For those of us of a certain age, our memories of Sebastian Coe are of the 1980 Olympics and his battles with British distance runners Steve Ovett and Steve Cram. Later his interests turned to politics before he headed up the bid and lead the delivery of the 2012 London Olympics.
Speaking at this year’s Infosecurity Europe as one of the keynote speakers, Lord Coe spoke exclusively to Infosecurity about some of the key challenges that he faced and overcome in delivering a huge project on time, and to global acclaim.
One of the achievements of the 2012 Olympics was bringing together a skilled team, a challenge that cybersecurity professionals know all too well. When tasked with building a team to deliver the London Olympics, did he find that the right and suitable people were there to deliver this project?
Coe said that the broad answer was yes, as the move from a bid team of 60 people over a seven-year path (London was given the approval to host the games in 2005) to the delivery of the Olympics opening ceremony on July 27 saw the team grow to 8500 people, not to mention 70,000 volunteers, 100,000 contractors and millions of people “who helped in one way.”
He said: “I cannot think of another organization that grew as quickly as that in seven years, and were not there beyond the closing ceremony. There were challenges and skills challenges, and IT is a large and integral chunk of the delivery of a successful games and making sure we had the right people and right commercial partners and in a large part, the sponsors were not just marketing partners, they provided a big chunk of the networks and infrastructure.”
Coe said that by the time the games arrived, over 200,000 hours of testing IT system had been done, and the London team was able to draw talent from those involved in the 2002 Commonwealth Games held in Manchester, where IT director Gerry Pennell had previously served.
Delivery of the project was obviously key to the team’s role, and a major deadline was always present. Coe explained that this delivery was possible “with the right people and the right vision”, and he said that there was never any question about not being ready.
“I also recognized that this was the toughest and most complex piece of project management that any country could take as we were permanently refining by the day, by the hour and by the minute,” Coe explained. “The golden rule in my world is as a former competitive athlete you never go into an Olympic final and be worried about something you have not dealt with on the track. This is the same in project management, and you test over and over a year out.”
Coe said that this even stretched to discussing road surfaces and kerb heights and whether it would be practical for the wheelchair road races. He admitted that there were points where you were learning as you went along, but as the last London Olympics were held in 1948, there were not people to draw experience and knowledge from locally, so he had to draw from a skillset from around the world.
“There was never any question about it not being ready on time,” he said. “The great thing about the games is it is an immutable deadline, so have to get it done.”
After the event, there were claims made that there was a credible cyber-attack threat to the London Olympics. Coe said this is not something he was ever made aware of, and he said that security was of the highest order when putting together an event like this, and he praised partnerships with the Home Office, Ministry of Defence and intelligence services, Metropolitan Police and 16 other constabularies, who he called “crucial elements”, as “when there were challenges they were dealt with in a comprehensive and structured way.”
He said: “What is the most important element in terms of security is that it is incremental and sequential,and has to be intelligence-led and we do it well in this country.”
Since London 2012, Coe has been appointed as President of the International Association of Athletics Federations (IAAF), and in April 2017, it was targeted by the hacking group Fancy Bear/APT 28, who hacked information concerning applications by athletics for therapeutic use exemptions.
Coe issued a statement at the time, saying: “The presence of unauthorized remote access to the IAAF network by the attackers was noted on 21 February where metadata on athlete TUEs was collected from a file server and stored in a newly created file. It is not known if this information was subsequently stolen from the network, but it does give a strong indication of the attackers’ interest and intent, and shows they had access and means to obtain content from this file at will.”
This attack was detected during a proactive investigation carried out by Context Information Security, who were contacted by IAAF at the beginning of January to undertake a technical investigation across IAAF systems.
History shows that companies that are attacked and suffer breaches are more resilient after the fact, and Coe admitted that the incident had given the IAAF several learning points about having systems in place that are strong and robust, as he admitted that “you are never ever going to be in the luxury of a system that is 100% secure all of the time.”
He also said: “It is important when holding personal data that you do everything you can to be sure you’re protected. It is not just IT and systems and software, but also recognizing the first line of defense that are the people in you organization, and understand where the vulnerabilities are and recognize a suspicious email appearing or unusual requests, and following the right processes.”