World Cup Ratings a Sign of Patriotism, Not Soccer’s Rising Star

Team USA Fans Show Their Spirit

American fans before the US-Algeria match in the 2010 World Cup. June 23rd, 2010 (U.S. Department of State/Wikimedia Commons)

Every four years during the World Cup, the US press fixates collectively on the “will it/won’t it” question of soccer’s future. Each World Cup seems to bring higher TV ratings and more water cooler conversations than the last. Soccer optimists, imbued with fresh hope by scenes of fervent US supporters with painted faces and patriotic apparel, proclaim that soccer is here to stay in America.

Now that the US out of the 2014 World Cup after a 2-1 loss to Belgium, will this year be any different? Have the past few weeks been a sign that soccer will someday find a home as a mainstay of US sports, or are they just part of the same ebb-and-flow pattern that we see every four years?

First, a by-the-numbers look at this year’s World Cup viewership in the US.  According to Variety, the US-Portugal game drew 18.20 million viewers on ESPN; the US-Belgium game drew 16.49 million. Those two games were the two most watched US World Cup telecasts in American history. Through the Round of 16, ESPN and ABC averaged 4.08 million viewers – a record audience for the World Cup, up 44% from 2010 and 122% from 2006. According to the New York Post, WatchESPN (ESPN’s online viewing service) attracted an average audience of 1.1 million viewers per minute during this World Cup.

These numbers are to be expected. Aside from reasons related to the sport itself, this year’s record numbers likely have several major contributing factors.  According to the World Bank, the number of internet users in the US grew by 10.1 million from 2012 to 2013. According to comScore, the number of smartphone users in the US grew 7% from October 2013 to January 2014. Twitter’s userbase alone grew from 183 million at the end of 2013 to an estimated 227 million at the end of 2014 (estimated by CNET). The World Bank pegs the annual growth rate of the US population at 0.74% per year.

These greater numbers of internet users, smartphone users, and social media users mean that more people will hear about the World Cup and share news with their friends by roughly an order of magnitude more than they did during the previous World Cup. I am not making any statistical conclusions here, but I do think it’s fair to say that articles and opinions proclaiming soccer’s inevitable destiny as a major US sport need to be taken with a grain of salt if they tout World Cup viewing statistics as conclusive evidence.

Furthermore, the World Cup takes place during a dry period for other US sports. The NFL is at its least interesting (long past the conclusion of the postseason and about a month past the draft), the NBA has also put its postseason and draft in the rearview mirror, the drama of the NHL Stanley Cup has ended, and the Olympics is long over. The only major competing sport is MLB baseball, which is in the midst of its regular season. Additionally, summer brings a dearth of active TV shows, meaning that Americans have even less to watch.

What about factors related to soccer itself? Are Americans growing more accepting of a sport fundamentally different from the ones it already treasures? This question is tough to answer. Other than a few minor rule changes, soccer is the same as it was four years ago. All of the reasons provided by soccer critics as to why the sport will not catch on in the US (infrequent scoring, too many fake injuries, overly subjective officiating, and lack of sudden death overtime) are just as valid or invalid as they were four years ago. Shifting American sentiment toward soccer would be a result of externalities, and that discussion is best left for another time.

Perhaps one reason is a lack of initiative by the MLS. Recent years have seen the league take an aggressive approach to bolstering soccer’s popularity. According to The Economist, although average MLS attendance per game is down from 2013, it surpassed both the NBA and NHL with 18,600 spectators per match (although both of those leagues play considerably more games per season, making each game less appealing as an excursion). According to Forbes, the average MLS franchise is now worth $103 million, up more than 175% over the past five years. The league had 13 clubs in 2007 and will have 21 by next year. This year’s US World Cup team had ten players from the MLS compared to just four in 2010. Finally, the MLS signed a new eight-year deal worth an estimated $90 million per season that will result in more of its games being broadcast on more TV channels.

My theory is that Americans simply enjoy coming together to celebrate our national pride. Other than the Olympics, no major sporting events have the ability to unite entire countries in support of the same team. Take the support of the Iranian national team this year as an example. Following the 1979 Islamic Revolution, the Iranian government banned women from entering most sporting events because they deemed the enjoyment of sports by mixed crowds un-Islamic. This year, according to CNN, Tehran’s billboards advertising the World Cup featured only men, and state TV stations used a delay of several seconds to censor images of racy female fans so that viewers at home wouldn’t learn to accept mixed crowds. Nonetheless, some restaurants in Iran defied a national ban on broadcasting the World Cup this year, and men and women enjoyed the games together in public. Does this increased support from the female population indicate that soccer is growing in popularity in Iran? No – it shows that the Iranian people, this year more than ever, are eager to show their nationalism and support gender equality as a reaction to recent actions by the government.

Along the same lines, an ineffective Congress, an inconsistent Supreme Court, and an unpopular president have given US fans an increased longing to show their nationalism in 2014. Most notably, a volatile balance of power on the world stage has left Americans in uncertain territory. Both Russia’s aggression against Ukraine and ISIS’s first steps toward forging an Islamic state in the Middle East this year have spurred a growing national desire to display a uniquely American style of patriotism. Especially in the context of the World Cup, with competition unfolding at an international scale, patriotism is linked more to foreign policy than it is to domestic issues.

Perhaps the recent changes rolled out by the MLS are making a greater immediate impact on soccer than I’m giving them credit for, but I believe that the outpouring of US support for the Men’s National Team this year was more a result of our desire to be patriotic than it was a precursor to soccer’s rise to American prominence. Now more than ever, Americans are eager to come together and celebrate their national pride.

The views expressed by the author do not necessarily reflect those of the Glimpse from the Globe staff, editors, or governors.

Defense in the Information Age

US cybersecurity strategy faces an uncertain future in Washington while the private sector bolsters its ability to respond to cyber attacks

Monitoring a simulated test at Central Control Facility at Eglin Air Force Base (080416-F-5297K-101)

U.S. Air Force officers monitor a simulated test April 16 in the Central Control Facility at Eglin Air Force Base, Fla. They use the Central Control Facility to oversee electronic warfare mission data flight testing. April 16, 2008 (U.S. Air Force photo/Capt. Carrie Kessler/Wikimedia Commons)

In July 2011, the Department of Defense (DoD) issued a five-point strategic initiative, the first of which designated cyberspace as the fifth domain of warfare, joining land, air, sea and space.1 Recent events such as Target’s security breach, which resulted in the compromise of the personal data of over 70 million consumers and the resignation of CEO Gregg Steinhafel, highlight the vulnerabilities of even the largest, and supposedly best-defended, enterprises.

Cyber warfare, defined as espionage or sabotage conducted through politically motivated hacking, has existed as long as networked devices. In 1998, US officials discovered systematic unauthorized access to sensitive data at NASA, the Department of Energy, private research labs, and the Pentagon. The DoD traced the attacks to a mainframe computer in the former Soviet Union, although Moscow to this day denies any involvement.2 In 2003, cyber attackers gained access to the networks of several major US defense contractors, including Lockheed Martin.3 The SANS Institute, a US security company, determined two years later that the attacks were “most likely the result of Chinese military hackers attempting to gather information on U.S. systems.” In the decade since these two milestone incidents, known by their codenames Moonlight Maze and Titan Rain, networked systems have experienced order-of-magnitude growth. Over 80,000 pieces of malware are reported daily in the United States.4 Despite the best efforts of financial institutions and large corporations, defending against cyber warfare has never been so difficult.

Recent events have revealed that cyber attacks can come from various sources, including national governments, militaries, organized crime, or individuals. In March 2014, a group of unknown hackers installed a malicious piece of software in Target’s security and payments system designed to siphon customer to a remote server. Over the course of two weeks, the hackers obtained 40 million credit card numbers and 70 million addresses, phone numbers, and other pieces of personal information that Target had been trusted by its customers to protect.5 Just a few days later, the tech world was rocked by the discovery of the Heartbleed Bug, an accidental mistake in the coding of the OpenSSL cryptography library – part of the backbone of the Internet. In this case, a concerned citizen reported the vulnerability; had it been exploited, an attacker could theoretically have decrypted the web traffic on 20% of the world’s servers.6

If cybersecurity was not in the national spotlight already, then these two events certainly pushed it in. The Pew Research Center reported that 39% of Internet users surveyed either changed at least one account password or shut down at least one online account to protect personal data as a result of Heartbleed media coverage.7

The private sector was similarly quick to respond. On May 9, General Electric (GE) announced its acquisition of the privately held company Wurldtech, a Vancouver-based leader in cybersecurity solutions for oil refineries and power grids.8 On May 14, Gap, JC Penney, Lowe’s, Nike, Safeway, and Walgreen’s partnered with a large group of other retailers (including Target) to launch the Retail Industry Leaders Association (RILA), an independent organization combining the cybersecurity efforts of private retailers with those of the Department of Homeland Security.9 Finally, private firms funded this year’s United States Cybercrime Conference – an annual gathering of hundreds of private-sector administrators and CISOs (Chief Information Security Officers) – instead of the DoD as is typical.10

There is little argument in Washington with the opinion that the government must now protect public infrastructure and sensitive national data at all cost. Homeland Security, in its 2013 year-end report, stated that it responded to 256 cyber invasion incidents last year, 151 of which occurred in the energy sector.11 The thought of hackers compromising energy grids, or troop configurations and weapon designs falling into the hands of a foreign military, is chilling. A repeat of Moonlight Maze or Titan Rain in 2014 could compromise America’s position in a number of domestic and international affairs.

But the rapid emergence of cyber threats elicits two difficult questions. One, what should be the role of the government in protecting private sector institutions against cyber attacks? Two, how will voters and policymakers balance the need for cybersecurity with their desire for online privacy?

In a 2009 speech, President Obama declared that the “cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America’s economic prosperity in the 21st century will depend on cybersecurity.”12 He commissioned a comprehensive review (entitled “Cyberspace Policy Review”) of the US government’s ability to defend information and communication infrastructure. The resulting report outlined a ten-point plan designed to accomplish two objectives: improving US resilience to cyber incidents and reducing the general threat of cyber attacks.13 The ten-point plan, like the two objectives it was supposed to accomplish, was vague and largely procedural. Its scope was limited to the appointment of officials, the creation of preparedness plans, the promotion of national awareness, and the creation of new international relationships.

In February 2013, the President urged Congress to pass a more comprehensive and action-oriented plan named the Cyber Intelligence Sharing and Protection Act (CISPA). CISPA’s aim is to help the US government investigate cyber threats and ensure the security of networks against attacks.14 Introduced in 2012, the bill has twice passed the House and twice failed to pass the Senate due to concerns over a lack of civil liberties safeguards. Dozens of Internet privacy activist organizations have decried the bill for its failure to provide specificity on when and how the government can monitor an individual’s browsing history. Ron Paul (R-TX) labeled the bill “Big Brother writ large.”15

Recent reports from Capitol Hill suggest that Intelligence Committee Chair Dianne Feinstein (D-CA) and Ranking Member Saxby Chambliss (R-GA) have drafted a new piece of cybersecurity legislation currently being circulated for comment. Yet, the stated aim of the bill sounds too similar to that of CISPA to have a chance of passing the Senate. The new bill’s goal is reportedly to “allow companies to monitor their computer networks for cyber attacks, promote sharing of cyber threat information, and provide liability protection for companies who share that information.”16

Two new proposals have also been introduced in the Senate. The first, proposed by John Thune (R-SD), would allow the Federal Trade Commission to punish companies retroactively for failing to adopt “reasonable” data security practices and would preserve Congress’s authority to determine what those security practices should be.17 The second, proposed by Jay Rockefeller (D-WV), would give the Federal Trade Commission (FTC) legislative authority to set cybersecurity standards, removing Congress’s authority altogether.18

Given the rapidly increasing threat that cyber attacks pose and Congress’s relative lack of cybersecurity knowledge compared to the FTC, Rockefeller’s plan seems more reasonable. But the past history of the Senate’s concern for privacy indicates that neither bill will garner enough votes to pass.

The unfortunate reality for cybersecurity policy is that online security is simply not a top priority for enough Americans. Edward Snowden’s unauthorized disclosure of the PRISM program profoundly altered the public psyche toward online privacy, creating a largely irrational belief among many technology users that the government should not have a right to ensure maximum cyberspace security with their personal data. In CISPA’s case, people seem to value the privacy of their Internet browsing histories alone over the reduction of imminent cyber threats. Given Washington’s inability to pass legislation promoting cooperation between the private sector and the government, and that its chief responsibility is to ensure the security of nationwide systems and government facilities, individual companies are beginning to realize that the security of private sector networks is their prerogative alone.

Evidence suggests that the private sector is up to the task. In April, the National Retail Federation, a trade association comprising both independent and chain retailers, established the Information Sharing and Analysis Center, which links the threat data of all member retailers and shares anonymized data with the US government.19 The steps of GE in protecting its infrastructure through the acquisition of Wurldtech will bolster private sector confidence in the value of cybersecurity and will dispel fear that the return on investment of protecting critical information is outweighed by its cost.

In the coming years, companies will need to focus their efforts in these areas:

1. Transitioning the chief objective of cybersecurity from preventing attacks to reacting quickly and determining their source. Given the difficulty of predicting hacker behavior and the inevitability of eventual breaches, companies must develop robust internal programs that can destroy cyber attacks before they do damage. Target’s shortcoming was not its failure to prevent a breach, but rather its failure to act swiftly once it diagnosed the problem.20 The post-mortem investigation showed that Target’s systems set off unmistakable red flags, yet officials waited several days before acting on the information. Had they responded immediately, the stolen data would never have made it to the hacker’s servers.

2. Holding third-party providers to a higher standard. Most major company data breaches come through third-party service providers rather than through the company’s infrastructure. Data security is inconsistent across platforms and industries, and companies need to subject all of their partners and contractors to rigorous stress tests to ensure that attackers have no easy entry points.

3. Building stronger relationships with the government and the police so that attackers can be prosecuted. Regardless of what legislation is passed in Congress, the government’s role in cybersecurity should include, at a minimum, the vigilant pursuit of known cyber marauders.

While the burden may seem to fall hard on private sector companies today, the government will eventually pass definitive and meaningful legislation. The political climate toward national cybersecurity is simply too charged for a bill not to pass at some point in the next few years. The Pentagon’s annual reports to Congress have become increasingly direct in their condemnations of national militaries and governments. The 2012 report openly accused both the Chinese government and the People’s Liberation Army of propagating cyber attacks against the United States in deliberate attempt to “gain strategic advantage.”21 The government is aware of the grave threat posed by cyber attackers; it now needs to match its rhetoric with legislation and action. Although largely symbolic, the Justice Department’s May 19 indictment of five members of the Chinese People’s Liberation Army for hacking into US networks was a step in the right direction. The hackers allegedly compromised the networks of Westinghouse Electric, the US Steel Corporation, and several other private companies. Attorney General Eric Holder Jr. stated that these actions crossed the line because the government commissioned covert actions for the purpose of gaining a commercial advantage, not for advancing national security.22

Nonetheless, it is not and should never be the government’s responsibility to ensure the full security of private sector networks. For the sake of both national security and auxiliary benefits to individual companies – such as liability protection after security breaches in exchange for sharing data with the government – Washington should still attempt to pass legislation that will improve cooperation between the private and public sectors. Perhaps the upcoming midterm elections will yield a Congress more appropriately focused on pushing a cybersecurity bill into law. If the Senate, as well as the American public, can realize the relative importance of national cyber attack preparedness over the disclosure of personal user data to the government, then US cybersecurity strategy may have a promising near-term future.

 

The views expressed by the author do not necessarily reflect those of the Glimpse from the Globe staff and editorial board.

 

Works Cited

                                                                                                                                                         

1. U.S. Department of Defense. “Defense.gov Special Report.” 12 June 2013. <www.defense.gov/home/features/2013/0713_cyberdomain>.

2. Drogin, Bob. “Russians Seem to be Hacking into Pentagon / Sensitive Information Taken.” SFGate. 7 October 1999. <www.sfgate.com/news/article/Russians-Seem-To-Be-Hacking-Into-Pentagon-2903309.php>.

3. Lewis, J.A. “Computer Espionage, Titan Rain, and China.” Center for Strategic and International Studies. December 2005.

4. Proofpoint. “Upwards of 80,000 malware breaches a daily problem.” ThreatInsight. 19 March 2014. <www.proofpoint.com/threatinsight/news-feed/articles/upwards-of-80000-malware-breaches-a-daily-problem-596921>.

5. Kash, Wyatt. “Retail Breaches Bolster Interest in NIST Cyber Security Conference.” InformationWeek. 15 May 2014. <www.informationweek.com/government/cybersecurity/retail-breaches-bolster-interest-in-nist-cyber-security-advice/d/d-id/1252740>.

6. Yadron, Danny. “Massive OpenSSL Bug ‘Heartbleed’ Threatens Sensitive Data.” The Wall Street Journal. 8 April 2014. <http://online.wsj.com/news/articles/SB10001424052702304819004579489813056799076>.

7. Rainie, Lee and Maeve Duggan. “Heartbleed’s Impact.” PewResearch Internet Project. 30 April 2014. <www.pewinternet.org/2014/04/30/heartbleeds-impact/2>.

8. Lee, Richard. “GE purchase of Wurldtech focuses on cybersecurity.” Ctpost.com. 14 May 2014. <www.ctpost.com/news/article/GE-purchase-of-Wurldtech-focuses-on-cybersecurity-5479275.php>.

9. Gagliordi, Natalie. “Target, JC Penny among new ragtag retail cybersecurity team.” ZDNet. 15 May 2014. <www.zdnet.com/target-jc-penney-among-new-ragtag-retail-cybersecurity-team-7000029500>.

10. Tobias, Marc Weber. “Your Cybersecurity: Don’t Count on the Government.” Forbes. 12 May 2014. <www.forbes.com/sites/marcwebertobias/2014/05/12/your-cybersecurity-dont-count-on-the-government>.

11. National Cybersecurity and Communications Integration Center. “Trends in Incident Response in 2013 Overview.” ICS-Cert Monitor. 14 February 2014.

12. Office of the Press Secretary. “Remarks by the President on Securing our Nation’s Cyber Infrastructure.” The White House. 29 May 2009. <www.whitehouse.gov/the-press-office/remarks-president-securing-our-nations-cyber-infrastructure>.

13. The White House. “Cyber Security.” <www.whitehouse.gov/issues/foreign-policy/cybersecurity>.

14. Whittaker, Zack. “Obama’s cybersecurity executive order: what you need to know.” ZDNet. 13 February 2013. <www.zdnet.com/obamas-cybersecurity-executive-order-what-you-need-to-know-7000011221>.

15. McCullagh, Declan. “Opposition grows to CISPA ‘Big Brother’ cybersecurity bill.” Cnet. 23 April 2012. <www.cnet.com/news/opposition-grows-to-cispa-big-brother-cybersecurity-bill>.

16. Dianne Feinstein: United States Senator for California. “Feinstein, Chambliss Statement on Cybersecurity Information Sharing Bill.” 30 April 2014. <www.feinstein.senate.gov/public/index.cfm/press-releases?ID=2d6e00eb-e6aa-42a8-9ff8-d39fd4197251>.

17. Martinez, Jennifer. “Senate Commerce panel approves cybersecurity bill.” The Hill. 30 July 2013. <http://thehill.com/policy/technology/314433-senate-commerce-panel-approves-cybersecurity-bill>.

18. Sasso, Brendan. “Rockefeller to offer cybersecurity amendment to Defense bill.” The Hill. 21 November 2013. <http://thehill.com/policy/technology/191015-rockefeller-to-offer-cybersecurity-amendment-to-defense-bill>.

19. Higgins, Kelly Jackson. “Dual Retail Cyberthreat Intelligence-Sharing Efforts Emerge.” InformationWeek. 15 May 2014. <www.darkreading.com/analytics/threat-intelligence/dual-retail-cyberthreat-intelligence-sharing-efforts-emerge/d/d-id/1252767>.

20. Riley, Michael, Ben Elgin, Dune Lawrence, and Carol Matlack. “Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It.” BloombergBusinessWeek. 13 March 2014. <www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data>.

21. Sanger, David E. “U.S. Blames China’s Military Directly for Cyberattacks.” The New York Times 6 May 2013. <http://www.nytimes.com/2013/05/07/world/asia/us-accuses-chinas-military-in-cyberattacks.html>.

22. Schmidt, Michael S. and David E. Sanger. “5 in China Army Face U.S. Charges of Cyberattacks.” The New York Times. 19 May 2014. <www.nytimes.com/2014/05/20/us/us-to-charge-chinese-workers-with-cyberspying.html>.