Super Bowl LX's Cyber Defense Playbook

When 70,000 fans file into Levi's Stadium in Santa Clara this Sunday for Super Bowl LX, they won't be thinking about cybersecurity. They'll be watching the game, uploading videos, and refreshing fantasy scores on their phones. Behind the scenes, a joint operations center staffed by NFL cybersecurity personnel, Cisco engineers, and stadium IT crews will be working to keep it all running—and to keep threat actors out.

The Super Bowl is classified as a Tier 1 event by U.S. federal agencies, putting it in the same category as presidential inaugurations and other high-value targets. That designation brings heavy security coordination: the FBI, CISA, ATF, U.S. Coast Guard, and Customs and Border Protection are all involved in the security operation. But the digital perimeter is just as critical as the physical one, and that's where Cisco's deployment comes in.

World's First Large-Scale Wi-Fi 7 in a Stadium

Levi's Stadium is the first venue to run Wi-Fi 7 at this scale. Cisco installed nearly 1,500 wireless access points using its fourth-generation high-density stadium technology, built around 6 GHz spectrum and what the company calls "hyper-directional" antenna design. The goal: give 65,000 spectators the same connectivity they'd get in their living rooms.

That's no small ask. NFL director of technology Anish Patel told Cisco Newsroom that fan data uploads at the Super Bowl have grown from roughly 300 GB in 2012 to more than 35 terabytes today. The stadium's infrastructure has to absorb all of that traffic while simultaneously supporting broadcast operations, digital signage—including the world's largest outdoor 4K video boards—sound systems, and a production backbone that runs through a brand-new Cisco data center.

"Every year we see more traffic, and that calls for more wireless network flexibility," said Matt Swartz, a Cisco distinguished engineer involved in the deployment.

The Cyber Command Center

For cybersecurity, the NFL stood up a dedicated cyber command center inside the stadium. George Griesler, the NFL's senior director of cybersecurity, described the setup to Network World: "We partnered with Cisco and essentially put Cisco in front of inbound and outbound traffic." That coverage extends across networks used by back-of-house vendors, NFL staff, stadium operations, and NFL game control.

The monitoring stack pulls from across Cisco's portfolio: Splunk for data analytics, ThousandEyes for network performance visibility, Talos Intelligence Group for threat feeds, Umbrella for DNS-layer security, Secure Firewall for perimeter defense, and Meraki for wireless management. This is the same Talos threat intelligence operation that tracks nation-state campaigns and zero-day exploits year-round—now focused on protecting a football game.

In the seven days leading up to the event, the numbers told the story: more than 27,000 active network clients, over 400,000 firewall connection attempts blocked, and 47,000 malicious DNS queries intercepted through Umbrella. The primary threats? Short-lived malicious domains, credential compromise attempts, and phishing campaigns abusing NFL branding.

AI Threats on the Radar

Costa Kladianos, EVP of technology for the San Francisco 49ers and Levi's Stadium, flagged artificial intelligence as an emerging concern. AI-generated phishing lures are harder to spot, and the volume of automated attack campaigns has risen. Cisco itself recently warned that organizations adopting AI tools too quickly often sacrifice security for convenience—a tension that applies just as much to stadium operations as enterprise IT.

Griesler put the stakes bluntly: "If a threat actor takes over a scoreboard or digital sign or PA system, we would have pandemonium and panic in the stadium." The proactive blocking approach—stopping threats before they reach critical systems like scoreboards and PA infrastructure—reflects lessons learned from previous Super Bowl deployments.

The Next Generation Gets Hands-On

Beyond the security operations, Cisco's Networking Academy (NetAcad) brought four San Jose State University students into the 10-day infrastructure build. Walter, Harold, Allyson, and Krishma worked alongside WBL Services engineers on switch deployment, fiber patching from Intermediate Distribution Frames to Main Distribution Frames, and access point installation. Kladianos himself is a NetAcad alumnus—a detail that connects the program's workforce pipeline directly to the team running the show.

This kind of hands-on training matters in a field where the cybersecurity workforce gap keeps widening. We've covered Cisco's broader push on AI readiness and network education initiatives in recent weeks, and the Super Bowl deployment shows how that investment translates to real-world operations.

Why This Matters Beyond Football

The Super Bowl is essentially a pop-up smart city—a massive, temporary deployment that compresses enterprise-scale network engineering, cybersecurity operations, and physical security into a single weekend. The technologies and coordination patterns tested here inform how stadiums, convention centers, and large venues handle security for the rest of the year.

With 400,000 blocked connection attempts in a single pre-game week, the threat volume confirms what security teams already know: high-profile events attract sustained, organized attack campaigns. For teams planning their own event security, the NFL's playbook—layered monitoring, proactive DNS blocking, and a unified platform approach—offers a practical reference point.

Kickoff is Sunday at 3:30 PM Pacific. The cyber command center will already be running.