From Transit To Tv Signals: How Hackers Could Disrupt The World Cup

U.S. security agencies are concerned that state-backed hackers or criminal enterprises may be eyeing this summer’s FIFA World Cup.

Whether for notoriety or to protest U.S. foreign policy, these cyber groups could disrupt everything from broadcast signals to ticketing systems — or even scramble the networks of mass transit and water treatment plants, as millions of spectators gather for the world's largest sporting event.

In Philadelphia, local officials have conducted field exercises to improve coordination between agencies scanning for threats. Federal, state and local officials ran drills in Seattle on responding to game-day disturbances. And dozens of critical infrastructure groups are working together to secure New Jersey’s MetLife Stadium for the highly anticipated final match on July 19.

“It’s everything, everywhere, all at once,” Colin Ahern, chief cyber officer for the state of New York, said of work currently underway to secure the tournament before the June 11 kickoff. “It’s like there’s multiple Super Bowls happening over a six-week period.”

Protecting the matches from digital threats requires close coordination between law enforcement, intelligence agencies and private sector cybersecurity groups in the U.S., Mexico and Canada. Cyberattacks can be especially hard to prevent because the range of threats is vast, and a hacker could potentially overtake any internet-connected system with enough savvy.

During the 2022 World Cup, a China-linked hacking cell reportedly compromised the networks of a major telecommunications provider, planting malware that could have disrupted live media coverage of games. And earlier this year, Italian authorities foiled multiple Russia-linked cyberattacks on Italian foreign ministry offices and hotels near Winter Olympics sites.

Preparations for the World Cup are being overshadowed by the war in Iran, which is stretching into its second month. Cybersecurity officials are anticipating threats linked to Iran’s military or intelligence wings, according to Ahern, who also warned that Russia’s support of Iran on the battlefield could translate to assistance in hacking World Cup networks.

Other likely offenders include cybercriminal groups from around the world seeking to profit from ransomware attacks on critical systems, Ahern added.

In the U.S. alone, federal, state and local security professionals are fortifying the digital infrastructure in major cities set to host 78 of the 104 World Cup matches, with the remainder spread across Mexico and Canada. This includes divisions within the White House, the FBI, the Army and the Department of Homeland Security, which are working alongside state-level cyber command units and local law enforcement offices.

Pulling these efforts together is the White House Task Force on the FIFA World Cup, established by President Donald Trump last year. Executive Director Andrew Giuliani said that the task force is “working closely” with CISA, the nation’s top cyber defense agency charged with protecting U.S. networks — including hospitals, electric grids and water treatment plants — from cyberattacks. He stressed that the agency’s “expertise and real-time information sharing are central to safeguarding critical infrastructure and stadiums across all host cities.”

Since early 2025, CISA personnel across the country have conducted more than 1,000 “engagements, exercises, security assessments and training activities” specifically for the World Cup, according to statistics shared by the agency. While many of these efforts are focused on strengthening the digital architecture supporting the matches, a lesser-known branch of CISA is also tasked with securing major events against physical, non-cyber threats such as bombs, active shooters and rogue vehicles.

CISA has completed physical and cybersecurity assessments of nearly all stadiums where the games will take place, as well as World Cup team base camps, where 48 teams will stay during the four-week tournament. In January, the agency organized security exercises in six World Cup host cities, with each location focusing on a particular subset of risks.

In Seattle, more than 400 people gathered inside Lumen Field to conduct a full-scale training exercise featuring federal, state and local officials to ensure readiness for game day disruptions.

Officials in Kansas City rehearsed responses to extreme weather conditions that could cause mass casualties, and centered on strengthening communication among emergency response workers. At Philadelphia's Lincoln Financial Field, more than 700 participants gathered to stress-test coordination among agencies securing the games.

At the same time, the FBI says it has been involved in “conducting ongoing threat assessments for intelligence sharing.” This includes preparing responses to unauthorized drone activity, which can be rigged with weapons or used for foreign espionage.

Brigadier Gen. Matt Ross, director of the U.S. Army’s Joint Interagency Task Force 401, told reporters in March that he had visited the FBI’s counter-drones training center in Alabama, where state law enforcement agencies are being trained to use drone-jamming equipment. He’s also working with each U.S. host city to ensure it has thorough measures in place to intercept any drone threats during the matches.

At the state level, law enforcement agencies, cybersecurity red teams and critical infrastructure groups are corralling experts together to ensure that even the most granular details of World Cup security are ironed out.

Mike Geraghty, chief information security officer for New Jersey, is leading the New York/New Jersey Cyber Infrastructure Working Group for the World Cup. He said that securing New Jersey’s MetLife Stadium for the final match involves liaising between roughly 70 organizations, including transit agencies in both New York and New Jersey; police departments deployed around the cities for physical security; and water system and electric grid operators providing critical services.

“There’s about 4 billion people that are going to watch it,” Geraghty said of the final match. “So really, the message from above is, ‘Don't mess it up.’”

Geraghty’s team has also synced up with officials in Canada and Mexico, which will host dozens of matches in several major cities.

Nayeli Sosa, spokesperson for the Canadian Centre for Cyber Security, said that the agency is engaging with “Canadian government partners at the federal, provincial and municipal levels, the private sector including critical infrastructure, and international partners” to protect against a barrage of cyberattacks.

In Mexico, around 100,000 security force members are preparing to be deployed to protect stadiums and safeguard visitors flying in for the tournament.

One complicating factor in these international preparations is the ongoing DHS shutdown, which houses some of the nation’s key security and emergency management agencies, including CISA, the Federal Emergency Management Agency and the Transportation Security Administration.

According to CISA Acting Director Nick Andersen, 40 percent of personnel in CISA’s Office for Bombing Prevention are furloughed, slowing efforts to train World Cup cities on how to spot and defuse explosive devices. Andersen testified last month to the House Homeland Security Committee that the shutdown, which began in mid-February, also limited the number of cyber and physical threat exercises CISA can hold in host cities.

FEMA is in charge of doling out $625 million in federal grants to U.S. host cities for World Cup-related security and preparedness, and formally began sending out the funds on March 18. FEMA confirmed that while the funding “is not frozen,” the process has been “significantly hampered by the lapse in DHS appropriations.”

And though TSA agents began receiving backpay in late March after Trump signed an executive order to redirect federal funds, hundreds of officers have already quit, straining the agency’s ability to move U.S. visitors quickly and safely through airports, passenger rails and other mass transit systems.

Despite weeks of negotiations, Democrats and Republicans have yet to seal a deal to restore DHS funding. And while the Senate and the House approved separate bills at the end of March to reopen portions of DHS — including CISA and TSA — neither bill has received bicameral support, leaving the shutdown to continue indefinitely.

“The security of millions of visitors and the integrity of this historic event depend on a fully operational DHS and CISA,” Giuliani said.