Olympic IT Team Seeks Gold Security Standard
The IT security team for the 2006 Winter Olympics learned from the previous Games that they need to filter and correlate their network alarms with more specificity--and that the insider
November 18, 2005
It wasn't just the number of alarms in Athens that forced the IT team to take a second look at alarm filtering, but where the alarms came from. The team--like many commercial enterprises--concluded that the real threat was within the network, not outside. The perceived attackers were mostly authorized users unplugging the Olympics workstations and replacing them with their own laptops--a blatant no-no, but not necessarily a black-hat attack. The team's main concern is filtering through these benign threats to focus on attackers attempting to sabotage competition results and other sensitive information. But, Noblot says, "[intruders] are not going to tell you they were trying to hack you, so it's difficult to know the true intent" of the trespass.
Millions of raw, uncorrelated security alarms went off in Athens, Noblot recalls, but only 22 correlated alarms were actually critical. "Of those 22, none had an impact on the Games," Noblot says. "We were seeing the alarms and knew people were not getting into the network."
Noblot and his team have since written more detailed scripts with their Computer Associates' eTrust Security Command Center event monitoring tool, which filters and manages network event information.
"We did a good job generating alarms, filtering false positives and aggregating them in Athens, but based on our experience there, we can go even further in correlating events," Noblot says. "We're pushing the logic one step further."
The timing of an alarm is one characteristic that helps filter and correlate the real attacks. An alarm that comes during the pairs skating or snowboarding competition, for instance, might signify an attempt to tamper with the electronic reporting of times or judges' scores, Noblot says.
Streamlining and improving alarm quality will help the IT security team more efficiently deploy its manpower at the Games, Noblot says, not to mention lightening the load on the staff. "If they are busy chasing ghosts, they're not likely to find a real problem," Noblot says.
The 2006 Winter Games network is smaller, but has an architecture similar to the Summer Games network in Athens: virtual LANs, DMZs, wireless LANs and Cisco switches and routers. This time around, the backbone is a pure SDH (Synchronous Digital Hierarchy) Sonet ring, rather than a combination of Sonet SDH and frame relay. The Atos team also has deployed the requisite firewalls and IDSs, as well as a new authentication system that manages and applies access policies. It's based on LDAP and Microsoft's Active Directory, and uses Sun's Java System Identity Manager for provisioning users.Aside from smarter alarm filtering and tighter authentication, the Winter Games IT security team will more closely monitor traffic to prevent denial-of-service attacks. In Athens, the team did most of its DoS monitoring with eTrust, analyzing the types of traffic coming in and out of the network. But looking for suspicious traffic sources alone doesn't always work--some exploits use familiar traffic types such as HTTP.
So this time around, the security team will closely watch the quantity of traffic, too. "We are in the process of defining thresholds of how much is too much," Noblot says, looking at trends such as bandwidth utilization. "If the amount of traffic exceeds the threshold, that would generate an alarm because someone might be playing around."
Beyond our Control
Then there's the weather. Extreme, unpredictable winter conditions in the mountainous terrain at the Winter Games in Italy can wreak havoc on technology.
"It's not a friendly IT environment, with freezing, humidity and small, temporary structures for our IT systems in the mountains," Noblot says. And if a ski competition is rescheduled due to heavy snow or visibility problems on the mountain, the IT team must update its alarm-filtering parameters to reflect the new competition times.Final preparations are under way before the Olympics network goes live in mid-January, says Claude Phillips, program director for the Olympics and for Atos Origin. Next month, IT will run a round of tests that will simulate the Winter Games and will include problem scenarios to see how the IT and security teams react.
"So when we finish, we will have stressed the system and the people to the maximum, and we'll be ready to go with the operation," says Patrick Adiba, executive vice president of Olympics and major events for Atos Origin.
Yan Noblot, Security Manager,
2006 Winter Olympic games
Yan Noblot, 30, is information security manager for the 2006 Winter Olympic Games in Torino, Italy, and IT security manager, Olympics and major events, for Atos Origin, integrator for the Olympics networks. He's responsible for defining, implementing and monitoring security, and identifying and preventing attacks on the Olympic network. Noblot served in the same role in the 2004 Summer Games in Athens.How the Olympics network is just like any other corporate network: "It's critical for the business, and the [chief security] threat comes from inside."
How it's not like any other corporate network: "During 16 days, it supports the world's most visible event."
Why no wireless LANs are allowed in the Olympic event venues: "Even with all of the encryption and public key technology you can put on top of wireless now, confidentiality is still a problem. You can't completely prevent someone from coming into a venue with a jammer."
What still amazes me about the Olympics: "The way the Olympic city changes before the Games. From a large construction project, it becomes a splendid arena. Really impressive."
My Olympic dream: "Judo. I have practiced it for 14 years."Comfort food: "Italian and French food. Especially pasta in this area."
Favorite hangout: "My place here in Torino."
Moving from city to city: "I arrived in Torino a year ago, right after the Summer Games in Athens. And I'm going to leave right after the Paralympics and go to the next venue. I really enjoy discovering and living in different cultures."
Languages: "I speak French and English. English is a very strong requirement in this international environment. Greek [for example], is a really complex language, so you have to impose a universal language [at the Olympics], which is English."
After-hours at the Olympics: "I spend time with my family."Next career: "Another challenging position. Here at the Olympics, the challenge is running a very critical project with high visibility--you can't fail. There are other kinds of pressures and challenges in other jobs."
In my car CD player right now: "Varekai (Cirque du Soleil)."An Olympian Effort to Weigh Risk and Cost
Selling an IT security project is never easy, even for a high-profile global IT operation such as the Olympic Games. The Olympic IT security team was able to win approval for the Winter Games' new identity-management system by talking risk rather than return on investment.
"We weigh risk and that's it. ... It's always difficult to have an ROI with security, especially for the Olympics," says Yan Noblot, information security manager for the 2006 Olympic Winter Games and IT security manager, Olympics and major events, for Atos Origin, integrator for the Olympics networks. "It's all about visibility: You have the pride of the host city and other things that are difficult to quantify."
Any spending proposals for the Olympics are scrutinized closely. "The Olympics run on a very tight budget, tighter than any corporation," says Patrick Adiba, executive vice president of Olympics and major events for Atos Origin. Adiba says IOC (International Olympic Committee) rules prevent him from disclosing actual budget numbers or IT expenditures.An IT security project such as the purchase of Sun's Java System Identity Manager for the Games typically gets the green light when the IOC, the local Olympic Organizing Committee and Atos determine it would be riskier not to purchase the proposed security technology, Noblot says.
One way the Atos Olympic team saves money is by recycling some of its software, technology experience and operational procedures, such as crisis management, software deployment and security architecture from the previous Games. "We capture knowledge from one Olympic Games to another and reuse it, which is valued by the Olympic committee," Adiba says. "But we still must rebuild the whole network from scratch every time." The team can't reuse the network infrastructure from one Olympic city to another.
There will be 1,200 IT people on hand in February at the Winter Olympics in Torino, Italy. About 250 of them will be Atos employees (the rest will be vendors and volunteers).
You May Also Like