From: Snapshot-Content-Location: https://www.rand.org/pubs/commentary/2018/02/why-the-2018-winter-olympics-are-the-perfect-storm.html Subject: Why the 2018 Winter Olympics Are the Perfect Storm for Cyberattacks | RAND Date: Sat, 14 Sep 2024 18:29:54 +0930 MIME-Version: 1.0 Content-Type: multipart/related; type="text/html"; boundary="----MultipartBoundary--LRQM3WFYWnDeC4pOe7fDQfRyE4O93tIBB6Yd1njYGg----" ------MultipartBoundary--LRQM3WFYWnDeC4pOe7fDQfRyE4O93tIBB6Yd1njYGg---- Content-Type: text/html Content-ID: Content-Transfer-Encoding: quoted-printable Content-Location: https://www.rand.org/pubs/commentary/2018/02/why-the-2018-winter-olympics-are-the-perfect-storm.html Why the 2018 Winter Olympics Are the Perfect Storm for Cyberattack= s | RAND =20 =20 =20 =20 =20 =20 =20 =20 =20 =20 =20
=09
=20 3D"RAND"
Objective Analysis. Effective Solutions.
=09
Toggle Menu

  • Policy Experts

    All Experts

    Spotlight

    By Research Area

  • Capabilities

    Drawing upon decades of experience, RAND provide= s research services, systematic analysis, and innovative thinking to a glob= al clientele that includes government agencies, foundations, and private-se= ctor firms.

    Who We Work For

    Work with Us

    About RAND Research

    =20

  • Graduate School

    The Pardee RAND Graduate School (PardeeRAND.edu) is hom= e to the only Ph.D. and M.Phil. programs offered at an independent public p= olicy research organization=E2=80=94the RAND Corporation.

    =09 =20
    =09

    Featured Video: Campus Tour

    3D"Pardee

    Student Life at Pardee RAND
    =20

    Student Spotlight

    • =20 3D"Kurt =20
      =20
      Kurt Klein

      Assistant Policy Researcher; Ph.D. Candidate, Pardee R= AND Graduate School

    • =20 3D"Elis= =20
      =20
      Elisa Yoshiara

      Ph.D. Student, Pardee RAND Graduate School, and Assist= ant Policy Researcher, RAND

  • About

    • =20
    =09 =09 Toggle Search
    =20
    =09
    =09

    Why the 2018 Winter Olympics Are the Perfect = Storm for Cyberattacks

    commentary

    Feb 12, 2018

    =20 =20 3D"Opening =20

    Opening Ceremony of the 2018 Winter Olympics in = Pyeongchang, South Korea, February 9, 2018

    Photo by Pawel Kopczynski/Reuters

    By Erik Silfversten

    This commentary originally appeared on Wired UK on February 11, 2018.=20

    =20 =20

    Cybersecurity has been a longstanding concern for the International Olympic= Committee (IOC) and host nations of the Games since the early 2000s. Previ= ous Olympic Games have had to contend with a multitude of cyber threats, fr= om the London 2012 Olympics=E2=80=94which experienced thousands of intrusio= n attempts and one false-alarm threat to the power grid=E2=80=94to the Rio = 2016 Olympics, which experienced a variety of hacks, including disclosures = of athletes' personal data.

    However, the 2018 Winter Olympics in Pyeongchang, South Korea, present furt= her cybersecurity challenges, not just due to its location=E2=80=9480 kilom= etres from the border with North Korea=E2=80=94and geopolitical tensions, b= ut also due to major sporting events now becoming increasingly connected an= d integrated with technology.

    The increased connectivity and use of te= chnology has opened the Games up to more vulnerabilities and potential cybe= rattacks.

    The increased connectivity and use of technology has opened the Games up to= more vulnerabilities and potential cyberattacks. Not only are the Olympic = Games available to view worldwide through a variety of broadcasting platfor= ms, but smart technologies are now also increasingly used in the performanc= e and judging of the sports themselves.

    While most of the previous attacks have focused on ticket scams, availabili= ty of IT services, and personal data, there are now more substantial cyber = threats to stadium operations, infrastructure, broadcasting, and participan= ts and visitors to the Games. There might also be cyberattacks that comprom= ise devices to spread propaganda or misinformation.

    More recent Olympic Games have experienced attacks on broadcast operations = and power systems seeking to limit viewer access to live broadcasts. For ex= ample, the 2012 London Olympics we= re hit by Distributed Denial of Service (DDoS) attacks from both allege= d nation-state hackers and hacktivists. While these attacks have had limite= d success, it is possible that large-scale disruptions to broadcasting coul= d have severe consequences to events that rely on a large global audience a= nd sponsorship.

    Cybersecurity experts have already expressed concern over a number of cyber= threats to Pyeongchang, particularly in relation to nation-state activity.= South Korea has previously accused North Korea of cyberattacks on the coun= try, including one in 2013 that wiped numerous hard drives at South Korean = banks and broadcasters. Last month, a cybersecurity firm also uncovered a = sophisticated and targeted cyberattack aimed to steal data from South K= orean organisations associated with the Games.

    Communications could be at risk of survei= llance by nation-state actors for either geopolitical gain or to gain a com= petitive edge in the competitions.

    There have also been warnings of the possibility that communications or mob= ile networks are being monitored in the run-up to the Games. Communications= could be at risk of surveillance by nation-state actors for either geopoli= tical gain=E2=80=94given the number of high-profile attendees from the 92 p= articipating nations=E2=80=94or to gain a competitive edge in the competiti= ons. Network monitoring could also be used to target individuals or organis= ations in order to steal credentials or financial information. This is part= icularly relevant as North Korea has recently been accused of conducting wi= despread campaigns to steal cryptocurrency assets.

    However, these cyber threats extend beyond North Korea. Fancy Bear, a ha= cking group believed to be linked to the Russian government which rose to p= rominence in 2016 after it released sensitive data on Olympic athletes stol= en from the World Anti-Doping Agency (WADA), continues to pose problems. In= January 2018, one cybersecurity firm discovered spoofed domains imitating = the WADA, the U.S. Anti-Doping Agency and the Olympic Council of Asia, whic= h were likely to be associated with the group.

    In response to these threats, the South Korean government and Pyeongchang o= rganising committee have invested around =C2=A3850,000 into cybersecurity measures, as well as hiring= a number of external cybersecurity firms during the Games. However, these = investments are dwarfed by the overall investment into the Games and its as= sociated infrastructure, which has exceeded =C2=A37 billion. The cyber thre= at has also prompted organisations such as Discovery Communications, the Eu= ropean broadcaster for the Games, to take out cyber insurance to cover in c= ase of a cyberattack.

    However, deploying cybersecurity measures across an event as large as the 2= 018 Winter Olympics is an exceedingly difficult task. Previous Olympics hav= e shown that information-sharing across the government, organising committe= es, IOC, media companies, IT service delivery firms and other organisations= is incredibly challenging, but at the same time crucial to security. For e= xample, both the 2012 London and 2016 Rio de Janeiro Olympics set up dedica= ted organisational structures to coordinate security work and facilitate in= formation exchange, but it is still unclear whether the South Koreans have = followed this practice.

    It will also be the responsibility of individuals that are taking part in t= he Games, either as spectators or participants, to ensure that they are not= compromised. Simple measures such as switching off the Wi-Fi and Bluetooth= connections of devices when not in use, using a credit card to pay for onl= ine goods and services, updating the software of devices, and using strong = PINs and passwords can all help.

    The Olympic Games could invite the most severe cyber threats to a major spo= rting event in recent years. The location of the Games and increased connec= tivity, both among the public and infrastructure, make them a prime target = for cyberattacks. For the IOC, successful cyberattacks could have severe co= nsequences and bring harm to attendants, participants, and sponsors of the = Olympics. A precedent of impactful cyber incidents at one of the Olympic Ga= mes could also invite further adversary interest in future events, making i= t increasingly difficult to adequately secure the Olympics in the future.

    More importantly for South Korea, one of the world's most technologically a= dvanced and digitally connected countries, the 2018 Winter Olympics come at= a time of heightened geopolitical tensions. Therefore, the stakes are high= . A successful cyberattack during the Olympics would result in immense repu= tational loss for a nation that prides itself on being at the forefront of = technology.

    South Korea has also taken several steps to stabilise relations with its no= rthern neighbour during the Olympics, for example by having North and South= Korean athletes competing together. An attack or incident involving North = Korea could further destabilise relations and prompt a diplomatic crisis=E2= =80=94particularly in light of recent North Korean nuclear tests. Having a = cyber-safe Olympics is therefore not only in the best interest of South Kor= ea, but in the interest of us all.

    Erik Silfversten is an analyst and cybersecurity expert at RAND Europe.

    =20 =20
    =20

    More About This Commentary

    Commentary gives RAND researchers a platform to convey insights = based on their professional expertise and often on their peer-reviewed rese= arch and analysis.

    Related Content

    =09