In the months and weeks leading up to the Tokyo Olympics, intelligence agencies and cybersecurity experts warned of the risks of cyberattacks and the need to exercise preventative measures to prevent the kinds of incidents we have seen in the previous Olympics at Rio de Janeiro, Sochi, Pyeongchang and London. Fortunately, the International Olympics Committee (IOC) and the local organizers of the Tokyo Games, the Tokyo Organizing Committee (TOC), needed no convincing. Over the course of these games, it’s become increasingly clear that the organizers did indeed exercise preventative measures and that despite the challenges and limitations of holding an Olympics during a pandemic, the Tokyo Olympics have been a real success story from a cybersecurity perspective. Organizers of all large-scale, televised sporting events—and indeed just all organizations in general—should look to this year’s games as a model to emulate.
The Best Kind of Defense
One of the things that the Tokyo Olympics got right from a cybersecurity perspective is a principle often taught, suitably enough, in sports. As coaches often like to say, “The best defense is a good offense.” A common problem that we see in the cybersecurity field is that far too many organizations wait until they’ve been attacked. Nowadays, this is a recipe for disaster. We know the rate of cyber threats is increasing, with ransomware attacks having spiked 150% in just one year and state-sponsored cyberattacks, also known as advanced persistent threats (APTs), having doubled in three years. We also know that large-scale sporting events such as the Super Bowl, the World Cup, and the Olympics—for various reasons, including the market size of these events and their modern reliance on digital technology—are frequently the target of cyber threats.
Learning from the lessons of past Olympic games, the International Olympics Committee (IOC) and the Tokyo Organizing Committee (TOC) fortunately did not make the same mistake. While this year’s games have not been entirely free of an incident (there was a relatively minor one early on, for example), the kinds of incidents that specialists such as myself are most concerned about with large-scale events like these are the those that shut down critical parts of the infrastructure such as ticketing, scorekeeping, or media broadcasting. In fact, something like this almost occurred at the 2018 Olympics in PyeongChang, South Korea, in which the Opening Ceremonies were nearly brought to a halt. The fact that there was not an equivalent malicious event during the Tokyo games is no accident or stroke of luck. In this day and age, that’s extremely unlikely. Instead, the lack of incidents at the Tokyo Olympics tells us that aggressive preemptive measures were taken. And while I do not know, in this case, what each and every one of those measures was precise, I know which basic principles were observed.
Having the Right People in Place
With an international event of this size, the first mandatory element to have in place, of course, are the behavioral specialists and analysts who can implement user and entity behavior analytics (UEBA): the process of interpreting intelligence, detect patterns from that intelligence, and putting together plans for preemptive cyberattacks or counter attacks. Also necessary are the supporting teams of Level 1 security operations center (SOC) analysts who have their eyes on the glass 24/7, see all the traffic in real-time, collect all the alerts, filter out the false positives, and, when it’s justified, escalate abnormal activity to their behavioral specialist.
Since the Olympics are inseparable from world politics and diplomacy, we can be certain that these analysts represented all the key security and intelligence agencies from the major countries coming together in collaboration. For the U.S, that would likely be the FBI, NSA and CISA. For the U.K., that would be MI5 and the SIS, and so on. While the pandemic may have made the logistics of such collaboration more involved, there would nevertheless have been a joint command center in some shape or form in which the specialists from these agencies can share information in real-time.
On top of this, we also know that numerous private security firms from various countries, including Japan, Taiwan and even Israel, have also been recruited to help in what seems to reflect the growing (and necessary) trend of cooperation between government organizations and private tech companies in the area of cybersecurity.
Going on the Offensive
What I’m confident played an essential role in the Tokyo Olympics, having been relatively uneventful from a cybersecurity perspective, is intelligence-driven defense, or the act of looking for known threat actors through the kind of characteristic behaviors they are known to exhibit. Again, it’s defense through preventative offense. Another recent success story in which the same approach was used was the 2020 presidential election, further proving that investing in proactive, robust cybersecurity measures works. The fact that foreign actors did not successfully interfere in the election was not a sign that the preemptive actions were a waste of effort but rather a success. The same applies to this year’s Olympics. The lack of significant disruptions has been a clear win and is almost certainly a direct result of preemptive measures.
The tactics of cyber threat actors constantly evolve, so we must stay vigilant as well, and resting on our laurels is never a good idea. But given the alarming number of cybersecurity incidents so far in 2021, a success story like the Tokyo Olympics is a welcome bit of positive news and serves as a model example for organizations out there that still tend to err on the side of passivity. The ransomware attacks on Colonial Pipeline and JBS are just two of many examples showing that waiting until an incident occurs is costly and preventable. Instead, take a cue from the Tokyo Olympics: go on the offensive and beat threat actors at their own game.
