The 'cyber-attack' threat to London's Olympic ceremony
- Published
Fears that the 2012 London Olympics opening ceremony might have come under cyber-attack have been detailed by officials for the first time.
The concern was that the lights could have been turned off during the ceremony.
The threat did not materialise, but officials have told the BBC they put extensive precautions in place.
It comes amid fears about the vulnerability of Britain's national infrastructure to cyber-attack.
The head of the government's surveillance centre GCHQ, Sir Iain Lobban, says reconnaissance has taken place in cyberspace and there is a "realistic threat", which his intelligence agency is working with partners to try to counter.
A phone call from GCHQ at 04:45 is not the ideal way of being woken on the day of the Olympic opening ceremony if you are head of cyber security for the Games.
"There was a suggestion that there was a credible attack on the electricity infrastructure supporting the Games," Olympic cyber security head Oliver Hoare, who received the call, told BBC Radio 4 - in the first interview an official has given on the events that day.
"And the first reaction to that is, 'Goodness, you know, let's make a strong cup of coffee.'" If the lights had gone off during the opening ceremony, with close to a billion people watching, the impact would have been enormous.
When it came to risks to the Games, cyber attacks had been lower down the list than terrorism, which could cause real loss of life, but extensive testing had still taken place for a range of different possibilities.
This included precisely the scenario that raised concerns on the opening day. "We'd tested no less than five times the possibility of an attack, a cyber-attack, on the electricity infrastructure," said Mr Hoare.
Ticking clock
This would prove vital in ensuring an effective response from a team that stretched across government, the Olympic organisers Locog and private sector service providers such as BT.
The initial response to the threat came from the Olympic Cyber Co-ordination Team (OCCT), based at MI5 headquarters in Thames House.
There were two priorities. The first was to investigate how credible the threat might be. The information had come in overnight and was based on the discovery of attack tools and targeting information that it was thought at the time might relate to the Olympics.
While this investigation continued, officials also put in place contingency plans in case the attack materialised. Time was not on their side. "The clock was absolutely ticking," recalled Mr Hoare, who worked first for the Olympic Delivery Authority and then the Government Olympic Executive.
He, and others interviewed for the story, declined to speak in detail about the preparations put in place. "We effectively switched to manual, or had the facility to switch to manual. It's a very crude way of describing it. But effectively we had lots of technicians stationed at various points," he said.
In the afternoon a meeting was held in the Cabinet Office briefing room (although it was not a formal meeting of Cobra, the government's emergency response committee), chaired by deputy national security adviser Oliver Robbins, where different partners could join in videoconferencing from places such as the Olympic Park.
Contingency plans were discussed and ministers informed. Confidence grew that if the threat materialised it could be dealt with.
Vulnerability
Mr Hoare recalls a conversation an hour or so before the opening ceremony, in which he asked someone how the situation looked. "Good news," the individual replied. "If the lights go down we can get them up and running regardless within 30 seconds."
That did not entirely reassure Mr Hoare. "Thirty seconds at the opening ceremony with the lights going down would have been catastrophic in terms of reputational hit," he said. "So I watched the opening ceremony with a great deal of trepidation."
Other officials said, although they were confident every contingency had been prepared for, that did not prevent some nerves. "You wouldn't be human if you didn't have butterflies," one recalled.
Mr Hoare said that watching at home with his family, who did not know about the threat, he twitched every time the lights dimmed.
In the end the threat turned out to be a false alarm. But it does highlight a growing fear about the vulnerability of Britain's critical infrastructure to cyber-attack.
'Technical reconnaissance'
Increasing numbers of services are being connected to the internet, from power stations through to smart meters in people's homes. This brings many benefits and efficiencies for people's daily lives but also provides a new access point for those seeking to do harm, whether bedroom hackers or foreign states.
"We have seen technical reconnaissance of parts of our critical national infrastructure, yes," Sir Iain told the BBC. "Not to such an extent that we would raise a red flag but certainly we've seen an interest, an intentional interest, in parts of that infrastructure."
The GCHQ head said that the UK, along with its allies, was looking at how compromises and penetrations might occur and how to guard against them.
This year the UK is expected to launch its first national computer emergency response team (Cert). Until now, the UK has had government Certs but not a broader national team, unlike many other countries.
The real challenges on critical infrastructure, as with the Olympics, lies in the meeting point between government and private sector and ensuring that the right people with the right technical expertise are in the right place.
Under Attack - The Threat From Cyberspace is broadcast on BBC Radio 4 on Monday 8 July at 20:00 BST.
- Published1 July 2013
- Published30 April 2013