Physical security will be highly visible when the summer Olympic games open in Athens Aug. 13, but, behind the
scenes, a small army of IT professionals will be working to guard against digital intrusions that could enable or amplify a real-world attack.
"It's not like other projects where you can try again after having difficulty the first time," said Jean Chevallier, who is charged with securing the Olympic IT infrastructure. "You can't do a 'redo' here after the start date. And the games cannot happen without your systems in place."
As executive VP for the Olympic Games Program at Atos Origin, the French company contracted to run the Olympics' IT infrastructure, Chevallier knows that the entire world will have security on its mind during the Olympic fortnight.
"The biggest challenge is speed," said Bruce Schneier, CTO of Counterpane Internet Security. "Security is a process, and the Olympics happen too quickly for a process to develop. The entire network needs to come together quickly, be used extensively and then disappear. This makes it harder to get things right. The Olympic network is like any other high-profile network: There are a lot of people who would love the bragging rights of hacking the network."
Chevallier and his team don't want a repeat of the security incidents during the 2002 Winter Games in Salt Lake City. Though most never heard about it, more than one (Olympics officials won't say how many) virus or worm entered the IT network through e-mail attachments enabled by hapless users. Fortunately, the malware caused only a few minor glitches.
And Al Decker, who oversaw IT security for the 1998 Winter Games in Nagano, Japan, said that event's Internet-connected network received a million hits per minute during peak periods, which equated to 100,000 possible attacks per hour.
The Olympic's IT network will support 10,500 servers and workstations at 36 competition venues and 26 housing and administrative centers. More than 200,000 people will have access to the network, including athletes, coaches, VIPs, corporate sponsors and national Olympic committees. In all, more than $420 million will be spent on IT operations and security.
Atos's Info Diffusion System -- including INFO 2004 and the Commentator Information System applications -- will relay real-time results data to media and commentators around the world. The main risk to this infrastructure is an attack -- from inside or outside -- that would drastically alter competition results before or during an event. Atos will allow only approved devices on the network, which will be segregated into security domains, with Atos filtering and monitoring traffic between each domain. Firewalls, IDSes and router ACLs comprise a defense-in-depth security infrastructure, and, unlike the Utah experience, the network won't be connected to the Internet.
To monitor network activity and screen for intrusions, Atos will deploy Computer Associates' eTrust Security Command Center, which gathers and filters information from firewalls, routers, antivirus and other security devices. The 200,000 users will go through rigorous background checks and credential verification. A centralized authentication/access control system will monitor network usage at all times.
DENNIS MCCAFFERTY is a freelance journalist who has contributed to Salon, ABCNews.com, Homeland Security Today and other publications.