people to handle the job. Cybersecurity incidents are wreaking havoc on these underprepared, under-protected organizations. The same Intel survey revealed that one in three respondents feel the shortage of skills makes their organizations more desirable targets for hackers. Furthermore, one in four say insufficient cybersecurity staff strength has damaged their organization’s reputation and led directly to the loss of proprietary data via a successful cyberattack.
So, what’s the solution? Are businesses simply stuck in limbo until enough up-and-coming IT security professionals with the adequate skillsets enter the market? And what about smaller companies that face the additional challenge of budgetary restraints? Are they just doomed to be a more likely target of cyber criminals because they can’t afford to pay top security talent? The good news is there is a solution. The better news is, it’s both cost-effective and available now.
IT automation can help companies of every size close the skills gap and remain a step ahead of potential security breaches. Whether it’s a small to mid-sized company struggling to afford an in-house IT team or an enterprise-level organization that has the means but lacks the talent, automation technology provides the ideal solution in just about any scenario. And because it’s both affordable and scalable, it also eliminates the need to outsource, which means the business is able to maintain greater control.
Rather than rounding up additional IT personnel to handle the incident response process, an automated playbook can be implemented in their place. Not only is this a more efficient and cost-effective business model, but it can also dramatically improve the level of protection for the company. The moment an alert occurs, the automated tool detects it. This alone is something that human workers simply cannot do as effectively on their own – especially in the case of larger enterprises that receive tens of thousands of alerts each and every day.
As anyone who is familiar with the incident response process will tell you, not every alert is indicative of a cyber-attack. To the contrary, the vast majority of them are either harmless or they’re simply not sophisticated enough to cause any real damage.
But what if, as your IT staff is relentlessly weeding through all the potential threats, the one incident that is truly dangerous slips through? This is exactly what happened in the case of the infamous Target breach that occurred a few years ago. It wasn’t that the company failed to monitor incidents, but rather that it didn’t have the appropriate tools in place to effectively pinpoint the ones that needed to be addressed. As a result, a real threat snuck in, and the rest is history.
This is another area where automated incident response technology can truly make the difference. Had Target (or most of the hundreds of other organizations in the news due to a breach) employed automation as part of their incident response strategy, the threat in question would have been identified and addressed right away – before millions of customers had their personal information compromised.
More importantly, Target’s breach demonstrated that adequate cyber security isn’t dependent on the number of IT employees on your payroll. It’s about having the right tools and technology in place to support and enable existing staff (regardless of size) to do their jobs more effectively.
With advanced automation software, the entire incident response strategy can be run like a well-oiled machine, whether there are 100 IT workers or three. While the technology behind automated incident response is complex, the way it works is relatively simple and straightforward. The moment an alert arises, the system detects and assesses it for legitimacy and severity. Actual threats are then prioritized and the appropriate steps are initiated to address the situation. If the incident can be resolved automatically, it will – without the need for any human input. If escalation is required, the appropriate party will be notified accordingly.
There are a variety of ways an automated incident response playbook can be built and deployed, and they are both customizable and scalable. In most cases, playbooks are developed based on real-life scenarios and actual use cases, which helps to make them more effective in detecting and resolving legitimate incidents in a timely manner.
Additionally, most advanced automated tools have the capability to integrate seamlessly with existing monitoring systems, programs and applications, thereby extending and improving the level of defense against potential cyber-attacks. Last, automated IR helps to dramatically reduce mean time to resolution (MTTR) from weeks and days to hours and sometimes even minutes. That means if an incident does happen to slip by, it can be isolated and nullified before it has time to wreak havoc.
2017 Enterprise Security Predictions
1) Demand will actually exceed supply for premium security services.
“Building staff, processes and facilities to deliver premium security services is quite challenging at this time of continued security skills shortages and, for many vendors and service providers, negative operating margins; TBR believes many firms will need about 18 months to develop a baseline set of premium security service offerings. Enterprises cannot afford to wait, however.”
2) IT security innovation will slow in the U.S. under the Trump administration.
“Security vendors are likely to face more government scrutiny and receive more court orders to open doors or turn over consumer and business customer data to federal agencies during the Trump administration….Trust between security vendors, federal agencies and the executive branch will be eroded.”
3) Organizations will shift their security spending from detecting attacks to right-of-boom attack response.
“Enterprises have deployed a range of threat prevention and detection processes and solutions, and their efforts have been rewarded with reductions in some types of attacks. But attackers are prevailing by using evasive techniques and launching new attacks methods, resulting in more costly damages and disruptions for customer organizations. TBR notes enterprises are becoming increasingly resigned to the inevitability of successful attacks levied against their organizations. They are shifting their focus to post-attack strategies, preparing for right of boom.”