A Comprehensive Solution to Ensure Network Availability, Performance, and Security at the Youth Olympic Games

Along with the Olympic Games and the Winter Olympics, the Youth Olympic Games is one of the largest international sporting events in the world. In each edition, the International Olympic Committee (IOC) works hand-in-hand with the host city to coordinate the organization of this competition that brings together – both in person and virtually – millions of spectators across the world. The latest Youth Olympic Games were held in Buenos Aires, Argentina in October 2018. This 12-day competitive event brought together 4,012 young athletes representing 206 delegations from different countries. This latest edition also reached a record number of attending spectators, amassing a viewership of 1.1 million people across the 16 locations chosen for the different sports.

In an event of this scale and magnitude, the athletes’ physical safety has always been a priority. In addition, where all information and data are stored and carried through the network, cybersecurity, and IT infrastructure availability also proved to be critical aspects for the event organizers. Gustavo Linares, managing director of IT Security for the Buenos Aires City Government, oversaw the team tasked with managing all aspects of the event’s cybersecurity. We talked with him about the risks posed by an international event of this nature, what processes were utilized to address cyber threats, and how the FortiGate Next Generation Firewall’s advanced security helped guarantee network availability, while preventing and mitigating any incidents.

Q: Describe the challenge of securing the technological infrastructure of a large-scale international event such as the Youth Olympic Games.

GL: We began working on this more than three years before the games took place, after Buenos Aires was officially chosen as the host city for the 2018 Youth Olympic Games. The process established by the IOC states the preceding host city preps the future host. In this case, the information security authorities of Nanjing, China shared their experience with us. From there, we began to delineate what the deployment project of computer infrastructure, systems and cybersecurity would entail for the Buenos Aires games. We exchanged ideas with other entities until we ultimately defined the deployment of specific networks for the Olympic Games in each of the 16 venues. From a cybersecurity standpoint, we set up three lines of work: one focused on prevention, one on operations, and another on incident resolution and forensic analysis.

Q: What were some of the organizing committee’s requirements and demands?

GL: This can be summarized in two words: security and availability. The technology used to collect data on the Olympic tests’ results was provided by OMEGA, the Olympic Games’ official timekeeping firm. However, the responsibility of the information’s transmission, availability, and security was up to us. You can’t ask an athlete to repeat a test due to loss of data, so our priority was guaranteeing the information’s availability and security as it circulated across networks at all times and throughout all venues.

We had an incredibly demanding level of traffic at the Olympic Park where OMEGA was collecting data. We also experienced a medium demanding volume of video transmission traffic, while also having considerably high levels of demanding traffic in the information centers where the data was processed and then passed on for international streaming. At the same time, web browsing availability was a key priority at the Olympic Village, which housed the athletes throughout the games’ 19 day-duration. In addition to providing adequate availability and performance, we were concerned with content filtering so as to avoid any inconvenience or complaint that potentially could affect the participants – a task of utmost importance considering all athletes were minors.

Q: What IT security structure did you implement to meet these availability and cybersecurity demands?

GL: We developed different network solutions at each of the locations, all supported with Fortinet equipment to guarantee information availability, performance, and security. We deployed 48 FortiGate Next-Generation Firewalls, all with different capacities in accordance with each location’s requirements and network. A bidding process was launched for the interconnection service and we incorporated Fortinet’s security equipment into the telecommunications company’s infrastructure. We already work with Fortinet firewall solutions in two of the Buenos Aires City Government’s data centers, so Fortinet was a natural choice. We knew we could get a complete solution to ensure traffic volume and availability at the Youth Olympic Games, so we chose Fortinet’s full bundle with all its capabilities, including IPS control, web filtering, and all associated services, in each venue as well as in the main data centers.

The IT Security team had to comply with a service level agreement (SLA) imposed by the IOC that required the resolution of any incident in five minutes. However, we went further and lowered that requirement to one minute due to the reliability of the implemented technology.

Q: How important is prevention for this type of event?

GL: The Olympic Games are a multidisciplinary and international event; there is no other event involving 206 countries. The risk potential multiplies when you consider the political and economic conflicts of each of these countries. We know cybercrime is not only used for economic purposes, but also for political and ideological reasons.

We created a Federal Security Committee for the games involving the Buenos Aires City Police, the Buenos Aires Province Police, the Federal Police, INTERPOL, and other federal agencies, such as the Ministry of Defense and the Ministry of National Security. Together with the IOC and this committee, we worked on the development of possible incidents that we called “scenarios.” We created multiple conflict hypotheses and developed a resolution for each scenario based on the Fortinet information security technology we were going to deploy. This helped us achieve quick detection and resolution whenever we had any incidents. We put together approximately 60 scenarios – some based on other Olympic Games’ experience, others based on government experience or imagination.

Q: How was this earlier prevention work and selection of appropriate security technologies reflected during the games?

GL: The games’ opening ceremony was a key milestone. Since 2012, all inaugurations experienced some type of intrusion. The opening ceremony was held, for the first time in history, in an open environment on a public highway, raising plausible concerns as the area is surrounded by multiple advertising screens. A content infiltration incident could have been a serious occurrence. Once we achieved this milestone without incident, our priority was focused on network availability and data security. We did have incident attempts, but we managed to detect and mitigate them. For instance, we found four or five fake domains similar to those of the games – created with the intention of generating phishing scams – which we eliminated.

Q: What were some of the main benefits of relying on Fortinet as the cybersecurity solutions provider for the games?

GL: We are extremely satisfied with the achieved results. The event was 12 activity-filled days, with an IOC record participation of 1 million spectators, and we had no cybersecurity incidents. We managed to prevent, detect, and mitigate any attempt to impact network availability or performance. In regard to administration, despite having more than 40 FortiGate firewalls of different capacities in operation, we did not experience any problems with the equipment even while running the complete security package from Fortinet.

The entire core perimeter’s security infrastructure deployed at the Buenos Aires City Government network is Fortinet, so implementing Fortinet in the Youth Olympic Games was not new to us. Knowing the tools’ capabilities and their administration made everything much easier. Additionally, it proved to be the platform most closely attuned to our needs as it allowed us to interconnect all locations to a central data center and secure everything, from the core to the games’ central platform.

Q: You will have to share your experience with the CISO of the next Youth Olympic Games’ host city. What will be some of your recommendations?

GL: The first recommendation would be prevention. We made a massive effort in prevention, analysis, research, and in creating a Computer Security Incident Response Team (CSIRT) specifically for the games. Generating known and imagined conflict scenarios to test the security infrastructure and be truly prepared is key. So is the ability to operate seamlessly during the event along with knowing how to work quickly and efficiently. Having this prior knowledge and the right technological partner allowed us to detect incidents that we had already mapped, thoroughly know which solution to apply, and then implement it quickly to mitigate cybersecurity risks.

The Youth Olympic Games, one of the largest sporting events in the world, required a security solution that could protect a large-scale IT infrastructure and keep the event running smoothly. Read more about why they used Fortinet’s FortiGate to do this.

Read more about the Fortinet Security Fabric and how Fortinet is delivering solutions for the Third Generation of Network Security.