Athens Olympics braced for wave of cyberattacks

The Athens Olympics organisers are bracing themselves for a wave of cyberattacks once the games are under way, but they insist that a physical breach of security still represents the biggest threat.

The Athens Olympics organizers are bracing themselves for a wave of cyberattacks once the games are under way, but insist that a physical breach of security still represents the biggest threat.

The International Olympics Committee (IOC) outsourced its IT to Atos Origin for the four winter and summer games that began with the Salt Lake City winter games in 2002 and will end with Beijing in 2008.

Atos Origin said the Olympics IT network was subject to "hundreds" of external probes and attacks in Salt Lake City and it is expecting similar levels of attention from hackers this summer in Athens.

Yan Noblot, information security manager at Atos Origin, told silicon.com: "We caught a lot of internet activity such as people scanning the firewall."

In Athens, his team will be responsible for sifting through some 200,000 alerts from system logs each day and prioritizing them into ones that need investigation.

"The main activity is monitoring to identify abnormal behavior – then we trigger an incident response process."

But he said the biggest threat is not an IT but a physical security threat where, for example, someone bribes a worker to gain an official accreditation pass that gives them access to venues and facilities. Threats taken into account include not only the obvious terrorism one but also anti-capitalist protests against the commercialization of the games, he said.

"A breach in accreditation can result in a breach in physical security so it is very critical."

Although questions remain about whether some of the venues will be ready for 13 August, the IT planning is on course with a second technical rehearsal using some of the venues and simulating the four busiest days of the games taking place on 14 June. One of the biggest IT investments is a €255 million (US$450.6 million) Command and Control security system.

By the start of the games some 200,000 people-hours of testing will have been completed and 10,000 defects are expected to be found and corrected.

The infrastructure itself is fairly tried and tested with a policy of keeping complexity and risk down by only introducing new technology where it is essential. As such the platforms of choice are Unix and Windows, with Linux not getting a look-in.

Noblot said: "A good way to mitigate project risks is to reuse architecture and systems. When we started Linux was very small. In Salt Lake City we used Windows NT4 and now we have Windows 2000."

The IT for the 60 venues, 10,500 athletes and 21,500 media representatives includes 10,500 PCs and 1,000 servers. This will be supported by some 1,400 Atos Origin staff and 2,000 IT volunteers who have been through police background checks and accredited for the games to work in low-level support positions.