Manage IT Security for the London Olympic 2012 Games - Case Study Example

Manage IT Security for the London Olympic Games My is Jian Roberts, the Project Manager of Technolight, a London-based IT company. In this project, I will be working together with the company’s security team, a group of IT security experts. My role in the Technolight is to initiate, plan, execute, monitor and finalise projects on behalf of the company. As a project manager, my key responsibilities in this project will include project scope management, time and cost management, quality management, human resource management, communication management, risk management and procurement management. Basic details of the London 2012 Olympics security measures and the potential IT security vulnerabilities of the event An assessment by the Olympic Strategic Threat Assessment (OSTA) indicates that the possible security threats to the Olympics are terrorism, serious crime, domestic extremism and natural hazards (Home Office 2012, 13). A safety and security strategy and security measures have been set up to respond to these. According to BBC News (2011), 13,500 armed forces personnel and 10,000 police officers will be deployed during the Olympics to enforce security. This will be backed by 50 marine officers in fast response boats who will be joined by 100 military personnel (Seida 2012). The structure of the safety and security strategy has been built around strategic objectives and each of these be will be delivered though a special programme headed by a programme manager. The Protect Programme will ensure the safety and security of games sites, infrastructure and venues, and people involved in the Games. The Programme will also consider protecting people travelling to the Games. The Prepare Programme will provide specialist response by ensuring that the necessary contingencies and workforce are in place to manage events that could significantly compromise or disrupt the security of the Games. The Identify and Disrupt Programme will provide the required capacity and capability to identify and disrupt all forms of threats to the Games. Command, Control, Plan and Resource (C2PR) programmes will ensure that required resources are available and can be deployed to the necessary sites to provide safety and security (Home Office 2012). One of the assumptions for this strategy is that the greatest security threat will be terrorism. Despite the above security, the potential IT security vulnerabilities of the event are still high and the major threat is identity theft. Vacca (2003) defines this as a type of crime where someone steals the identity of someone else and poses as that person. This is basically an identify fraud. In true-name ID fraud, the person’s identify information is not modified. Terrorists are also likely to stealing key pieces information from people like driver’s license numbers and social security numbers and combine them with fake information to create new identities which they will use to gain entry into the games venues. This is called synthetic ID fraud as noted by McFadden (2010). Criminals could pose as fans, players, visitors and even London Organising Committee for the Olympic Games (LOCOG) officials. Once they gain entry into the venues, they commit terrorist attacks. They can also use these IDs to obtain goods and services. ID theft is a form of cyber crime. Giles (2010) explains that hackers access personal information of other people online. To get this information, the terrorists could send messages posing as the official website for LOCOG, trying to sell tickets. As people respond, they get their personal details and use them to make fake IDs. ID theft could also result from phishing attacks like man-in-the-middle phishing. This is where a criminal positions themselves between the legitimate site and the user (Emigh and Labs 2005). In this way, they will save valuable information from different sources and send false messages between LOCOG and its users. To detect this, LOCOG will have to setup a spoof-reporting email address that users will send mails to. This will provide feedback that will be used to identify if the communications are legitimate or fake. ID theft and presence of people posing with fake IDs will also be detected by monitoring responses to tickets coming before and after the official ticketing days. Such tickets will have their owners’ names put in a “wanting” list so that they can be thoroughly scrutinised well as they arrive in the games sites. Londoners and visitors will be requested to check their credit reports and financial statements frequently and report any irregularities with their details and bills (www.ftc.gov. 2011). In addition, covered accounts will be identified during the games. These are accounts that involve multiple transactions or payments. According to the Board of Reagents (2010), such accounts must be monitored to detect the existence of ID theft. In order to prevent ID theft, the Technolight will ensure that the official websites for LOCOG are highly secure. Dhillon (2007) describes this security as protection from unauthorised access, use, inspection, perusal, disclosure, disruption, recording and modification. This will ensure that no unauthorised person conducts activities in the name of LOCOG or accesses personal information of LOCOG officials because this could have direct impact on the security of the games. It will also frustrate people who want to conduct fake lotteries or sell tickets by posing as LOCOG. All players and visitors will also be required to book their accommodations only through the three UK official providers for Games Breaks and Hospitality packages. These are Thomas Cook- www.thomascooklondon2012.com, Prestige Travel - www.prestigeticketing.london2012.com and - Jet Set Travel - www.jetsetsports.com. According to Jennifer (2012) this will prevent visitors from giving out their personal details to ID thieves posing as hotel booking agents and booking non-existent accommodation for visitors. This will also prevent loss of money. The best solution and countermeasure to ID theft is protection against the crime through increased levels of privacy. This will frustrate unauthorised access and use of confidential or personal information. The impact of possible kinds of cybercrime activity on the success of the Olympics, as a major international event and in terms of the economic benefits of the Games to trading activities and urban regeneration From the testimony of Brown (2002), some people will be plunged into problems like trouble with the law, tarnished credit profile, huge financial dents and tarnished public reputation as a result of ID theft because they will have to be accountable for all activities conducted by the terrorists under their names. Debt collectors could also pursue innocent people whose social security numbers were used and this could land some of them in debt crisis. Under synthetic identity theft, the transactions conducted by the terrorists will not reflect on the credit reports of the true owners of the social security number. Because of this, London creditors are likely to suffer massive fraud losses because of giving credit to ID fraudsters unwittingly. To recover from this, these creditors are likely to pass this burden to the consumers through high interest rates and fees. According to the Australasian Centre for Policing Research (2006), ID theft could cost billions of dollars. This means that ID theft could cost London more money than it will gain from the Olympics. This will sweep away money that could have been used for urban redevelopment/regeneration programs in London after the Olympics. Other types of cyber crimes that are likely to affect the success of the London Olympics are spam, cyberterrorism, fraud, cyber spying, hacking, dissemination of offensive material, electronic vandalism and extortion and, cyber stoking. Many types of cyber crimes result in ID theft and it can con the visitors of their money and compromise their security. Cyber spying and stalking will compromise with the security of players and other visitors by revealing about their travel arrangements, arrival days and hotel rooms. It can make them targets for terrorism. According to Newman (2006) cyber fraud will result in direct financial loss. This will affect both visitors and businesses in London. The legal framework within which the problem of cybercrime can be addressed In order to address the issue of cyber crime, Technolight will work together with the police and officials from UKs top cyber crime unit in cracking down and shutting all websites that are targeting Olympic visitors through the use of Olympic images, especially the five Olympic rings image. These websites sell luxury goods and convince customers by relating themselves with LOCOG. In addition, all forms of cybercrime will be prosecuted under Federal Criminal Laws. Technological approaches to limiting the impact of cybercrime that could help protect the Olympics One of the technological approaches to limiting cyber crime is the utilisation of state-of-art technologies. ICT should be harnessed to counter the ills of the existing technologies. These technologies will facilitate the upgrading and implementation of the latest technologies to protect privacy. Chawki and Wahab (2006) identify biometric applications, padded cells, cytography, digital signature technologies and tokens as examples of top high-tech technologies that could be used for security purposes. Recommendations for a solution to the problems LOCOG may not manage to respond to all types of cyber crimes that could be perpetrated against the Olympics visitors. However, it has to work to stop people posing as itself and in effect, help to minimise ID theft among visitors and other people. To accomplish this, Technolight will install signature-based anti-spam filters in the LOCOG IT system. This will identify and stop phishing messages bearing the name of LOCOG from reaching users. In this way, it will be impossible for criminals to pose as LOCOG and sent messages to users through which they will obtain personal information and commit other types of cyber crime. Tight scrutiny will be conducted on the records of all visitors expected to detect those which are appearing more than once. These will have to be reconfirmed by checking their personal details to identify people posing as other people. Highly detective software will also be installed to detect any data theft from LOCOG website to prevent the leakage of confidential information. Technolight will also work to prevent all other forms of phishing which could in one way or another compromise the security of the event or contribute to ID theft. In summary, Technolight will develop a product for LOCOG that is resistant to cyber crime and that can facilitate cybercrime detection and investigation. References Australasian Centre for Policing Research. 2006. “Identity Crime Research and Coordination.” Viewed 23rd March, 2012, http://www.acpr.gov.au/research_idcrime.asp BBC News (15 December 2011). “13,500 troops to provide Olympic security”. Viewed 23rd March, 2012, http://www.bbc.co.uk/news/uk-16195861 Board of Reagents. 2010. “FISCAL POLICY AND PROCEDURES: 21-4 IDENTITY THEFT DETECTION, PREVENTION, AND MITIGATION.” Viewed 23rd March, 2012, http://www.wisconsin.edu/bor/policies/rpd/rpd21-4.htm Brown, M. 2000. “Verbal Testimony by Michelle Brown.U.S. Senate Committee Hearing on the Judiciary Subcommittee on Technology, Terrorism and Government Information – "Identity Theft: How to Protect and Restore Your Good Name". Viewed 23rd March, 2012, http://www.privacyrights.org/cases/victim9.htm Chawki, J and Wahab, M. 2006. “Identity Theft in Cyberspace: Issues and Solutions.” Lex Electronica. 11 (1) pp 1-40 Dhillon, G.2007. "Principles of Information Systems Security: text and cases." John Wiley and Sons. New York. Emigh, A. and Labs, R. 2005. Online Identity Theft: Phishing Technology, Chokepoints and Countermeasures. Viewed 23rd March, 2012, http://www.antiphishing.org/Phishing-dhs-report.pdf Giles, J. 2010. "Cyber Crime Made Easy." New Scientist 205 (2752) pp 20-21. Home Office. 2012. Olympic and Paralympic Safety and Security Strategy. International Olympic Committee. London Jennifer, B. 2012. “London 2012 Olympics and the Games Fraudsters Play.” Viewed 23rd March, 2012, http://www.locanto.info/safer_trading/2012/01/london-2012-olympics-and-the-games-fraudsters-play.html McFadden, L. 2010. “Detecting synthetic identity fraud.” Viewed 23rd March, 2012, http://www.bankrate.com/brm/news/pf/identity_theft_20070516_a1.asp Newman, R. 2006. Cybercrime, identity theft, and fraud: practicing safe internet - network security threats and vulnerabilities”. ACM. New York. Seida, J. 2012. “Metropolitan Police and the Royal Marines perform security exercises in preparation for London Olympics.” Viewed 23rd March, 2012, http://photoblog.msnbc.msn.com/_news/2012/01/19/10192015-metropolitan-police-and-the-royal-marines-perform-security-exercises-in-preparation-for-london-olympics Vacca, J. 2003. Identity Theft. Prentice Hall. London. www.ftc.gov. 2011. “Detect identity theft.’ Viewed 23rd March, 2012, http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/detect.html\ Read More