There are many strategies and a plethora of modern applications for protecting critical IT and Telecommunications infrastructure assets.
Usually, the discussion of protecting critical assets is confined to the usage or comparisons of various IT systems. Moreover, the physical threats and abuses and the vast spectrum of the environmental factors affecting the operation of the critical assets are considered by highly specialized agencies and consultancy firms only.
We are presenting here a distinguished example/case-study of protecting critical IT and Telecommunications infrastructure assets from an extensive range of potential physical and electronic threats as an integrated part of a much larger security plan against asymmetric threats. The case-study is the security plan of the Athens Olympic Games (AOG) and Paralympic Games (APG) (August – September 2004). Even though the AOG/APG took place several years ago, the primary organization and operational structures are applicable today also.
The case-study is presented on a high level. We also provide related Greek web sites for further reading. Google Chrome can provide an adequate translation from Greek to English.
The plan was initiated and directed by the Greek government after communications with several foreign governments, agencies etc. Moreover, the security of the AOG/APG was further escalated on an international level due to the fact that these were the first Olympic Games after the 9/11 terrorist attacks.
The Greek government assigned the security planning to the Ministry of Public Order and Citizen Protection in co-operation with the Athens Organizing Committee for the Games of the XXVIII Olympiad (ATHOC). As a result the Greek Police created the Directorate of Olympic Games Security (D.O.G.S.) for devising a security plan that will be applied on a national level and will include all the related governmental and private organizations:
• All law enforcement agents
• All the branches of the Greek Army
• Emergency and health services
• Public utilities
• Private companies critical for the games, i.e. Hellenic Telecommunications Organization (HTO, translated in Greek as OTE)
HTO is an ex-governmental monopoly and it is the largest Greek telecommunications company. HTO was a Grand National Sponsor contributing the largest grant ever offered to the OG/PG by a telecommunications organization (€ 59M).
HTO offered the telecommunications infrastructure and a large part of the IT applications required for the success of the AOG/APG:
• Fixed and mobile telephony infrastructure (antennas, PBXs etc.)
• Fiber optic networks (data, voice)
• TV broadcasting infrastructure
• IT data centers
• Emergency call centers
• HTO CRM for the AOG/APG telecommunications products and services (Oracle eBS CRM/ERP)
I was working for HTO’s Olympic Project during the AOG/APG as an IT Senior Project Manager.
An integral part of the national security plan was to physically protect HTO’s critical infrastructure. This was accomplished with the full cooperation of all HTO’s security and technical directorates. The following HTO and ATHOC departments were involved:
• HTO ΙΤ General Directorate (Athens, Pireos Str.)
• ATHOC Directorate General of Technology / Integration Lab (Athens, N. Ionia).
• HTO National Operations Center (NOC, Athens HTO HQ, Kifisias Str.)
• HTO Regional NOCs in Thessaloniki, Patras and Heraklion Crete
• ΗΤΟ emergency call center for the Olympic Community (athletes, VIPs, etc., 21,000 members. Similar to the EU ‘112’ emergency number)
• HTO customer call centers for the support of the AOG/APG telecommunications products and services
From Fall 2023 to June 2024, consecutive tests and fail-failover/fix scenarios of the main IT systems and the voice/data networks were conducted at the ATHOC Integration Lab including simulations of multiple/asymmetric malicious acts against the IT/Telecommunications infrastructure. The tests included:
• All the IT systems capturing game data, i.e. timing systems, publication of results, inscription on the scoreboards, information systems of the broadcast commentators, printing systems etc.
• Mobile capacity network estimations including additional/temporal antennas for covering demand peaks and antenna fail overs
• Planning alternative fiber optic routes with adequate capacity
• Mobilization and readiness of the IT/Telecommunications support and technical personnel
The simulation/test results contributed to the following actions:
IT/Telecommunications Infrastructure
• Large fiber optic and mobile antenna networks were deployed in the Athens metropolitan area to connect all AOG/APG locations using multi-routing, i.e. stadiums, NOCs, data centers, press and broadcasting center, law enforcement agencies, army units, various governmental departments, emergency services etc.
• For speeding up the networking process, the fiber optic cables were deployed not only in the HTO underground manholes but also under the surface of the roads in 10x10cm channels and on the walls of the subway tunnels.
• Dual power and data networks were built externally and internally at the NOCs and data centers for uninterrupted power supply and data transmission. Dual internal power and data networks required the installation of many kilometers of cabling and hundreds of additional sockets in the main IT/Telecommunications buildings.
• Automatic failover architectures and infrastructure were deployed for all critical IT/Telecommunications systems (applications, databases, data brokers).
• A Motorola-Dimetra Terrestrial Trunked Radio (TETRA) system was deployed covering the Athens, Thessaloniki, Patras and Heraklion Crete metropolitan areas and the main highways connecting these cities. TETRA is a professional mobile radio and two-way transceiver specifically designed for use by the Greek Police, the emergency services and temporarily by the Greek armored forces during the AOG/APG. It uses low frequencies providing longer range, with a smaller number of transmitters. It provides fail-safe/multiple-redundant functionalities allowing it to be used for extended ‘mission critical’ wireless communication networks. In the absence of a network, mobiles can share channels directly (walkie-talkie mode).
Surveillance
• The Athens city center consists mainly of 4-6 floors apartment buildings with balconies of all sizes due to the Mediterranean weather conditions. The apartment buildings are distributed along a web of narrow streets. A surveillance system was required vertically above the narrow streets for optimal data collection and for extended periods that a helicopter cannot cover without refueling. Thus, a manned 61-metre-long surveillance Skyship 600 airship was employed to monitor the rooftops and the terraces of buildings with mobile and wireless antenna installations, the city center narrow streets and the unexpected crowd gatherings.
• A high-resolution street camera system was developed covering the Athens AOG/APG-related areas and the city center and it was used by the police and traffic police.
Personnel
• A number of telecommunications technical personnel were transferred from the rest of the country to Athens to cover 24x7 all the AOG/APG duration. Officers, SMEs and critical support personnel were also stand-by 24x7. All applications for annual leave were carried over after the end of the APG. The main stake was the country's reputation.
• Failover operational processes were defined for all critical IT/Telecommunications systems (applications, databases, data brokers) and the key users were heavily trained to apply them to a wide range of emergency situations.
• Armed police and army officers were added to the security personnel of the IT Directorate premises, NOCs, data centers and the emergency call center. Police patrolled around these facilities underlining the heightened security measures.
• The access to all the AOG/APG related areas and buildings was strictly controlled using special Photo-IDs that were provided to all athletic teams, press, volunteers, VIPs, IT/Telecommunications support personnel etc.
• A traffic lane was maintained on all main streets of Athens and marked specifically for the movements of the Olympic community including IT/Telecommunications support staff.
Notes
Products Used:
Oracle eBS CRM/ERP, Oracle DB EE, Cisco, Siemens, Alcatel, Motorola-Dimetra, Ericsson
Technical Skills Used:
• IT/Telecommunications security and infrastructure architects
• Data & mobile network architects
• PMs
• BAs
• Physical assets security architects
AOG/APG Security Links:
• https://www.astynomia.gr/yliko...
• https://www.minocp.gov.gr/2008...
• https://www.athenssocialatlas....
U.S. Congressional Hearings On Olympic Security - Associated Press Archived Videos (Unedited):
According to the U.S. Congressional Hearings on Olympic security, the accumulated security cost reached a staggering amount of $1.2 B. The main reason was that there was not enough time for the security plans to evolve properly. The high urgency of all the security related projects extrapolated their final cost. Undoubtedly, the result was a huge success for Greece, although the debate about the high cost of the AOG/APG still appears from time to time in the country's political scene and in the media.
Furthermore, the debate and reflection on how much "amount" of security should be provided for each situation should be seen as a key factor of any democratic state and not as an obstacle to the development and implementation of new security technologies.
Modern composable security applications and integration technologies offer a considerable collection of options for protecting spatially distributed (e.g., data centers) or linear (e.g. data and power lines) physical assets.
Integrated surveillance and security systems that combine data from a multitude of sources with security-tuned AI enable rapid identification and detection of a threat, thereby providing detailed 360-degree situational awareness to law enforcement agents/command center operators at low level operating costs.
