Rising Cyber Threats at Major Events
In recent years, cybersecurity threats have become a pressing concern, especially during high-profile events. The London Olympics in 2012 marked a significant turning point in how we perceive and address these risks. Just before the opening ceremony, security services warned of a potential cyber-attack on the power supply by a hacktivist group. Although this particular threat did not materialize, the 2012 Olympics faced daily cyber-attacks, including well-organized and automated Distributed Denial of Service (DDoS) assaults. These incidents underscored the increasing sophistication of threat actors and their methods.
Fast forward to the 2022 Beijing Olympics, and the situation has escalated dramatically. The number of security events skyrocketed to 3 billion, reflecting broader trends in cybersecurity. Not only do events like NATO summits face similar cybersecurity threats, but they also illustrate the growing diversity and resourcefulness of cybercriminals, hacktivists, and state-sponsored actors. This evolution highlights the urgent need for enhanced cybersecurity measures to protect critical infrastructure and prevent significant disruptions.
The Persistent Threat to Critical Infrastructure
The potential for cyber-attacks on essential services was vividly demonstrated when Ukraine’s energy supply was successfully targeted by the BlackEnergy group in 2014. Such attacks have continued to pose a severe threat to critical infrastructure. In 2023, both Danish and Ukrainian energy sectors were compromised, alongside several water utilities. These incidents indicate a worrying trend: an increasing number of threat actors are now targeting Operational Technologies (OT), which include Industrial Control Systems. Future high-profile international events must consider these risks and develop robust strategies to mitigate them.
The rapid pace of digital transformation has only exacerbated these vulnerabilities. The proliferation of Internet-of-Things (IoT) devices has expanded the number of connected assets within organizations, creating more potential entry points for cyber-attacks. The advent of artificial intelligence has further accelerated response times to global vulnerabilities in hardware and software. Consequently, organizations have become part of complex, interconnected ecosystems where the failure of one component can have cascading effects. This interdependence necessitates strong collaboration and coordination across all sectors, including small and medium-sized enterprises (SMEs).
Building Resilience Through Collaboration
To effectively manage digital risks, organizations and event organizers must adhere to three fundamental cybersecurity principles: identifying critical assets throughout their value chain, unlocking relevant information about these assets, and building a workforce supported by automation. Achieving these goals presents significant challenges, especially given the legal and governance issues that arise when value chains span multiple sectors and regions. The public and private sectors must collaborate closely to share information and develop the necessary skills within the workforce.
The Netherlands offers a successful model for such collaboration through its Connect2Trust Foundation. This cross-sectoral non-governmental organization (NGO), formally recognized by the Dutch Ministry of Security and Justice, receives information from both public sources like the National Cyber Security Center and private entities such as the Dutch Institute for Vulnerability Disclosures (DIVD). Connect2Trust’s inclusive approach allows entire ecosystems to stay informed about cybersecurity threats and vulnerabilities and provides a platform for mutual assistance.
To address the workforce challenge, the DIVD has established an academy for cybersecurity professionals and researchers. Supported by the municipality of The Hague, this initiative extends to the international ecosystem of NGOs, enhancing their cyber resilience through partnerships with organizations like the Cyber Peace Institute and Shadowserver. Moreover, the annual CyberSQUAD event is organized by Connect2Trust and DIVD. The academy fosters collaboration among young professionals worldwide.
As cybersecurity threats continue to evolve, the need for a comprehensive, collaborative approach to managing digital risks becomes increasingly clear. The lessons learned from past events, such as the London and Beijing Olympics, highlight the importance of preparing for and mitigating cyber-attacks. By adopting a federated, democratic approach to cybersecurity, organizations can effectively protect themselves and contribute to a safer digital environment for all.
