Monday, October 10, 2011

Cyber attack tests for Olympic IT

Simulated cyber attacks will be carried out on the computer systems running London's 2012 Olympic Games.

A series of worst-case scenarios are to be played out in March and May, just months ahead of the Games' opening.

They include a massive denial of service attack on the official website, and a virus getting onto organisers' computers.

Despite the extensive planning, Olympic bosses say they are unaware of any specific threat.

The computer networks used to record scores and feed information to the public and media have been in development for years.

A control centre, where operations will be co-ordinated from, was opened on Monday in Canary Wharf.

Its permanent staff of 180 workers are already doing dry runs of sporting events, as they try to identify and fix problems.

But one of the biggest fears around the Olympics is not a crashed server or power outage, but a deliberate attack by cyber criminals.

During the period of the 2008 Beijing Olympics, China was subject to about 12 million online attacks per day.

The UK has learned lessons from its predecessor, said Gerry Pennell, chief information officer for London 2012.

"The approach of the website is a distributed one. That minimises the DDoS attack route," he explained.

"Another key principle is to keep mission-critical games systems quite isolated from anything web-facing. So very much partitioned and separated, thus making it hard for an external attack to succeed."

Security testing on the system will be carried out in a specially isolated version of the Olympic network, using an in-house team of pretend hackers.

"We simulate past competitions and we have a shadow team of about 100 people coming and creating problems - injecting viruses, disconnecting PC servers," said Patrick Adiba from Atos, the company managing the games' IT systems.

"We are using a simulation system so it doesn't really matter if we corrupt the data. We simulate the effect and see how people react."

Mr Adiba said that his company was constantly looking for information on potential threats to the Olympic Games.

"We have our own system within Atos to see the evolution of cyber crimes, and we have contact with relevant authorities to share knowledge and information about what may happen."

Emerging threat

Since the last Olympic Games, the nature and scope of cyber threats has changed substantially.

A series of hacks and website takedowns - orchestrated by Anonymous and LulzSec - has hit organisations including Sony, HB Gary, and the UK and US governments.

More complex attacks, such as the Stuxnet worm, which targeted Iran's nuclear industry, highlighted the sophistication of politically motivated hackers.

Such threats have been taken into account by designers working on the Olympic systems, according to Gerry Pennell.

"Our architecture was largely decided before [those things] happened," said Mr Pennell.

"Having said that, [those sort of attack] were well understood before those very high-profile incidents."

In April, former Home Secretary David Blunkett warned that the Olympics could be hit by "devastating" cyber attacks if more was not done to boost the country's IT defences.

Since becoming prime minister, David Cameron has repeatedly stressed his commitment to protecting the country from cyber attacks.

The UK is due to host a global summit to discuss the problem, beginning 1 November.



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement

0 comments: