Athens prepares Olympic cybersecurity

As Greece gears up for the summer Olympics 2004, a massive IT operation is underway to protect the Games online

The Athens Olympics organisers are bracing themselves for a wave of cyberattacks once the games are under way, but insist that a physical breach of security still represents the biggest threat.

The International Olympics Committee (IOC) outsourced its IT to Atos Origin for the four winter and summer games that began with the Salt Lake City winter games in 2002 and will end with Beijing in 2008.

Atos Origin said the Olympics IT network was subject to "hundreds" of external probes and attacks in Salt Lake City and it is expecting similar levels of attention from hackers this summer in Athens.

Yan Noblot, information security manager at Atos Origin, told "We caught a lot of Internet activity such as people scanning the firewall."

In Athens his team will be responsible for sifting through some 200,000 alerts from system logs each day and prioritising them into ones that need investigation.

"The main activity is monitoring to identify abnormal behaviour -- then we trigger an incident response process."

But he said the biggest threat is not an IT but a physical security threat where, for example, someone bribes a worker to gain an official accreditation pass that gives them access to venues and facilities. Threats taken into account include not only the obvious terrorism one but also anti-capitalist protests against the commercialisation of the games, he said.

"A breach in accreditation can result in a breach in physical security so it is very critical."

Although questions remain about whether some of the venues will be ready for 13 August, the IT planning is on course with a second technical rehearsal using some of the venues and simulating the four busiest days of the games taking place on 14 June. One of the biggest IT investments is a €255m Command and Control security system.

By the start of the games some 200,000 people-hours of testing will have been completed and 10,000 defects are expected to be found and corrected.

The infrastructure itself is fairly tried and tested with a policy of keeping complexity and risk down by only introducing new technology where it is essential. As such the platforms of choice are Unix and Windows, with Linux not getting a look-in.

Noblot said: "A good way to mitigate project risks is to reuse architecture and systems. When we started Linux was very small. In Salt Lake City we used Windows NT4 and now we have Windows 2000."

The IT for the 60 venues, 10,500 athletes and 21,500 media representatives includes 10,500 PCs and 1,000 servers. This will be supported by some 1,400 Atos Origin staff and 2,000 IT volunteers who have been through police background checks and accredited for the games to work in low-level support positions.