Multi-layered security provided foolproof protection for communication services at London 2012
Safeguarding the London 2012 network
Today any high-profile online presence is a magnet for malcontents and computer criminals. So LOCOG (the London Organising Committee of the Olympic and Paralympic Games) knew that London 2012 would be a prime target.
For BT, the London 2012 official communications services partner, security was much more than just a matter of fulfilling its contractual obligations. Given the international importance of the Games, any cracks in its electronic defences would affect the organising body, the reputation of BT as a service provider, and the image of the UK.
The Games presented important network security challenges because:
Furthermore, LOCOG wanted to give the event’s accredited journalists free and unmonitored network access, effectively making London 2012 the world’s largest bring-your-own-device experience so far.
The task of protecting the network infrastructure fell to BT Assure, the BT security and risk management division. The BT Assure team began consulting on the project from 2008 and, by early 2011, was working on potential threat scenarios and war games to devise a full security strategy.
Based on commercial-off-the-shelf products, a three-layer network security architecture was put in place. The first level was software and hardware-based managed perimeter security systems made up of multiple firewall tiers, to ensure hackers could not gain entry through device or vendor-specific vulnerabilities.
The second level of protection involved a series of threat and log management products aimed at detecting data coming from network-based requests that had bypassed the firewalls but might nevertheless be part of malicious activity. This was complemented by BT Assure Threat Monitoring, which employs a team of highly-skilled and experienced analysts using proven processes and comprehensive security technology for network incident detection and response.
Finally, a dedicated team of experts in BT security operations centres (SOCs) provided the third level of defence. These specialists – all with backgrounds in network security – worked pro-actively to monitor hacker activity; and reactively to track and counter incoming threats.
During the course of the Games it became apparent that laptops being used by press agents were harbouring malware. This back-door vulnerability was used to launch botnet attacks on the network. Although the team honoured its commitment not to monitor press activity, it was nevertheless able to trace the malicious traffic back though the network to the relevant device owners and let them know their machines were infected.
Associated with its communications services responsibilities, the team used distributed denial of service (DDoS) mitigation technologies to deflect inbound threats to london2012.com before they could hit the website. Those safeguards were also extended to the content distribution system, which pushed content out to multiple mirrored sites worldwide, enabling users to access the website around the globe. These were complemented by a number of antivirus and malware detection systems to raise alerts whenever known attack signatures were detected. In addition, the infrastructure was equipped with analysis software to give highly granular data on user requests.
Our assumption was that the website would be a prime target for a short time span, which is what happened. We’ve acquired a lot of experience in protecting clients against these kinds of threats, which was invaluable in designing similar measures to protect the London 2012 website.
The LOCOG network was handed over in early 2011 and round-the-clock security commenced on 1st July 2012. “Malicious activity started as soon as the infrastructure went live and increased in line with the amount of traffic,” recalls Phil Packman. “The first concerted attack coincided with the Opening Ceremony.”
As the Games progressed, the team dealt with daily threats, detecting and deflecting all intrusion attempts. In fact, during one early attack there was a peak of 11,000 malicious attempts per second on the network. The majority were traced back to servers in the US, China, and Brazil.
Throughout the entire event, the team collaborated closely with other security and law enforcement agencies, including experts from LOCOG and Olympic partner organisations, while also contributing to and gaining intelligence from daily Olympic Intelligence Centre (OIC) Metropolitan Police briefings.
Our work was part of a much wider effort to protect UK plc and the Olympic and Paralympic brand for the duration of the Games. I’m delighted to say it was a complete success.