| 来源类型 | Research Reports
|
| 规范类型 | 报告
|
| DOI | https://doi.org/10.7249/RR2395
|
| ISBN | 9781977401656
|
| 来源ID | RR-2395-RC
|
| Olympic-Caliber Cybersecurity: Lessons for Safeguarding the 2020 Games and Other Major Events |
| Cynthia Dion-Schwarz; Nathan Ryan; Julia A. Thompson; Erik Silfversten; Giacomo Persi Paoli
|
| 发表日期 | 2018
|
| 出版年 | 2018
|
| 页码 | 96
|
| 语种 | 英语
|
| 结论 |
Cyber threats are a growing concern for Olympic planners, and past games hold valuable lessons for Tokyo 2020- The increasing dependence on technology and a proliferation of adversary tools to exploit vulnerabilities in systems and networks make the Olympic Games a target-rich environment for cyberattackers.
- The consequences of a cyberattack on the Olympic Games include financial losses, physical harm to participants and attendees, property damage, the compromise of personal information, and damage to the host country's reputation.
- There have been no successful large-scale, high-impact attacks on prior Olympic Games; experiences from these and other international events offer potential lessons for Tokyo 2020 planners.
- A key characteristic of past Olympic cybersecurity planning efforts has been coordination and collaboration among a range of stakeholders, including the private sector.
Understanding Japan's cybersecurity threat landscape will help planners mitigate threats- The typology of threat actors revealed six types of actors with the potential to pose a risk to the Tokyo 2020 games: cyber criminals, insider threats, foreign intelligence services, hacktivists, cyberterrorists, and ticket scalpers.
- Motivations vary with the type of actor, but a streamlined classification of profit, ideology, and revenge captures the motivations for most attacks.
- Foreign intelligence services and other state-sponsored attackers rank at the top in terms of sophistication and level of risk to the games.
- The risk analysis methods and threat actor typology developed for Tokyo 2020 offer a valuable basis for future research to support the cybersecurity goals of other high-profile international events.
|
| 摘要 |
- Plan early to ensure ample time to assess event-specific threats, shape a community of stakeholders and build trust among them, and establish mechanisms and processes for information sharing, incident reporting, and problem resolution.
- Cooperate and share information with all cybersecurity stakeholders, including the private sector, to effectively mitigate cybersecurity risks.
- Ensure that all stakeholders understand the mission and work toward a common goal, bolstering trust and a commitment to information sharing.
- Define stakeholder roles and responsibilities, and revisit them throughout the planning process, to help stakeholders understand how best to contribute and whom to contact when changes or incidents arise.
- Allocate resources appropriately to reduce cybersecurity risks, prioritizing threat types and threat actors as needed to apportion these investments.
- Deter the riskiest adversaries with a targeted cyber defense campaign. For example, a publicly documented cybersecurity exercise to showcase defensive preparations might deter attacks altogether or convince attackers that the costs of executing an attack are too high, the chances of success are too low, and the prospective retaliatory costs are unbearable.
|
| 主题 | Cybersecurity
; The Internet
; Terrorism Threat Assessment
|
| URL | https://www.rand.org/pubs/research_reports/RR2395.html
|
| 来源智库 | RAND Corporation (United States)
|
| 引用统计 |
|
| 资源类型 | 智库出版物
|
| 条目标识符 | http://119.78.100.153/handle/2XGU8XDN/108868
|
推荐引用方式
GB/T 7714 |
Cynthia Dion-Schwarz,Nathan Ryan,Julia A. Thompson,et al. Olympic-Caliber Cybersecurity: Lessons for Safeguarding the 2020 Games and Other Major Events. 2018.
|
