Resilience, Peace and Security

How to protect the 2020 Olympics from cyberattackers

A man walks past the Olympic Rings as he walks out of the 133rd International Olympic Committee (IOC) session in Buenos Aires, Argentina October 8, 2018. REUTERS/Marcos Brindicci - RC1C7F042AF0

More than ever, planners of major events must consider the cybersecurity threat landscape Image: REUTERS/Marcos Brindicci

Share:
Our Impact
What's the World Economic Forum doing to accelerate action on Resilience, Peace and Security?
The Big Picture
Explore and monitor how International Security is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:

International Security

This article is part of the World Economic Forum's Geostrategy platform

The Olympic Games are a target-rich environment for cyberattackers, drawing athletes, attendees, and media coverage from around the world.

Japan's vision to become the most advanced urban technology metropolis in the world underpinned its bid to host the 2020 Olympics, but an increasing dependence on technology with each successive Olympic Games signals a shift toward an unpredictable, complex, and contested cyber threat environment.

More than ever, security planners must consider the cybersecurity threat landscape if they are to effectively mitigate threats, apportion limited resources, and host a resilient, safe, and secure Olympic Games.

To support the security goals of Tokyo 2020, the RAND report Olympic-Caliber Cybersecurity. Lessons for Safeguarding the 2020 Games and Other Major Events, characterizes the cybersecurity threats that are likely to pose a risk to the games and presents a series of policy options to guide planners and other stakeholders in addressing them.

The analysis involved a risk assessment synthesizing qualitative and quantitative data on the threat landscape and lessons from prior Olympic Games.

A key contribution of this research is a visualization of this threat actor typology that provides an at-a-glance overview to guide Olympic security planners, computer emergency response teams, and policy- and decisionmakers as they prioritize and address cybersecurity threats in the lead-up to Tokyo 2020.

Key Findings

Cyber threats are a growing concern for Olympic planners, and past games hold valuable lessons for Tokyo 2020

The increasing dependence on technology and a proliferation of adversary tools to exploit vulnerabilities in systems and networks make the Olympic Games a target-rich environment for cyberattackers.

The consequences of a cyberattack on the Olympic Games include financial losses, physical harm to participants and attendees, property damage, the compromise of personal information, and damage to the host country's reputation.

There have been no successful large-scale, high-impact attacks on prior Olympic Games; experiences from these and other international events offer potential lessons for Tokyo 2020 planners.

A key characteristic of past Olympic cybersecurity planning efforts has been coordination and collaboration among a range of stakeholders, including the private sector.

Six types of threat

The typology of threat actors revealed six types of actors with the potential to pose a risk to the Tokyo 2020 games: cyber criminals, insider threats, foreign intelligence services, hacktivists, cyberterrorists, and ticket scalpers.

Motivations vary with the type of actor, but a streamlined classification of profit, ideology, and revenge captures the motivations for most attacks.

Foreign intelligence services and other state-sponsored attackers rank at the top in terms of sophistication and level of risk to the games.

The risk analysis methods and threat actor typology developed for Tokyo 2020 offer a valuable basis for future research to support the cybersecurity goals of other high-profile international events.

Recommendations

  • Plan early to ensure ample time to assess event-specific threats, shape a community of stakeholders and build trust among them, and establish mechanisms and processes for information sharing, incident reporting, and problem resolution.
  • Cooperate and share information with all cybersecurity stakeholders, including the private sector, to effectively mitigate cybersecurity risks.
  • Ensure that all stakeholders understand the mission and work toward a common goal, bolstering trust and a commitment to information sharing.
  • Define stakeholder roles and responsibilities, and revisit them throughout the planning process, to help stakeholders understand how best to contribute and whom to contact when changes or incidents arise.
  • Allocate resources appropriately to reduce cybersecurity risks, prioritizing threat types and threat actors as needed to apportion these investments.
  • Deter the riskiest adversaries with a targeted cyber defence campaign. For example, a publicly documented cybersecurity exercise to showcase defensive preparations might deter attacks altogether or convince attackers that the costs of executing an attack are too high, the chances of success are too low, and the prospective retaliatory costs are unbearable.
  • ive preparations might deter attacks altogether or convince attackers that the costs of executing an attack are too high, the chances of success are too low, and the prospective retaliatory costs are unbearable.

Olympic-Caliber Cybersecurity. Lessons for Safeguarding the 2020 Games and Other Major Events, Cynthia Dion-Schwarz, Nathan Ryan, Julia A. Thompson, Erik Silfversten, Giacomo Persi Paoli, the RAND Corporation

Have you read?
  • How can we fight back against cyber criminals?
  • What to do about a challenge like cyberattacks
Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Related topics:
Resilience, Peace and SecurityCybersecurity
Share:
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

The Horn of Africa's deep groundwater could be a game-changer for drought resilience

Bradley Hiller, Jude Cobbing and Andrew Harper

May 16, 2024

About Us

Events

Media

Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum