Could the AI-powered Champions League draw be affected by cyber attacks?

It’s all change with the Champions League draw format.

Following pressure from fans and teams alike for more ‘meaningful’ games, UEFA have expanded the competition from a 32 team affair to a new 36 structure with the traditional eight groups of four teams now being replaced with one single league format with each side playing eight games, four at home and four away.

“The clubs wanted this and some even needed this change,” said UEFA General secretary Giorgio Marchetti. Several of the reasons offered by UEFA for the change are to provide greater competitiveness in the group stage, a diversity of matchups, an increase in participation and a change in the narrative of the competition.

After the eight games, the teams in the top eight places automatically take a place in the Round of 16 with teams who finish 9-24 going into a knockout play-off round to join the top eight in the last 16 as teams in 25-36th places eliminated from all competitions.

Thursday’s draw will see teams pitted against opponents drawn from seeded pots with then draw set to be determined by a computer with a hybrid draw format to be used involving a UEFA guest selecting a team and the supercomputer then selecting the list of eight rivals.

Software hack possibility?

UEFA has been working on this draw process for nearly 12 months with AE Live providing the software that will be used for the new draw format.

Ernst and Young will also be used to add an extra filter to give an “extra layer of assurance and transparency”, according to Marchetti with the consulting firm set to audited and monitor the development of the draw.

AE Live also add that they have taken the risk of a cyber-attack seriously and has put several protections in place to keep the draw secure.

“The draw itself will be conducted in an entirely closed environment,” Dave Gill, AE Live’s chief technology officer.

“There will be no external access from external interference for a period of time before the draw and during the draw, so there’s no DDoS (distributed denial-of-service) attack (which can overwhelm the system and cause it to fail).

“Access to our code, and our code repository, are controlled through multi-factor identification. It’s a very limited amount of people who have access to our code. We’ve just conducted some penetration testing from an external third-party provider to make sure that we are, as a business, as secure as we can be. We’ve done additional risk assessments around the increased risk around cyber-attacks.”

Despite the draw set to be concluded this evening, UEFA will confirm the definitive match days and kick-off times on Saturday, 31 August.