The Beijing 2022 Winter Olympics is currently in full swing, showcasing the skills and physical prowess of some of the finest sportspeople throughout the planet. Behind the scenes though, managing such a large-scale event that attracts such significant worldwide interest is a challenging and pressured endeavor.
While modern technologies have improved the efficiency of this process, this trend has also exposed high-profile sporting events like the Olympics to the possibility of cyber-attacks. There are numerous reasons why these events are tempting targets for malicious actors. These range from stealing the vast swathes of data collected on athletes and spectators to causing disruption on the international stage to draw attention to a particular political issue.
Numerous cyber-risks have already been highlighted regarding the current Beijing Winter Olympics. For example, last month, cybersecurity researchers in Canada uncovered a “devastating flaw” in the MY2022 app, which all athletes and attendees have been required to download and use.
So what are the main cyber-threats facing events like the Winter Olympics in the modern era, and how can organizers mitigate them? Infosecurity recently caught up with Grant Geyer, CISO and CPO at Claroty, to discuss these matters.
To what extent are international sporting events, such as the 2022 Beijing Winter Olympics, becoming more vulnerable to cyber-attacks?
Although there are many deciding factors when conducting a cyber-attack – specifically ransomware – cyber-criminals tend to go after organizations that have a lot to lose from operational downtime. The more desperate the organization is to get back up and running, the more likely they are to pay the ransom. During a large-scale event such as the Olympics, with an acutely increased population to serve, the stakes are even higher than usual. On top of this, the entire world is watching.
Coupled with the fact that this is a time-bound event and the increase in connectivity between IT and OT environments accelerated by digital transformation, threat actors are aware of the most critical times to launch an attack and which industries to target to ensure the greatest impact.
What do you expect will be the main threats faced by the Beijing Olympics?
The host city will rely heavily on various critical infrastructure sectors running smoothly, as the massive influx of visitors will put a huge strain on the essential services they provide. With that said, we’ve seen a significant uptick in highly destructive cyber-attacks that have taken advantage of security weaknesses in cyber-physical systems across all critical sectors.
It's all the more important that the city’s essential systems and services are protected from cyber-attacks and disruptions, including industries like building management systems for hotels and sporting venues, transportation, food and beverage, water and energy utilities, and hospitals.
What are the various motivations for threat actors in targeting an event like this?
There are two primary motivations: financial and geopolitical. Cyber-criminals want to put decision-makers between a rock and a hard place so that they are forced to make a difficult decision in a short amount of time. By doing this, threat actors can achieve their goal, whether that is to impact the brand financially to get systems back online after an attack, tarnish an organization’s reputation or gain access to information they can exploit in the future. Nation-state actors may also want to use a cyber-attack to project power or cause the public to lose faith in a government’s ability to keep them safe.
How can organizers of events like the Olympics protect the critical infrastructure involved?
Organizers of large-scale events need to anticipate that when a cyber-attack happens, it will impact physical operations. They should have multiple backups in place and make sure sectors have done as much pre-planning as possible. This includes ensuring critical assets are segmented and secure from an architectural perspective. Tabletop exercises are another useful strategy to test how critical infrastructure can respond and recover. It’s also beneficial for teams to share intelligence and communicate internationally. The more cyber intelligence that can be shared, the more organizers can ensure the response to an attack is swift, regardless of geopolitical tensions.