May 3, 2012
-- Information security company commissum
today warned of an increased risk of cyber-attacks in the period immediately before the 2012 Olympic Games in London, as well as during the games themselves. There are potential threats both to the computer networks of the Olympic Games, and also to the systems of other organisations. According to commissum
, clients have been expressing concern about cyber-security for that period, and commissum
’s consultants have been assisting them in tightening up their security measures.
The UK Government is also aware of the heightened level of risk during the Games. Francis Maude, the Cabinet minister responsible for the UK’s Office of Cyber Security, has stated in a recent speech during a visit to Estonia that cyber-attackers "would seek to disrupt the Games", and that the Olympics "will not be immune" to cyber-attack. He pointed out that the Beijing Olympics (2008) were subject to twelve million cyber-security incidents. However, he added a note of reassurance, stating "We have rightly been preparing for some time a dedicated unit which will help guard the London Olympics against cyber-attack"
, and also "We are determined to have a safe and secure Games."
Although the Government has no knowledge of any specific threat to the Olympics, an expert cybersecurity team has been active for several months now, strengthening the defences against cyber-attack. Working on a specially-isolated network at the highest levels of security, they simulate attacks and implement defensive solutions for both the official website and the computers used to run the games. This level of preparedness is essential in today’s threat landscape, since as Mr Maude stated, "High-end cybersecurity solutions that were used eighteen months ago by a limited number of organisations to protect their networks may already be out in the open marketplace - giving cybercriminals the knowledge to get round these protective measures."
Briony Williams, a security consultant at commissum
, commented "These measures may appear extreme to some people, but in reality they are no more than reasonable preparation for the level of threat that exists nowadays. The minister correctly points out that the recent growth in the number and availability of hacking tools has made the job of the security professional all the more difficult. In recent months there has been an increase in cyber-attacks by agents directly or indirectly sponsored by other states. To disrupt the London Olympics would be a great propaganda coup for a politically-
motivated attacker. Hence a defensive security initiative of this kind is to be warmly welcomed."
The London Olympics security team are concentrating particularly on defending their networks against a "Distributed Denial of Service" attack, where a large number of compromised computers (whose owners are unaware their computers have been breached) are compelled to bombard a server with messages, so that it can no longer respond to legitimate traffic, and hence crashes. The effect would be to cripple any services that rely on the availability of that server, whether a website, a games scoring system, or a back-end administrative system.
Briony Williams of commissum
commented further "The large-scale security work being done by the Olympics team has every chance of being successful. However, if attackers find their efforts are frustrated, they may turn their attention to easier targets, such as computer networks belonging to organisations that are sponsors of the Olympics, or government agencies associated with the Games, or even any organisation based in London. So a successful defence of the Olympics computers may not eliminate the more general risk of cyber-attack during the Olympics period."