Gaming Laboratories International (GLI) proposed a comprehensive gaming security framework at last year’s Regulators Roundtable which addressed industry demands for best practices in security controls.
Leveraging three and a half decades of knowledge and gaming industry insight, GLI worked with Bulletproof to accelerate the quest to establish a framework for gaming security.
“We began on it because many regulators came to us to ask if there were specific gaming-related cybersecurity measures that we can adhere to,” explained Joe Bunevith, Vice-President Government and Regulatory Affairs for GLI. “The answer at the time was really ‘no’.”
Bunevith acknowledged there are other standards in the industry, including the National Institute of Standards and Technology (NIST), the National Security Commission (NSC), and the Center for Internet Security (CIS).
“All of them, however, are really of a more general nature for any type of business. We headed down this path of creating a gaming-security specific framework,” he explained.
GLI promised and GLI has delivered in time for the 25th Regulators Roundtable, which will be held at Palms Las Vegas April 16 – 17.
“We just published the first two modules, which are what we are calling the Common Controls,” Bunevith said. “It contains different modules for different sections of our massive and complicated industry.
“The modules are GLI-GSF-1, Gaming Information Security (GIS) Controls Audit v 1.0, and GLI-GSF-2, Gaming Technical Security (GTS) Assessment v 1.0. The modules separate the Common Controls necessary for auditing gaming organizations.
“The next plan is to start working on the individual modules that are beyond those Common Controls. We released the first two so that everybody, no matter who they are in the gaming industry, could adhere to the two Common Controls.
Each module in the GLI-GSF is a culmination of gaming industry best practices and are available now in the Standards section of the GLI website.
Bunevith disclosed the forthcoming plan to initiate development on individual modules beyond the Common Controls. This includes vendors for physical retail locations, iGaming, Sportsbook, cloud computing cashless systems, artificial intelligence, lottery and additional areas.
“It is going to take some time to get it right,” Bunevith acknowledged. “We work internally with our subject matter experts across GLI and our sister company, Bulletproof Solutions.”
The process is very thorough. Bunevith revealed that during the first phase of creation, extensive feedback is received from the regulators, suppliers and operators with whom GLI works closely. From there it moves into the second phase to share across the GLI network, and finally into a public comment phase.
“This is why it took some time to release, because we went through this entire process with the first two modules,” he said. “We wanted to get the modules tailored for the gaming industry, to bring clarity to industry about exactly what type of controls are required and how to prove that these controls can be implemented correctly.”
It is obvious that with threats to gaming operations, regulatory bodies rely heavily on the expertise of a qualified Independent Security Firm (ISF) to perform gaming security assessments as an essential addition to the testing and certification of the critical system components of a GPE (Gaming Production Environment) by an Independent Test Laboratory (ITL).
GLI-GSF-1 sets forth the gaming information security (GIS) common controls necessary for auditing a Gaming Organization’s Gaming Information Security Management System (GISMS) to ensure effective management of security in a gaming organization’s GPE.
The GPE encompasses the backend systems and infrastructure that interface and support gaming activities, including Critical System Components, Transaction Processing, Security Measures, Risk Management, Continuous Operation, Monitoring and Control, and Regulatory Compliance.
“You want fair play for the patrons and compliant products and operators within the jurisdictions,” Bunevith said. “We want to provide the tools for suppliers, operators and regulators to be on the same page, and we hope GLI-GSF satisfies this need.”
The first modules apply to all forms of gaming. They replace the technical security tests previously published in GLI-27 for land-based gaming operations. In the near future, they will replace the technical security controls previously established in Appendix B of GLI-19 and GLI-33 for interactive gaming and event wagering as other modules are released.
The entire GLI Gaming Security Framework (GLI-GSF) and all GLI standards are free for download at www.gaminglabs.com.
