WavebreakmediaMicro - Fotolia
With three years to go before the summer Olympics kicks off in Tokyo, Japan is pulling out the stops to deter cyber attackers from targeting one of the world’s biggest sporting events.
Mihoko Matsubara, regional chief security officer at Palo Alto Networks, said that as with past Olympics, Japan is expecting phishing websites that sell fake entry tickets, ransomware and cyber espionage from threat actors looking to steal intellectual property for the innovations behind the games.
“We should also be cautious about attacks that cause damage to critical infrastructure, which would not only impact the games, but would also lead to a loss of lives in cases where medical services are affected,” Matsubara told Computer Weekly on the sidelines of RSA Conference Asia-Pacific and Japan in Singapore.
“The Japanese government has started to assess the cyber security risks around Tokyo 2020 and has taken measures to beef up the defences of critical infrastructure,” she said.
There were reportedly six major cyber attacks during the London Olympics in 2012, including distributed denial of service attacks on power systems that lasted for 40 minutes. Hacktivists also made calls on social media to launch similar attacks at specific times.
And during the Rio Olympics last year, the International Olympic Committee said it was under regular attack. Phishing emails were also sent to athletes in attempts to steal credentials that could be used to access a World Anti-Doping Agency database.
As Japan braces itself for a greater intensity of attacks than those launched against the Rio and London games, Matsubara said the government and the Tokyo 2020 organising committee have been conducting cyber security exercises, such as Cyber Colosseum, to simulate potential attacks, both in cities and rural areas.
According to reports, cyber security drills will be conducted up to six times a year, possibly rising to 10 in the run-up to Tokyo 2020. The drills, which involve local governments, would also include simulated attacks on mock ticketing websites. Between 300 and 500 people took part in similar exercises in Rio and London.
A computer security incident response team that recovers compromised systems has also been pulled together specifically for Tokyo 2020. This team will put their skills to the test during the Rugby World Cup in 2019, said Matsubara.
With sharing of threat intelligence a key strategy in countering cyber attacks, Japan’s National Centre of Incident Readiness and Strategy for Cybersecurity (NISC) is setting up a national centre to facilitate the sharing of threat information between government and critical infrastructure owners, said Matsubara.
Read more about cyber security in APAC
- The computer networks of two universities in Singapore were breached in April 2017 by hackers looking to steal information related to government or research.
- Threat intelligence feeds provide valuable information to help identify incidents quickly, but only if they are part of an intelligence-driven security programme.
- WannaCry’s spread in Asia-Pacific accounted for just 10% of detections worldwide, indicating the ransomware’s limited reach in the region.
- Singapore and Australia will conduct joint cyber security exercises, among a raft of measures to secure critical infrastructure and bolster cyber security know-how.
“But this is not just about Tokyo 2020 – it’s also part of efforts to enhance Japan’s cyber security capabilities,” she said, pointing out that the Japanese government has been focusing on growing a pool of cyber security expertise.
In April 2017, the Japanese government launched a national cyber training centre under the auspices of the National Institute of Information and Communications Technology.
The centre aims to roll out cyber security exercises for 3,000 government officials and staff who work for critical infrastructure operators in Japan. It also runs a programme called SecHack365 to train young people under the age of 25 in cyber security.
According to Japan’s Ministry of Economy, Trade and Industry, the country was short of more than 130,000 cyber security professionals in 2016, and this shortfall is expected to grow to more than 190,000 by 2020.
Barbara Grewe, portfolio manager for international strategy and policy at the Mitre Corporation, said that although Japan’s focus on protecting critical infrastructure was the right strategy in view of attempts to take down power and communications systems at past Olympic Games, its efforts should not stop there.
“They have to quickly move to the other pieces – cyber is cross-domain and touches absolutely everything,” said Grewe said at an event organised by the US-based Center for Strategic and International Studies in May 2017.
“Compared to the London games, the Tokyo games have to deal with the burgeoning internet of things, so you’re going to have millions of visitors who bring their own devices that could provide threats,” she said.
“You’re probably going to have over 30,000 commercial vendors working with the Olympic committee and the government of Japan, and all their devices will not be secured and will, intentionally or not, introduce insecurities into the systems.”