LONDON 2012: CYBER SECURITY SHARING OUR EXPERIENCES Oliver Hoare Former Head of Cyber Security Government Olympic Executive UNCLASSIFIED 1
GREAT BRITAIN CONGRATULATES TOKYO 2020 UNCLASSIFIED
THEMES Scale and scope Strategy and governance Assurance, testing and exercising Response Reflections and the future 3
UNCLASSIFIED 4
THE FIRST DIGITAL GAMES BBC Sport broke all previous records with 55m global browsers (35m in the UK) London 2012 website 4.73 billion web page views (109m unique users in Games time) BT and Cisco provided the largest high-density Wifi network in the World (around the Olympic Park) Online video 106m requests across all platforms (more than double of any previous event) Unprecedented use of Wifi, mobile, RF, IP and digital services UNCLASSIFIED
ROLE OF TECHNOLOGY Reputation Increased reliance Spectator experience High expectations Global audience Showcase for a nations capability What s new? (innovation) UNCLASSIFIED
THREAT AND RISK Reputational risk Scale / pressure to deliver Errors / things going wrong Hostile threats Cyber crime Cyber espionage (APT) Cyber terrorism Cyber activism / Hacktivism Strategic Risk Assessment 23 Strategic Cyber Risks identified Senior Risk Owners 7
STRATEGY OVERVIEW Integrated strategy and risk assessment 30 point Cyber-Security action plan Governance Ministerial / Senior Programme / Assurance / Technical Operational / Response (OCCT/CERT) Assurance strategy Critical systems Testing and exercising Police Activity Operation Podium Stakeholder engagement (Government, industry, sponsors, broadcasters, transport and utilities, public) UNCLASSIFIED
GOVERNANCE STRUCTURE British Olympic Association Greater London Authority (Mayor) International Olympic Committee London Organising Committee for Olympic and Paralympics Games (LOCOG) LOCOG Olympic Board Government / Olympic Security Directorate Olympic Delivery Authority INFRASTRUCTURE DESIGN & CONSTRUCTION TRANSPORT 9
GOVERNANCE AND STAKEHOLDERS Ministers (Olympic Ministers, Home Secretary, Prime Minister, Mayor) Government Olympic Executive Overall lead, assurance & finance Home Office Security lead Senior ICT Leaders Group (Director & CIO level) Information Assurance & Cyber Security Co-ordination Group Other key cyber stakeholders Technology supplies/ utilities/ transport MSP Forum (CPNI) Managed Service Provider Forum TISAC Telecommunication Industry Security Advisory Forum Broadcasters (national, international and Olympic) IBC/MBC Olympic sponsors Public / spectators / overseas visitors 10
London 2012 IA Strategy/Programme Command, Control and Comms (C3) architecture / testing & exercising London 2012 Information Assurance Organisations Operations Centres Venues Critical Supporting systems
COMMAND, CONTROL & COMMUNICATIONS (C3) Core Briefing Team Olympic Coord. Group S tariat Cabinet Office Briefing Rooms Sit. Cell News Coord. Centre MIG Main Operations Centre Venues Villages and Precincts Delivery Partners Func. Areas Force Control Rooms (Outside London) NOCC Partners OIC National Olympic Coordination Centre NOCC Comms Desk Force Control Room E.g. Lambeth SOR (GOLD) GLA Press Desk London Operations Centre GLA Group Services (eg Live Sites) Prot. Coord. Office NCCCT OCCT Modal Operators Transport Coordination Centre Snr. Officers Group LAOCC Mayor s Office Version 0.9.4
OLYMPIC CYBER CO-ORDINATION TEAM UK Joint team brought together establishing the first dedicated Olympic CERT 13
TECHNOLOGY OPERATIONS CENTRE 600 Staff 24/7 Operated by LOCOG Technology Team Jointly staffed by BT, Atos and CISCO (Omega other sponsors) Secure comms direct to Olympic CERT Back up (Hackney College) 14
CRITICAL SYSTEMS Surveyed approx 450 Olympic specific and supporting systems Identified 40 critical systems Criteria: risk to public safety impact on sporting event quality and ability to broadcast impact on spectator experience damage to reputation of UK Multi layered assurance (questionnaires, visits, inspections, games readiness statements) Non-critical systems! 15
TESTING AND EXERCISING FLAMING TORCH - programme of table top exercises BENDING METAL - specific cyber / CERT testing Command Post Exercises fully integrated testing LIVE EX (exercise) Torch relay Technical rehearsals test events 16
WHAT WE SAW London 2.35 billion security system messages logged (Beijing reportedly 12 billion security events) Blocked 200 million malicious connection requests, 11,000 per second in one Distributed Denial-of- Service attack. Olympic Website 493,000 peak concurrent users OCCT & TOC 50 tickets raised each Virus during construction (Conflicker) DOS & DDOS (Olympic Website, government sites, other sites) Theft of cable and high value components Spoof websites/e-mail scams (tickets, accommodation and merchandise) 200 arrests under PODIUM (approx 100 related to online crime) Laptop thefts Evacuation of TOC Flooding - evacuation of Police control centre Two national level cyber response incidents - Opening ceremony national level response (COBR) 17
LESSONS FROM LONDON 2012 What we got right Testing & exercising C3 / Olympic CERT Blend between government and industry Spectrum allocation Right technology partners (BT, Atos, Cisco etc) Broadcasting (digital) is a critical Utilities generally a low level threat, but potentially very high impact manual resilience / C3 What we learned ICT is very expensive, particularly to retrofit (get it right first time) Build Cyber-Security from very beginning, preferably into contracts Build relationships with commercial providers and Government early Co-ordination across many different systems and sectors is hard but crucial (Information Assurance and Cyber Security Coordination Group / Senior ICT Group / Olympic Cyber Coordination Team) 18
COULD WE HAVE DONE IT BETTER? Started earlier Built information assurance into contracts at an earlier stage Establish senior governance and leadership in place earlier Better/earlier engagement with Ministers on cyber issues Appointed an independent overarching partner to assure cyber security Heavily reliant on technology sponsors (inevitable) If a national CERT in place, would not needed to create one Considered cyber issues in terms of insurance (e.g. lost of broadcast, or other major services) Online ticketing some issues with website (almost inevitable) Delivered the most connected Games ever 19
WHAT S COMING DOWN THE TRACK FOR TOKYO 2020? Lessons from Sochi and Rio? Technology the internet of things HD, 3D & Super High Vision broadcasting (limited use during London - outdoor broadcasts live sites) 4G/LTE and very high volume of mobile smartphone/tablets Interactive technologies Cyber threat for Tokyo? Global political situation in summer 2020 - expect protest and hacktivism Espionage does it matter? Cyber crime - it will happen! Cyber terrorism? 20
EXPERIENCE AND EXPERTISE WE CAN SHARE UNCLASSIFIED
UK CYBER SECURITY EXPERTISE Advise develop security policy, programme strategy, risk management & audit methodology Assure Validate, verify and accredit capability (Confidentiality, Integrity & Availability) Educate & train build knowledge, skills and know-how Services run solutions on behalf of customers Integration holistic and integrated programme delivery (design specification programme operations) Architecture & Design design secure, robust and resilient systems and services Security Management integrate effective and agile security management across an organisations Surveillance & reconnaissance observe behaviours and identities of users and platforms Incident Management Effective co-ordination and crisis management, to ensure systems recovery and data cleansing Venue Security Operations - Acquire, store, analyses and visualise very large and complex datasets Social Media Analysis Capture and analyse of social network activity Forensics Extract, secure and analyse data to evidential standards Transactional Protection End to end security for information transactions, across variable trust environments Trusted platforms Ensure integrity of hardware systems Identify & Authenticate Capture, store and manage identity data, authentication Infrastructure creating secure storage, processing and communications capacity with resilient supporting infrastructure UNCLASSIFIED 22
GREAT BRITAIN CAN HELP SECURE YOUR MAJOR EVENTS AND PROGRAMMES UNCLASSIFIED 23