Protecting against cyber attacks

After Tokyo won the bid to host the 2020 Olympic and Paralympic Games, many security professionals discussed the need and urgency of cyber security measures that will be required to ensure a safe and successful Games.

During London 2012, the number of detected attempts by malicious agents rose from around 2 million per day at the beginning of the Games to a peak of 9 million per day.

A total of 212mn malicious requests were blocked by the network security implementation, with a peak of 128mn in a single day. The Wi-Fi network infrastructure was accessed by some 27,000 journalists using their own devices, many of which already had malware loaded on them.

The security team had to help clean up these devices, which had software that was designed to disrupt or damage computer systems, in order to prevent other systems from being infected.

The intrusion-prevention system monitored and consolidated about 120mn network-based daily events into just a handful of security events that required further investigation.

In terms of requests, 121.6bn web requests were processed (peaking at 223,281 requests per second), which was 10 times more than during the 2010 Winter Olympics.

London 2012 was the first Olympics at which a single sponsor—BT, the sole telecommunications partner—controlled all aspects of communications end-to-end, and acted as the technology integrator responsible for network technology, network security and the London 2012 official website.

There were two objectives: to deliver the most socially connected Games ever and the greatest show on earth.

It was the first all IP-connected summer Games and the social media impact was a crucial communications segment that required getting it right the first time.

Meanwhile, the scale of the challenge with the whole world watching meant that planning and starting work early was essential. As a result, seven times more bandwidth was available than during Beijing 2008.

London 2012 was built from scratch. A technology revolution around mobility and Wi-Fi had occurred at exponential speed during the four years since Beijing, so it was crucial to plan for a huge amount of additional capacity and resiliency. There were two major events to get right:

1. The Opening Ceremony, with 4.8bn viewers, 27,000 journalists in the stadium and 700 broadcasters, most of whom sent their feeds in high-definition format.

2. The 100m race final: All of the journalists wanted the first photo of the racers crossing the finish line—and it all had to be in real time.

Another consideration is that the Paralympic Games, which are becoming much more prominent worldwide, take place just two weeks after the Olympic Games end. Both Games are of equal importance, technologically, operationally and commercially.

Remoteness is also a key consideration. Although not all the venues were in the Olympic Park or even in London, the same standard and quality of service were required at all sites. Hence, preparation is key.

There were a number of official stages in the preparation phase:

  • Design reviews, to ensure the design fit the requirements—both known and predicted
  • Testing—to get the technology and security aspects operational and then fully test the team and systems
  • Forty-two contractual milestones
  • Real-time Games testing in each venue
  • Two full technical rehearsals, where the International Olympic Committee tested everything to ensure each sponsor achieves the standards required

Protecting the London 2012 website during the Games was important for people to book tickets, review schedules and download applications to help them navigate online.

This was obviously quite a large challenge because the website attracted the greatest security threats, due to its high visibility and utilisation.

Despite intense planning, there were still some last-minute challenges, such as an eleventh-hour need to deploy the world’s largest high-density Wi-Fi throughout the Olympic Park.

All of the critical service design reviews, as well as testing procedures and methodologies, had to be redone to meet a very tight schedule.

The time-to-resolution service levels were half of those that had been required in Beijing, so London 2012 was a far more complex and challenging project. For example, the time allowed to discover, diagnose and repair a severity-one fault and put the system back into service was cut from two hours in Beijing to only one hour in London.

Moreover, severe penalties were associated with severity-one faults.

Broadcasters need to survey the venues one year in advance and submit their requirements for connectivity and bandwidth (global connectivity, no latency, real-time, high-definition), so everything must be ready for this flood of orders.

The press arrive six to eight months early to scout out the best positions and submit their requirements accordingly.

Athletes, also arriving early to get acclimatised, need purpose-built accommodations, which includes Wi-Fi and cable TV. Even the food halls require bandwidth.

During the Paralympic Games, the venues can change dramatically, so sponsors may need to make new provisions—such as cable route changes due to floors being ripped out and replaced—and assemble new teams.

Critical factors for success
Network and security operation centres allowed London 2012 to be run successfully. In the technology operation centre, all of the technology providers were present, but the network underpinned everything.

As a result of the preparation and testing, by the end of the Games, no severity-one faults had occurred, and there had been only a couple of severity-two faults. However, the latter represented only a loss of resilience, not of service.

Running the website was a huge challenge, with 212mn malicious connections during the Games, and at least one hacking attack every day.

Working with the physical security providers was also important as they promoted the country on a global scale during the Games. Teams worked closely with police, security organisations, customs, immigration, and other agencies. to help them with their secure communications requirements.

London 2012 was delivered on a very tough schedule, and showed that people are the most valuable asset: the right team is the key ingredient to success. In Beijing 2008, there were 8,000 people involved in the technical organisation, but in London the technical team numbered only 850.