RSA Europe 2013: The Lessons BT Learnt from Securing London 2012

London 2012
London 2012

Hughes reflected on an “astonishing summer as one of the sponsors of the most digitally connected Games ever” and shared some of the key challenges with the audience. While he declared “flawless execution with no breaches or downtime”, he admitted that beneath the surface “there was a lot of paddling going on and an extraordinary amount of attacks being attempted.” More specifically, the following was detected:

  • At least one hacktivism campaign each day
  • 2.31 billion counterpane events analysed = 77 incident tickets
  • BT prevented 11,000 malicious requests per second
  • 212 million malicious connection attempts blocked
  • On August 4th, ‘Super Saturday’, 128 events were detected

“You may think that no-one wants to hurt the Games, but there are plenty of people out there that wanted to disrupt the Games and our services, and we needed to ensure we have the right people and processes in place and the ability to react and respond.”

Service availability was BT’s top priority, which meant a strong focus on DDoS attacks and threats that would have an effect on service. With an infrastructure the size of a medium-sized town, and four networks to be responsible for: broadcast network; network for timing and scoring; network for Olympic family and the organisers’ network, “failure of service was not an option. It even said so in our SLAs”.

The 2012 website was also the responsibility of BT and the fifth most visited site in the world during the Games (with 39.6 billion page views). Site stability and dense and effective WiFi hotspots were crucial to the success.

With seven years to design the infrastructure and security, Hughes declared the time both an advantage and a challenge, “A lot of changes will happen in seven years so you need flexibility in design.” Many BT customers in hindsight said they wished they had been better prepared and increased their network capacity.

Lessons Learnt

Experiences and challenges from the Games allowed BT to “re-consider how we do defensive and protective operations.” One lesson which Hughes highlights as particularly significant is that “it’s as much about having the right people and processes in place as it is about having the right technology and censors.”

Hughes stressed the importance of data analytics and real-time defence. “Our cyber defence operations team understands what our critical assets are, the risks, and our network infrastructure.”

During the Games, there was an increase in phishing and DDoS attacks. These threats, Hughes said, have continued. “Cybercrime motivations are more financial than ever before, and focussed attacks are more popular these days. What we learnt from 2012 has given us a much better understanding of how to secure things within BT.

“There is also a huge amount of scope in the industry to automate and analyse more data in real time and turn that into action”, Hughes concluded.



What’s Hot on Infosecurity Magazine?