Why the 2018 Winter Olympics Are the Perfect Storm for Cyberattacks


Feb 12, 2018

Opening Ceremony of the 2018 Winter Olympics in Pyeongchang, South Korea, February 9, 2018

Opening Ceremony of the 2018 Winter Olympics in Pyeongchang, South Korea, February 9, 2018

Photo by Pawel Kopczynski/Reuters

This commentary originally appeared on Wired UK on February 11, 2018.

Cybersecurity has been a longstanding concern for the International Olympic Committee (IOC) and host nations of the Games since the early 2000s. Previous Olympic Games have had to contend with a multitude of cyber threats, from the London 2012 Olympics—which experienced thousands of intrusion attempts and one false-alarm threat to the power grid—to the Rio 2016 Olympics, which experienced a variety of hacks, including disclosures of athletes' personal data.

However, the 2018 Winter Olympics in Pyeongchang, South Korea, present further cybersecurity challenges, not just due to its location—80 kilometres from the border with North Korea—and geopolitical tensions, but also due to major sporting events now becoming increasingly connected and integrated with technology.

The increased connectivity and use of technology has opened the Games up to more vulnerabilities and potential cyberattacks.

The increased connectivity and use of technology has opened the Games up to more vulnerabilities and potential cyberattacks. Not only are the Olympic Games available to view worldwide through a variety of broadcasting platforms, but smart technologies are now also increasingly used in the performance and judging of the sports themselves.

While most of the previous attacks have focused on ticket scams, availability of IT services, and personal data, there are now more substantial cyber threats to stadium operations, infrastructure, broadcasting, and participants and visitors to the Games. There might also be cyberattacks that compromise devices to spread propaganda or misinformation.

More recent Olympic Games have experienced attacks on broadcast operations and power systems seeking to limit viewer access to live broadcasts. For example, the 2012 London Olympics were hit by Distributed Denial of Service (DDoS) attacks from both alleged nation-state hackers and hacktivists. While these attacks have had limited success, it is possible that large-scale disruptions to broadcasting could have severe consequences to events that rely on a large global audience and sponsorship.

Cybersecurity experts have already expressed concern over a number of cyber threats to Pyeongchang, particularly in relation to nation-state activity. South Korea has previously accused North Korea of cyberattacks on the country, including one in 2013 that wiped numerous hard drives at South Korean banks and broadcasters. Last month, a cybersecurity firm also uncovered a sophisticated and targeted cyberattack aimed to steal data from South Korean organisations associated with the Games.

Communications could be at risk of surveillance by nation-state actors for either geopolitical gain or to gain a competitive edge in the competitions.

There have also been warnings of the possibility that communications or mobile networks are being monitored in the run-up to the Games. Communications could be at risk of surveillance by nation-state actors for either geopolitical gain—given the number of high-profile attendees from the 92 participating nations—or to gain a competitive edge in the competitions. Network monitoring could also be used to target individuals or organisations in order to steal credentials or financial information. This is particularly relevant as North Korea has recently been accused of conducting widespread campaigns to steal cryptocurrency assets.

However, these cyber threats extend beyond North Korea. Fancy Bear, a hacking group believed to be linked to the Russian government which rose to prominence in 2016 after it released sensitive data on Olympic athletes stolen from the World Anti-Doping Agency (WADA), continues to pose problems. In January 2018, one cybersecurity firm discovered spoofed domains imitating the WADA, the U.S. Anti-Doping Agency and the Olympic Council of Asia, which were likely to be associated with the group.

In response to these threats, the South Korean government and Pyeongchang organising committee have invested around £850,000 into cybersecurity measures, as well as hiring a number of external cybersecurity firms during the Games. However, these investments are dwarfed by the overall investment into the Games and its associated infrastructure, which has exceeded £7 billion. The cyber threat has also prompted organisations such as Discovery Communications, the European broadcaster for the Games, to take out cyber insurance to cover in case of a cyberattack.

However, deploying cybersecurity measures across an event as large as the 2018 Winter Olympics is an exceedingly difficult task. Previous Olympics have shown that information-sharing across the government, organising committees, IOC, media companies, IT service delivery firms and other organisations is incredibly challenging, but at the same time crucial to security. For example, both the 2012 London and 2016 Rio de Janeiro Olympics set up dedicated organisational structures to coordinate security work and facilitate information exchange, but it is still unclear whether the South Koreans have followed this practice.

It will also be the responsibility of individuals that are taking part in the Games, either as spectators or participants, to ensure that they are not compromised. Simple measures such as switching off the Wi-Fi and Bluetooth connections of devices when not in use, using a credit card to pay for online goods and services, updating the software of devices, and using strong PINs and passwords can all help.

The Olympic Games could invite the most severe cyber threats to a major sporting event in recent years. The location of the Games and increased connectivity, both among the public and infrastructure, make them a prime target for cyberattacks. For the IOC, successful cyberattacks could have severe consequences and bring harm to attendants, participants, and sponsors of the Olympics. A precedent of impactful cyber incidents at one of the Olympic Games could also invite further adversary interest in future events, making it increasingly difficult to adequately secure the Olympics in the future.

More importantly for South Korea, one of the world's most technologically advanced and digitally connected countries, the 2018 Winter Olympics come at a time of heightened geopolitical tensions. Therefore, the stakes are high. A successful cyberattack during the Olympics would result in immense reputational loss for a nation that prides itself on being at the forefront of technology.

South Korea has also taken several steps to stabilise relations with its northern neighbour during the Olympics, for example by having North and South Korean athletes competing together. An attack or incident involving North Korea could further destabilise relations and prompt a diplomatic crisis—particularly in light of recent North Korean nuclear tests. Having a cyber-safe Olympics is therefore not only in the best interest of South Korea, but in the interest of us all.

Erik Silfversten is an analyst and cybersecurity expert at RAND Europe.

More About This Commentary

Commentary gives RAND researchers a platform to convey insights based on their professional expertise and often on their peer-reviewed research and analysis.