By Chris Harris, EMEA Sales Engineering Director at Thales
Since the 2004 Olympic Games in Athens, cybersecurity has become an increasingly important issue for both host countries and the International Olympic Committee (IOC). The growing dependence of processes on the IT infrastructure has led to increased demands on IT security in order to prepare for and ward off possible cyber attacks.
Chris Harris, EMEA Sales Engineering Director at Thales
Digital Olympic Games
Even though the Tokyo Olympics will be held without spectators after Japan once again declared a state of emergency following a surge in COVID-19 cases, the Games still rely on a variety of cutting-edge digital infrastructures, such as AI-powered devices for live translation, face recognition technology and ZMP’s Robot Taxi, a driverless car. The dependence of the 2020 Olympic Games in Tokyo, which is only now taking place due to the pandemic, on technology illustrates the potential risks in the event that the IT systems are infiltrated. The host country and the International Olympic Committee must be able to rely on these companies, their technical know-how and their digital infrastructure.
It is therefore not surprising that Japan and the IOC have identified cyber security as a very important factor and have announced plans to invest in this area to create the most cyber-secure environment possible for the games. However, the IOC points out that it will not disclose the specific details of its cybersecurity plan, as cybercriminals could draw information from it.
Cyber threats to the Olympics
Cybersecurity threats to the Olympics are not without precedent. At the 2018 Winter Olympics in Pyeongchang, there were the most attacks to date. Russian hackers carried out attacks on the venue’s networks before the opening ceremony, which slowed the entry of viewers and took Wi-Fi networks offline. They also manipulated parts of the TV broadcast.
In the past, the Olympic Games focused on the physical safety of the event. However, as the virtual audience grows today in our increasingly connected world, cybersecurity needs to be put at the center of attention to ensure that such a large-scale event can be held without interruptions or security risks. When countries from all over the world come together, malicious actors will undoubtedly try to enrich themselves with criminal schemes or embarrass the host nation on the international stage.
In fact, the concrete risks are not much different from those that even ordinary companies face in cyberspace, but the lure of such a large and visible stage and high-profile target means that the scale and amount of these attacks go far beyond what other organizations usually face. The RAND Corporation has published a study that highlights the types of threats Tokyo faces, including:
- Targeted attacks targeting high-level Olympic institutions, individuals or organizations.
- Distributed denial-of-service (DDoS) attacks against Tokyo 2021 infrastructure or related networks.
- Ransomware attacks that could affect a wide range of devices, services and underlying infrastructure to support the Tokyo 2020 Olympics.
- Cyber propaganda or misinformation to damage the reputation of individuals, sponsor organizations or the host nation.
According to the same study, the most likely threat actors are foreign intelligence agencies, cyberterrorists, cybercriminals, hacktivists or malicious insiders.
Preparations in Tokyo
Robust planning is essential to address this level of threat. Since 2015, Japan has begun preparations for the Olympic Games and has established partnerships with international and national organizations and authorities. For example, a partnership was established with the U.S. Department of Homeland Security, NIST, and an Israeli utility to address cyber security threats to critical infrastructure during the Olympics. More importantly, all leading Japanese companies supporting the Olympics have adapted the NIST Cybersecurity Framework to align their readiness and response to the globally accepted framework. The host country also recently gained experience organizing a major event; Japan hosted the 2019 Rugby World Cup, another major international sporting event that served as a trial run for Tokyo 2021. This was a unique opportunity for the country to set a milestone before the Olympics, to test its preparedness and capabilities to respond to incidents in advance. Finally, a review of Japan’s cybersecurity Strategy for Tokyo 2021 showed that the country has a limited number of cybersecurity experts, with only 28 percent of IT professionals working in the country. To solve this problem, Japan trained 220 so-called” ethical hackers ” in the hope of creating a Tokyo 2021 better prepared for cyberattacks. The same report concludes that it is of utmost importance to secure not only the infrastructure related to Tokyo 2021, such as electricity, transportation and venues, but also the IT environment for remote work.
Cybersecurity is a marathon at a sprint pace
The encryption factor will play an overriding role in protecting the information that is crucial for the successful and secure operation of the Games. Networks should be encrypted so that all collected data is unreadable. The principles of Zero Trust must be applied to ensure that people and devices within the internal network are authenticated and only have access to the resources they need. Any server, data storage, IoT device that tracks, for example, the movement of vehicles or shipments, or records video, should be able to transmit encrypted information to trusted locations and communicate only with the servers and services necessary for its operation.
Finally, with ransomware attacks on the rise, it is important to ensure that critical systems and networks are disconnected, and to continue to ensure that process-level backups and authorization controls are in place to limit the threat to core systems.