Olympic Computer Systems Under Scrutiny

The IT professionals behind next year's London Olympics are to carry out two simulated cyber-attacks to test their system. However, officials say they aren't aware of any specific threats.

The move follows warnings in 2009 by the United Kingdom's then Home Secretary (roughly equivalent to head of the Department for Homeland Security), David Blunkett. He warned that without co-ordinated defenses, the system could come under attack.

Blunkett suggested this might be a case of attempted disruption of the event rather than attempts to steal money, with criminals targeting ticketing and accommodation systems to remove records of reservations and purchases.

Denial-Of-Service Attack Among Simulations

Officials will carry out the tests next spring, a few months before the Olympics.

One test will involve a simulated virus spread throughout the network used by staff, while another will replicate a denial-of-service attack on the main public event website, in which troublemakers would attempt to flood the site with bogus requests until it was knocked offline.

Other tests will be less sophisticated, including mimicking the effects of power supplies mistakenly being disconnected or switched off. (Source: bbc.co.uk)

The testing will be based on actual attempts to disrupt IT systems during previous Olympics, most notably the 2008 games in Beijing, China. But even in the three years since then, cyber attacks have changed dramatically.

Not only have some viruses become more sophisticated, but there's also been a rise in attacks carried out by a large number of individuals acting in an organized manner.

Network's Physical Location Under Wraps

The announcement of the test comes during the official opening of the Olympics system control center in London. The precise location is being kept secret to cut down the risk of physical attacks, and a back-up facility has been set up in another location. (Source: v3.co.uk)

Key security measures include setting up the London Olympics website so that data enters and leaves the site through a wide range of routes (making a denial-of-service attack harder to pull off), and setting up clear barriers between internal networks and public websites to minimize the harm even successful hacking attempts could cause.