The London 2012 Olympics will present significant security challenges its prime contractor, Atos Origin, told the RSA Europe conference, being held a few miles from the games’ venue in east London.
Atos Origin has managed end-to-end IT infrastructure, including the security of the systems, for six Olympic Games and Vladan Todorovic, information security manager at the Beijing Olympic Games, was confident of success in 2012.
Speaking at the RSA conference he detailed how the security team monitored more than 12,000 devices - including 4,000 PCs, 4,000 servers and 4,000 network devices - across 70 venues in different locations in real time during the Beijing Olympic Games 2008.
"The systems needed to be available and work in real time. It was highly visible, critical and there was no room for human error, and no second chances," said Todorovic.
The IT infrastructure had to support three broad areas. The first was the system through which the organisers and IOC run the games, which includes accreditation, arrivals, protocol and staffing and all back office operations.
Secondly, the IT had to support the transmitting of real-time results as well as timing and scoring technology to scoreboards, commentators and judges in real time. Finally these scores need to be transmitted into television graphics for broadcasters.
Security is a major factor in helping the event and technology run smoothly and Atos Origin tested its systems extensively during the preparation period to create different security scenarios around the IT infrastructure, define the processes and audit the 70 venues.
This was all completed within tight time frames. When the Atos Origin team arrived in the host city, it had to build the infrastructure from scratch, even if construction work on the venues had only been completed weeks before the games.
Over the 17 days of competition, the team logged 12 million "suspicious" events per day, around 201 million in total. The 80-strong security team then had to filter these events in real time to separate serious security threats from minor technical notices.
An example of a critical event during the Olympics was one that could affect a competition if there wasn't an intervention, such as tampering with real-time scoring.
The security system worked by generating alerts and it is then up to an intelligent procesing system to assess if those events were problems or potential threats.
Atos Origin captured all the information and used a security monitoring solution to filter and prioritise potential IT security risks could impact the integrity of the system, so the team could react quickly to any unusual or unexpected activity As a result, the team thwarted 2,284 security threats, 90 of them potentially critical that could have caused major disruption.
Around 70 percent of the Olympic staff are volunteers that only receive two weeks training before the games begin. This introduced a high risk of human error so the systems needed to be thoroughly tested before the games began, to ensure each device was configured correctly and met the security requirements.
"But the biggest threat was the inside threat," said Todorovic, citing an example of when one of the accreditation workers on the front desk was discovered attempting to export the photos and details of the entire list of celebrities who were cleared to attend.
"We had other issues of course", said Marc Llanes, information security manager, Atos Origin. "There were many attempts to import hacking tools."
The 18-strong team managed the security in two shifts of six people at any one time.
The London games will present more challenges, particularly given the bold ambition to create a Wi-Fi city. "We are expecting to have many more issues with wireless networks", said Llanes, "there will be a lot more public networks in the area, and these will be a new issue.
However, we also have new technology to deploy, such as an authentication system that wasn't stable enough for Beijing – this will be ready in time for London."