The Pyeongchang Winter Olympics – skating on thin ice when it comes to cybersecurity?

By Cameron Abbott and Samantha Tyrrell

McAfee, a cybersecurity company, reported that organisations associated with the Pyeongchang Winter Olympic Games suffered security breaches as part of a hacking campaign in January. In a second chapter to this story, organisers have recently confirmed that Olympic servers were the subject of a cyberattack during the opening ceremony last Friday.

According to event organisers, the attack did not compromise any critical operating systems. However the attack did coincide with 12 hours of downtime on the official website (which prevented spectators from being able to access and print their tickets), a Wi-Fi ‘blackout’ in the Olympic Stadium, and the failure of televisions and the internet in media correspondence rooms.

Cisco Talos, a security research organisation, investigated the code associated with the breach and reported that disruption rather than espionage was the motivation behind this attack. They have dubbed the malware the ‘Olympic Destroyer’ based on its intended purpose of taking down systems and wiping (as opposed to siphoning) files and event logs.

The organising committee in Pyeongchang has remained tight-lipped with respect to the suspected perpetrator, reiterating that maintaining secure operations is the committee’s primary focus.

This attack, while short-lived, goes to show that even well-resourced global gatherings like the Olympics can fall prey to cyberattacks. Much like an Olympic ski run, inadequate data security protocols can lead organisations down a slippery slope. As they say, the time when you most need an Olympic level performance is when…you’re at the Olympics.

Copyright © 2018, K&L Gates LLP. All Rights Reserved.