If you think defending your company’s network from security attacks is a full-time job, imagine having to pull together a team to protect one of the largest, yet temporary, networks of all time. That’s exactly what BT Security was asked to do for the 2012 Olympic Games in London.
BT Security’s CEO Mark Hughes described the trials and tribulations of such a task during Cisco Live earlier this year as part of Cisco SVP Chris Young’s security keynote session.
“In order to put a tangible face on IT security for you, Mark is going to tell us how he and his team defended one of the largest, most publicly watched events in the world,” Young said when introducing Hughes. BT Security provided IT security for the 2012 Paralympics Games in London as well. Young asked Hughes to set the stage for the audience.
“We almost had to rewrite the rule book of how we delivered the technology for these Olympic and Paralympic games,” Hughes said. “Believe you me, from 2008 to 2012, so much changed in our world with the sophistication of the threats that we’re facing, the sophistication of the malware out there, and the proliferation of devices. I mean, iPads weren’t even around in 2008.”
The voice infrastructure and the IP network were separate at the last Olympic Games held in Beijing in 2008, according to Hughes. “So this is the first time that we truly brought together voice, data, and also broadcast services onto one network,” he said. “It was enough infrastructure for a small city.”
According to Hughes, the enormous task of providing all those services securely required best-of-breed technology. They started planning and placing the initial infrastructure for it back in 2008. For the 2012 Olympic and Paralympic games, Hughes and team had to provide services to 94 different venues across the United Kingdom.
“Our big, big conundrum was how to pull all that together,” Hughes said. “Any failure in terms of infrastructure not performing, not being secure enough, not being able to deal with those threats, and the impact on services really was not an option. It had to work. It had to work all the time.”
For the 2012 Olympic and Paralympic games in London, BT Security dealt with many threats among the 2.31 billion analyzed events, 50 terabytes of web traffic, and 77 incident tickets. Threats included daily hacktivism campaigns, one attack with 11,000 malicious web requests per second, and 212 million malicious connection attempts blocked.
During the summer of 2012, hacktivism, hacking computer networks to promote political ideas, was gaining popularity with the hacker Anonymous in the news. Hughes said they knew the Olympic and Paralympic games were going to be huge targets for hacktivists because of the global audience watching.
“We spent four years planning and designing an infrastructure to be ready for the day the opening ceremonies took place, “Hughes said. “Being able to defend against and, indeed, detect and remediate in real time is as much about the site as it is about the people that have rehearsed for months. Making sure the teams really understand what is going on and that the security teams are ready, cheek by jowl, with the network team as well was essential.”
Some attacks last summer that Hughes and team defended were constant, mainly denial-of-service attacks. Others were ever more complex. “We were ready to respond through lots of detailed rehearsals, right up to the day the games began,” Hughes said. “Once the games started, we saw an increasing sophistication of attacks. The threats were changing, so we had to be ready to respond.”
Hughes was amazed how efficiently his team was able to respond to literally billions of events that they analyzed on a daily basis. That security information was then turned into actionable items, actual intelligence, and remediated.
“One thing that I took away from being responsible for the security of the Olympics and Paralympics games was about how the paradigm has changed,” Hughes said. “It is no longer about big defenses. It’s about actually being able to be right in the middle of that network traffic, monitoring all the time, and then being able to spot those anomalies and then doing something about it pretty quickly.”
When Young asked Hughes about some of the unknowns or surprises his team encountered, Hughes said one of the most interesting challenges during the Olympic Games was dealing with the security threat posed by accommodating 30,000 reporters from across the globe who each had their own devices.
“It might not sound particularly dramatic, but in retrospect, it had to be the most challenging Bring Your Own Device situation that you can imagine,” Hughes said. “We had journalists come in with their devices then started appearing with infected machines and our IP address range was broadcast pretty quickly as being a sort of a malware, which, of course, caused us some problems quite quickly.”
Through quarantine of those devices, security threats were minimized, and journalists were able to post their reports. “Though that was one thing we hadn’t seen coming, we were able to remediate and respond very quickly,” Hughes said.
When Hughes took on the task of providing IT security for the Olympic Games, he soon realized he would need cutting-edge technology to succeed.
“We needed something that could take information, synthesize it with other network information, with Netflow for instance, bring it in, and turn it into a cyber defense operation so we could have that real-time anomaly protection,” Hughes said. “Being able to take that network information and then actually have a defense in real time and see what’s going on is really the next frontier.”
“So that’s what we learned. You can’t simply sit back and hope the defense controls we had in the past are going to work,” Hughes said. “They are going to be very important, but we need to do more than that.”