Cy­ber se­cu­rity is part of game in the ma­jors

The An­gels and Dodgers are re­spon­si­ble for pro­tect­ing their data, but MLB is will­ing to help. ‘I will lit­er­ally go weeks with­out writ­ing. Even sig­na­tures on con­tracts are done elec­tron­i­cally.’ — Jerry Dipoto, An­gels gen­eral man­ager

Los Angeles Times - - BASEBALL - By Bill Shaikin

When Jerry Dipoto re­tired as a player and started his climb up the front-of­fice lad­der 15 years ago, the An­gels’ gen­eral man­ager dis­cov­ered that teams would store their most trea­sured data on hand­writ­ten in­dex cards. Now? “I will lit­er­ally go weeks with­out writ­ing,” Dipoto said Tues­day. “Even sig­na­tures on con­tracts are done elec­tron­i­cally.”

In base­ball’s in­for­ma­tion age, a team is as vul­ner­a­ble as any other busi­ness to hack­ers break­ing into a com­puter sys­tem. The Hous­ton Astros learned that les­son the hard way last year, when Dead­spin pub­lished leaked doc­u­ments about trade talks, and Ma­jor League Base­ball con­firmed Tues­day the ex­is­tence of a “fed­eral in­ves­ti­ga­tion into the illegal breach of the Astros’ base­ball oper­a­tions data­base.”

The league has no ev­i­dence that another club has been the vic­tim of a se­cu­rity breach, a high-rank­ing MLB of­fi­cial told The Times, speak­ing on con­di­tion of anonymity be­cause of the on­go­ing in­ves­ti­ga­tion. The of­fi­cial — speak­ing gen­er­ally and not about the Astros case — said each team is re­spon­si­ble for its own cy­ber se­cu­rity, but MLB em­ploys ex­perts and makes them avail­able to con­sult with teams.

It is im­pos­si­ble to over­state the role of com­puter sys­tems in the op­er­a­tion of a team — and not just on the busi­ness side, where ex­ec­u­tives can ad­just ticket prices daily based on the latest sales data or mod­ify or­ders for hot dogs or bob­ble­head dolls based on up­dated at­ten­dance pro­jec­tions.

The Dodgers just added a di­rec­tor of re­search and de­vel­op­ment, and they are hir­ing a “data sci­en­tist” as part of that an­a­lyt­ics unit charged with imag­in­ing and de­vel­op­ing “math­e­mat­i­cal, sta­tis­ti­cal, and pre­dic­tive mod­els to sup­port base­ball oper­a­tions.”

Dipoto said ev­ery team has a pro­pri­etary data­base, de­vel­oped in-house or cus­tom-de­signed for the team by a tech­nol­ogy com­pany. The An­gels’ com­put­ers in­clude, among other fea­tures, sta­tis­ti­cal anal­y­sis, scout­ing re­ports, draft val­u­a­tions, player videos, and what Dipoto said was a per­sonal page for more than 6,000 play­ers, from ma­jor and mi­nor lea­guers to am­a­teur play­ers in Venezuela and the Do­mini­can Re­pub­lic and pros in Mexico, Ja­pan, and South Korea.

Mi­nor league man­agers used to file nightly re­ports — who’s hot, who’s not, who’s hurt, and so on — and Dipoto said he used to need an hour each morn­ing to lis­ten to all the voice mails.

“Now ev­ery­thing is ac­ces­si­ble at the click of a but­ton,” he said.

The New York Times, which first re­ported the fed­eral probe into the Astros’ data breach Tues­day, said in­ves­ti­ga­tors traced the leaks to em­ploy­ees of the St. Louis Car­di­nals who were “hop­ing to wreak havoc on the work of Jeff Luh­now,” the for­mer Car­di­nals ex­ec­u­tive hired in 2011 as the Astros’ gen­eral man­ager.

The news­pa­per re­ported that the Car­di­nals em­ploy­ees, con­cerned that Luh­now might have taken pro­pri­etary in­for­ma­tion, gained ac­cess to Astros com­put­ers based on pass­words used in St. Louis by Luh­now and oth­ers who fol­lowed him to Hous­ton.

In that event, the Astros might have been guilty of fail­ing to take even the most ba­sic of se­cu­rity pre­cau­tions — chang­ing your pass­word ev­ery 90 days — said Ken Westin, se­nior an­a­lyst for Trip­wire, an Ore­gon-based com­pany that helps firms de­tect, pre­vent and re­spond to com­puter se­cu­rity threats. “In their de­fense, they’re prob­a­bly not used to be­ing at­tacked like this,” Westin said.

A base­ball team — or any other small busi­ness — need not spend more than $20,000 to pro­tect its in- tel­lec­tual prop­erty from cy­ber at­tack, said Mo Rosen, chief op­er­at­ing of­fi­cer at Xceed­ium, a Vir­gini­abased com­pany that helps busi­nesses and the gov­ern­ment pro­tect data. Rosen said a two-step au­then­ti­ca­tion process — a pass­word, plus a card pro­vided by the Astros, sim­i­lar to an ATM card — might have been enough to keep the team’s data safe.

“They didn’t even take the most rudi­men­tary steps to pro­tect them­selves,” Rosen said.

Dipoto said he was not overly con­cerned by the pos­si­bil­ity of a hack into the An­gels’ com­put­ers, since base­ball teams tend to dif­fer­en­ti­ate them­selves not by the in­for­ma­tion they col­lect but how they ap­ply it. Still, he said, the An­gels’ com­puter se­cu­rity pre­cau­tions ref lect the best prac­tices of cor­po­rate Amer­ica, first launched when the team was owned by the Walt Dis­ney Co.

To ac­cess the most con­fi­den­tial base­ball oper­a­tions data, Dipoto said, he needs much more than a pass­word. “It’s like walk­ing into Ft. Knox,” he said.

bill.shaikin@latimes.com

‘I will lit­er­ally go weeks with­out writ­ing. Even sig­na­tures on con­tracts are done elec­tron­i­cally.’

— Jerry Dipoto,

An­gels gen­eral man­ager

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.