Until just before the Tokyo Olympics in July 2021, many voices expressed doubts about the cybersecurity of the Games. This skepticism was no surprise given that all of the Games had been exposed to cyberattacks in the 21st century.
One of the most common methods is financially motivated cybercrime through illegal operations such as selling fake tickets. However, Tokyo Games stakeholders were most wary of cyberattacks that could affect their operations, such as the opening ceremony or interruptions to the competitions.
In fact, the opening ceremony of the Pyeongchang Winter Olympics was hit by an obstructive cyberattack in February 2018. The Wi-Fi went down just before the opening ceremony, and the internet-connected TVs at the venue became temporarily unavailable for viewing. Since the official website had also gone down, many spectators were unable to print their tickets. This made their seats unoccupied at the venue.
Furthermore, a series of large-scale ransomware attacks in 2021 have increased caution around the globe. For example, the Colonial Pipeline, a major oil pipeline company in the United States, and JBS, the world's largest meat supplier, were attacked in quick succession in May 2021, leading to the suspension of their operations for several days.
The Key to the Success of the Tokyo Olympics
On September 27, 2021, then-Chief Cabinet Secretary Katsunobu Kato declared that no cyberattacks affecting the operation of the Games were confirmed during the Tokyo Olympics and Paralympics. Of course, it is not the case that Tokyo 2020 did not face any cyberattacks. According to a press release by NTT Corporation and the Tokyo Organising Committee of the Olympic and Paralympic Games on October 21, 2021, they detected a total of 450 million cyberattacks and so on against the networks and systems operated by the Games. That is approximately two times more than the number identified at the 2012 London Games.
Since the International Olympic Committee had announced that Tokyo would host the Games in September 2013, the Japanese private and public sectors have made their utmost efforts to enhance the cybersecurity of all the Tokyo 2020 stakeholders. As the operations of recent Olympic and Paralympic Games had been increasingly digitized, Tokyo 2020 stakeholders knew that cybersecurity is the key to the success of their event.
Identifying the Risks
To strengthen cybersecurity, the first step is to understand where the risks lie. It is also crucial to share cyber threat intelligence such as the method of cyberattacks with the concerned parties in a timely manner to minimize damage caused by those attacks.
Thus, the National Center of Incident Readiness and Strategy for Cybersecurity (NISC) requested critical infrastructure companies that provided services for the Games to carry out risk assessments a total of six times from 2016. The NISC also hosted five cyber exercises based on the most recent cyberattack techniques, inviting thousands of people.
In addition, the Japanese government launched the Cybersecurity Coordination Center that operated 24 hours a day to respond immediately to cyberattacks and share the information with stakeholders. The center had increased its operational capabilities to defend large-scale international events and disseminate cyber threat information through the G20 Osaka Summit in June 2019 and the Rugby World Cup between September and November 2019.
Dr. Brian Gant, an assistant professor of cybersecurity at Maryville University, the United States, praised the Tokyo 2020 Olympics' cybersecurity as a success story that other organizations should follow in an article contributed to the Security Magazine dated August 17th, 2021. He attributed the Tokyo 2020 Games' success to the cybersecurity lessons learned from past Olympics to strengthen its defenses and utilize human resources effectively.
Telecommunication service provider NTT, a Gold Partner of Tokyo 2020, also cites talents as one of the secrets to the successful cybersecurity. The company utilized a specialized "Red Team" to discover vulnerabilities through pseudo-cyberattacks, whose offensive security measures had filled gaps in advance.
Need for Japanese Knowledge
The Tokyo 2020 Games experienced unprecedented challenges including the one-year postponement due to the COVID-19 pandemic. Under these circumstances, Japan fought two invisible enemies, the novel coronavirus and computer viruses, and succeeded in defending the Games from the foes. It's an achievement worthy of pride.
Also, every organization would be keen to acquire such expertise to deal with the pandemic and strengthen cybersecurity when the world is now more digitized and reliant on teleworkers. For example, countries hosting large-scale international events would be eager to learn from Japan’s expertise for team-building, information-sharing, and cybersecurity to prepare for their events such as Paris 2024, Los Angeles 2028, and Brisbane 2032, and G7 and G20 Summits, and Expos.
During my trip to London in October 2021, people from several countries asked me about Tokyo 2020’s cybersecurity. Clearly, there is a huge interest in learning about what made the Games safe and secure. This is the time for Japan to disseminate its Tokyo 2020 expertise to the world in English, and contribute to improving the cyber defense capabilities of the world.
Cyberattacks against Japan will never stop even after the Olympic and Paralympic Games. However, Japan now has the experience and talents that achieved the successful Games amidst the pandemic. They would allow the country to maintain this level of preparedness and resiliency with confidence.
(This was first published as a Sankei Seiron column. Read the article in Japanese at this link.)
Author: Mihoko Matsubara, Chief Cybersecurity Strategist, NTT Corporation