Scandal is no stranger to the Olympic Games. Doping, collusion, corruption and other forms of cheating are sometimes as prevalent as the medals around the winning athletes' necks.
Few in the sporting world, however, have considered the possibility of the games falling victim to an online attack. Yet, for an attention-starved hacker or a politically motivated digital terrorist, what better forum exists than the Olympiad?
This is the weight placed upon systems integrators SchlumbergerSema, IT aggregator for the 17-day Summer Games, which take place next year in Athens, Greece. SchlumbergerSema's first foray into securing the Olympic IT infrastructure was for 2002's Winter Games in Salt Lake City. The Athens deployment, however, figures to be much more strenuous.
"Salt Lake City was a much smaller venue, and what we had to monitor was much smaller," said Yahya Mehdizadeh, SchlumbergerSema's director of managed security services. "We felt it was important to come up with a solution that scaled for Athens, Turin [site of the 2006 Winter Games] and Beijing [site of the 2008 Summer Games]."
SchlumbergerSema will run the IT operations center in Athens, including a test lab and data centers, in addition to training IT support staff. It will also develop Games Management Systems (GMS) applications that will support games logistics, such as accreditation, transportation, VIP events, staff and accommodations, among other things. Its Info Diffusion Systems (IDS) applications will supply international media and the games Intranet with real-time event results.
Keeping those systems and applications safe is going to be a proactive process, more so than in Salt Lake City, Mehdizadeh said. "In Salt Lake, security activities were manual processes. We saw a threat, followed it, and took action. We are going to automate as much as we can now, especially in terms of vulnerability assessment."
This could be an enterprise security framework any big business would do well to follow.
"We want automatic remediation in as many places as possible," he said. "If there's a weak password, we want to alert the user to change [it]. If there's an operating system bug, we want to automate patch deployment if a vulnerability is detected."
Mehdizadeh also said SchlumbergerSema's security management system, Dexa.Trust (announced during the recently concluded RSA Conference 2003 in San Francisco) monitors for more than vulnerabilities. It can detect external cracker attacks like site vandalism, denial-of-service attempts, port scans and attempts to overflow application buffers. System and network attacks, like attempts to hijack or compromise data, will also be monitored.
Dexa.Trust aids in the proactive nature of SchlumbergerSema's security strategy. It monitors firewalls and intrusion detection, and it includes forensic and threat responses. Included in Dexa.Trust is Integrated Security Administrator (ISA), a security monitoring and management tool that looks at log data and correlates security events to determine whether an attack is under way or a vulnerability present. It also recommends a remediation.
The correlation capabilities are especially important in Athens, where the IT infrastructure has grown exponentially. SchlumbergerSema will support 10,000 computers, 450 servers, 400 Unix boxes, 2,500 Intranet terminals and 2000 printers, as well as 10,500 athletes, 15,000 media members and more than 3,800 IT team members. All of those numbers are nearly double the totals that SchlumbergerSema supported in Salt Lake City.
Currently, 30 SchlumbergerSema staffers are in Athens beginning the initial implementations; up to 350 employees will be on hand for the games, in addition to more than 3,000 IT volunteers. Mehdizadeh said production deadlines for the applications begin in the third quarter.
"We are testing the events system to get it up and running," Mehdizadeh said. "By December, it should all be up and running, and we'll begin stress-testing the system."
FOR MORE INFORMATION:
FEEDBACK: Is Schlumberger's network implementation one to follow?
Send your feedback to the SearchSecurity.com news team.