Overwhelmed with watching the world’s best push the limits of humanity and represent the pride of their respective countries, it’s easy to forget about all the behind-the-scenes infrastructure that makes the Olympic Games possible.
However, the largely unreported cybersecurity hack that almost halted the 2018 Pyeongyang Olympics before it began should serve as a stark warning against complacency. But, is the 2020 iteration of the Games at risk of the same fate? What are the threats? And, what can be done to ensure a safe and smooth Olympic Games where all the focus falls on the athletes?
Japan seems to be taking the threat seriously with emergency cybersecurity measures being put in place.
The fallout from the 2018 Pyeongyang attack have also left us with some valuable lessons, including the importance of well-orchestrated incident response.
The LIFARS New York City Lab was established in collaboration with the FBI, Department of Homeland Security and US Secret Service to examine digital evidence of all forms of cyber crime. We operate globally on cases including ransomware, cyber extortion, data breaches, celebrity hacking, Facebook hacking, insider threats, Twitter hacking, Gmail hacking and more.
What Happened in Pyeongyang?
Setting up an IT infrastructure is no mean feat with over 10,000 PCs, 20,000 mobile devices, 6,300 Wi-Fi routers, and 300 servers in two Seoul data centers forming the backbone of the technology behind the 2018 Winter Olympics.
Just before the kick-off ceremony was about to start, organizers received word that some “bug in the system” was systematically shutting down every domain controller in the Seoul data centers. This crash was already affecting the ability to secure tickets, affected Wi-Fi connectivity, disconnected internet-linked TVs, and disabled some of the facilities’ RFID-based security gates.
Luckily, the cybersecurity team for the Olympics’ organization committee were well-prepared by months of drills and security meetings. Working all through the night, they were able to take down and isolate all servers, identify the malicious service (a non-descript file called winlogon.exe), and, finally, restore servers and systems from backups.
By the next morning, all was good, and athletes, organizers, and attendees had almost no idea what had occurred.
Why the 2020 Tokyo Olympics Might Be at Risk
While you might think that the organizers of the 2020 Olympics will have learned from history and beefed-up cybersecurity for the competition, there are several reasons why the games might be at higher risk than ever:
- Cybersecurity threats have continued to diversify and grow more sophisticated
- We are still in the midst of a drought when it comes to cybersecurity talent and professionals
- Far from being negatively impacted like everyone else, cybercriminals have thrived during the pandemic and cyber-attacks have surged in volume
- We are becoming increasingly dependent on technology in all fields, and the Tokyo Olympics is set to be one of the most technologically advanced and innovative Games yet
Finally, while all countries represented at an Olympics hope to put their best foot forward, the host country falls under unmatched scrutiny. This makes the Olympics a prime target for state-sponsored actors with the resources and motive to undermine the event.
Recent tensions between China and Japan as well as the former’s penchant for using state-sponsored cyberattacks are causes for concern.
So, what can be done to secure the 2020 Olympics?
Using common-sense cybersecurity principles and learning from the successful response of the 2018 Olympics cybersecurity teams yield some as to how to prepare for the eventuality:
- Preparation, training, and readiness: Cybersecurity teams, and organizations, must be battle-tested to ensure the veracity of processes when cyber incidents occur. Red-teaming, table-top, and other situation-based training has been proven to be effective and preparing teams.
- Effective incident response plans: Part of the reason the IT infrastructure of the 2018 Olympics could be restored efficiently was the effective incident response. As soon as troubling signs were detected, cybersecurity immediately sprang into action to investigate the cause. Solid collaboration, communication, and decisiveness were key in the recovery process. This is only possible with a clear and effective incident response plan in place that describes the processes, lines of communication, and steps post-incident.
- Full accounting of all resources: For an event and organization on the scale of the Olympics, thousands of physical infrastructure devices are in play. Having a comprehensive and organized catalogue of all your IT assets is crucial to being able to isolate, investigate, and restore systems as quickly as possible.