Digital Assurance – the show must go on!
Many might think that the world of tech and cyber security revolves around the safety and function of IT in a static location. But here at Bamboo, our tech teams excitedly join the festival scene so that legendary music experiences remain a part of our rich and diverse culture. We caught up with our Director of Digital Assurance on his return from Lakefest 2021 to get the low down.
Lee, you’re looking exhausted – was it a healthy dose of drinking and dancing or did you keep the UK festival dream alive?
As I recover from being event manager at Lakefest 2021 this weekend, I can’t help but feel very proud of what we have achieved. Delivering a safe and secure family music event in the middle of a field for 15000 people who have been incarcerated for the last 18 months due to the global pandemic was an amazing feeling.
It involved just under 13,000 festival goers, and 2000 amazing people that worked their butts off to create an amazing customer experience.
How did you get involved?
Over the past 12 months I have been advising the Lakefest strategic team to create an Event Safety Management Plan (ESMP) to deliver the above. This included the digital transformation of the safety and security aspects of the ESMP which are the critical activities needed to get the license from the local council. This is a festival that has grown from 500 people 10 years ago to 15,000 in 2021. The maturity and resilience of the festival has had to increase, and it now includes a vast array of the latest technologies and reliance on the Internet of Things (IOT).
When we think of festivals we don’t typically think of the internet or technology – how has technology made for a better experience?
Festivals can’t operate without technology now. A cashless festival experience is a must. And, don’t forget tickets are purchased via a web application.
VIP and Artist’s details and timings all need to be communicated to stay on track. This all needs to be done over an ad hoc secure network.
With Covid-19 thrown into the mix, it’s now about digital health passports to manage testing of employees and suppliers too.
We are talking about multiple data flows here. Is it right to assume this was all digital?
Yes, all digital. The team had to move to paperless evidence gathering and incident management, so using a risk management platform was a big change, but I thoroughly enjoyed working with the Lakefest teams to transform how they operate.
With such a big attendance due and a completely different environment to the usual office strategies you must have had some concerns – what kept you up at night?
Despite the increased safety and security, my biggest worry that kept me awake (besides the very loud music) was that all the above has increased the number of ways this pop-up festival in the middle of a field can be attacked by cyber criminals. So many new threats, so many new vulnerabilities which are often not fully recognised or understood by festival organisers and stakeholders. Cyber security or digital assurance is often way down the list of considerations.
Surely the local authorities have got this though?
The good news is that a risk management plan was produced. The not so good news is that a data protection impact assessment wasn’t included. Nor was a cyber incident management plan. Nothing of the digital nature was included as part of the ESMP. And, it’s no surprise really. The festival organisers didn’t get it wrong and neither did the local authority. They followed all the guidance laid out for events under the Purple Guide to Health, Safety and Welfare at Music and Other Events, and it is seemingly not needed on the ESMP. But would you take the risk when your entire event is dependent on connectivity and movement of data?
How do festival planners get it right when the guidance is helping to protect them?
Threat intelligence reporting and digital reconnaissance on the ad hoc pop-up network is a place to start and something I think is part of the basics.
Bringing this into the planning of an outdoor event might receive resistance. It is after all a sector that is going through a massive digital transformation while still “living in a field” when it comes to cyber security. It’s no different to any office/business environment, I wouldn’t be undertaking any form of data collation or operation without assessing and mitigating the risk. The damage of getting it wrong is too great.
Did Lakefest do the do like Betty Boo?
Yes, Lakefest went without a hitch.
Our team conducted our own risk assessment, including all the above and we delivered a digitally safe and secure music festival.
We know you like to say thanks Lee, so who does it go out to?
It’s a big thanks to all the team at Bamboo Technology Group who did this all under the radar, so we could learn and create a case study for next year.
Knowledge dispels fear.