As I am sure everyone is aware, this is another year for the second most watched sporting event in the world (next to the World Cup). That’s right, this summer Athens, Greece will play host to the 2004 Olympic Summer Games. But this post is not about who the best runner is, or who will win the 100m, or even if banning athletes who pass drug tests but who are believed to be taking supplements is correct or not. No, this post is about something that I think is a little more serious – security.
Why security? It’s more important now than ever. In a lot of ways, the software development world has been a good reflection of the world at large with regards to security in the last few years. Never before has so much attention been paid to or money spent on security in computing, and the same could be said for life in general. Just as Microsoft moved funds from future products into security, airports and public venues around the world have moved money from expansion into security. And there is no end in sight.
So you’re probably wondering now why I started talking technospeak in a post that is about the Olympics, aren’t you? Well I am a geek, what can I say. But the real reason is that the computer industry provides excellent examples to illustrate problems that I fear are becoming a reality in Athens.
In April of this year, Paul Watson, a security specialist for Rockwell Automation, discovered (or as he put it, “pulled the pieces together regarding”) a flaw in the Transmission Control Protocol, or TCP. For the non-geeks out there, this is basically the plumbing that makes the Internet work. A serious flaw in TCP (a technology well beyond fifteen years old) could potentially bring the Internet crashing down – the very thing it was invented to protect against. Fortunately, Watson announced at a Vancouver security conference that the flaw has largely been addressed by the major ISPs and that the threat to the Internet was minimal at best. Since then, we haven’t heard a thing about it.
How does this relate to Athens? The flaw in TCP is a flaw in the infrastructure of the Internet. Take out the infrastructure that holds it together, and you take out the Internet. That is what I think is happening in Athens – a major security flaw in the infrastructure of the Olympic games, just waiting to be exploited.
What should be one of the grandest Olympics of all time has been off to a very rocky start. Unlike past Olympics where preparations have been completed months in advance, construction has been horribly behind schedule (especially of roads and other important infrastructure), IT security packages have been delayed, and the only people completely unconcerned about security are the Greek people themselves. And I know there are two sides to every story – soldiers have been trained how to deal with chemical, biological and nuclear attacks, and the security budget for Athens has far surpassed $1.2 billion USD. But my fear is not that someone is going to drop a nuclear weapon on Athens. My fear is that the terrorists have already, or are in the process of, planting their weapons of choice by exploiting the pathetic infrastructure. If terrorists can masquerade as pilots, and plan attacks against trains, what makes you think they haven’t already done something in Athens?
If you rush a software project, it inevitably has holes. If you rush baking your cake, it probably won’t rise or taste as great as it could otherwise have. If you rush in the morning because you’ve started late, you get a speeding ticket if you’re lucky enough to avoid an accident. See a common theme? Rushing to complete construction for the August 13th (which is a Friday by the way) start is bad enough. Delaying security software packages and components? That’s just stupid. All software needs to be tested. Delaying that until the last minute is an invitation to terrorists to render you dumb, deaf and blind before they attack.
Imagine what would have happened if malicious users had figured out the flaw in TCP long before the “good guys” did and were able to exploit it. The Internet as we know may have ceased to exist for at least an insufferable amount of time (keep in mind almost all of modern business is built around the Internet). Now imagine if terrorists were able to exploit the problems in Athens (or imagine they already have and are just waiting for the event to strike). Not only would millions of people be at risk or losing their lives, but the world at large would effectively be imprisoned.
If a terrorist attack on Athens is successful, I am willing to bet there will not be another large event of any kind for quite some time. World security was shattered after 9/11, and if something happens at Athens, I think it would be shattered and stomped on. Ignoring for a second the people who would be impacted, think about the money spent so far. The millions of dollars spent on airport security. The millions of dollars spent on arming embassies around the world. The list goes on. Sooner or later you have to ask yourself, was it worth it? What did we accomplish?
I hope that the 2004 Olympics will be the best ever and that my fears are not realized. I know I will be watching along with the rest of the world, hopefully enjoying a competitive sporting event. Will my wish for a safe summer games come true? I am not so sure…but here’s to hoping for another TCP flaw anyway.