How Intelligence Sharing Can Help Keep Major Worldwide Sporting Events on Track

Major worldwide sporting events like the Olympics or the FIFA World Cup attract global interest as people follow their national teams and hope for success. To put this into context, the Olympic Games are one of the most widely covered sporting events in the world, with an audience of more than 4 billion viewers. Probably owing to the sheer scale of such events, not to mention their high profile, they also attract bad actors looking to disrupt them for ideological reasons or illegal profit.

Organizing a major event like the Olympics is a huge undertaking and the eyes of the world are on the host country and its organizing committee. There is a huge amount of pressure to produce the perfect sporting spectacle that unifies the world as it watches athletes strive to deliver their best performance.

Global events that have the eyes of the world on them

For the 2024 Paris Olympic Games, there will be 4 billion viewers, 13.5 million spectators in the various stadiums and event venues, and 15,000 athletes gathered for this event from more than 200 nations. Alongside all the physical operational and logistics arrangements, it is also critically important to have a robust cybersecurity strategy and reliable threat intelligence around any impending issues that might disrupt or impact the smooth running of the event.

Not an easy task to achieve when you consider that these types of events have been targeted by multiple cybercriminal and nation-state campaigns over the years. In 2008, the Beijing Games experienced mimicking of the ticketing websites to enable cybercriminals to steal customer banking details. In the 2014 Sochi Games, 700 Russian websites were defaced. There was a big DDoS attack around the Rio Olympics, whereby several organizations affiliated with the Olympics came under large-scale volumetric DDoS attacks. And in 2018 the Pyeongchang Games in South Korea was impacted by the Olympic Destroyer malware, which leverages native Windows utilities and API calls to carry out destructive attacks. This caused issues during the high-profile opening ceremony, taking screens offline.

Adapting quickly to fast-evolving threats

Normally these types of events have the added pressure of very tight timeframes. For example, the Olympic Games is only 29 days long, so set up and take down is a very intense period, where the threat actors can take advantage. This means that cybersecurity must adapt to an evolving threat landscape and an information system under construction. It is therefore vital that the games organizers and their partners look to employ intelligence sharing via the deployment of a threat intelligence platform to anticipate, share and combat potential threats. There are also reduced time scales around the threat emerging and the counter measures deployed to protect the system. That means that any methods employed to improve the quality and efficacy of threat intelligence information, sharing and automation can make a huge difference.

And there is a lot to secure and protect during these events. For example, timing and scoring information must be accurate. Games organizers need to ensure that live video enrichment, sports presentations and broadcasting are all secure and that no-one can take control of these. All accredited WiFi and the availability of these systems throughout the games need to be meticulously maintained. Images of winning athletes must be available within minutes to all the press agencies around the world. Commentator Information Systems which hold all the data and statistics that help to enrich the broadcasting information can’t be tampered with – the list goes on.

Cyber issues outside the event

Outside of the actual games themselves there are also a lot of social engineering and phishing scams targeting people desperate to get tickets and defrauding them of large amounts of cash. The organizing committee is working hard to alert people to social engineering scams to ensure that spectators who enter the stadium have the appropriate tickets and seats.

Another side to social engineering is misinformation campaigns by nation states. A recent story from NBC News and the New York Times highlights disinformation campaigns aimed at scaring people away from attending the event.

Additionally, with huge events like this there are so many people involved, so many different groups, who all have their own ecosystems and supply chains. With the time pressure of such events and the fact that there is one chance to get it right, bad actors can easily decide to attack via key supply chains, where security might be weaker. It’s therefore critical that key event suppliers are identified and included in the threat intelligence sharing community so they are alert to any attempts to compromise the event via their networks.

Understanding adversary motivations

In all cases, threat intelligence – and effective sharing – is vital. Understanding the types of adversaries involved and their motivations helps identify emerging threats from a national security, systems security and social engineering perspective. Events like this have their own ecosystem and it is essential to share information between stakeholders to increase resilience against such threats.

It is just a few weeks until this amazing global multi-sport event takes place. I wish all participants – athletes, volunteers, spectators and organizers alike – a wonderful experience and a secure and successful event.