The secret security Olympics
It's been all over the news: No Olympics visitor with a laptop or smartphone should expect privacy in Sochi. Russian surveillance is pervasive. What you haven't heard: That's a good thing.
For the duration of the Winter Games, root for the state security forces. They're competing in an Olympic event you won't see on TV, with no medals for the victors. The venue is not an arena or ski trail, but the servers, hotspots and software on which Sochi depends - a fierce contest in cyberspace.
Cybersecurity is vital to the success of this or any games. Sochi 2014, with its proximity to troubled Georgia, Ukraine and Volgograd and the potential to embarrass President Putin, presents an irresistible target for cyber-outlaws. Some are undoubtedly motivated by the ongoing turmoil in the Northern Caucasus. The "Electronic Army of the Caucasus Emirate," which claims a relationship with Anonymous, promised "cyberwar" against Putin's regime unless the Olympics were aborted.
And as much as any stock trading floor, the modern Olympics run on digital information technology. Event results are compiled online; teams, competitor matchups, volunteers, and media information all live on digital systems. The games' essential infrastructure is wholly cyberdependent. Then consider tourists' reliance on ATMs and merchants who must verify credit cards to sell sandwiches and souvenirs. Paralysis is plausible.
So it's good that Russia is throwing everything it's got at Olympic cybersecurity, even if it means every reporter's email, every tourist's text message and every voice call are probably intercepted. Judging from the lack of chaos so far, the hacktivists have either laid low or – more likely – been successfully repelled.
Even in the unusual, high-pressure sphere of the Olympic Games, firmly prioritizing security over privacy is controversial. But Sochi's full-on electronic surveillance climate may yield at least two dividends.
During or after the games, we may discover more about Russian cybercapabilities, through slips of theirs or probes by other states. The Cold War may be over, but Putin's security apparatus remains of intense interest. In normal times they let little slip, but the Olympics will perhaps expose more. Dynamic threats require a comprehensive approach, in which cybersecurity measures are integrated into all security thinking. Surely competing intelligence services see Sochi as a learning opportunity.
The other upshot, hopefully, will be an overdue conversation on the value of privacy in our increasingly digital-dependent world. Sochi provides a glimpse of a future where the evolution of cybertechnology makes privacy impossible – where if we favor security, we have no choice but to live life naked. Is privacy dead?
While the Olympic torch burns we must set our qualms aside and hope the historically heavy-handed Russian security state defends the Winter Olympics from cyber mayhem. But when the last results are keyed into a secure computer and the flame is snuffed, it's time for a broader debate about the privacy-security balance. Is drastic cybersurveillance appropriate in Sochi? Sadly, yes. Is that how we want to live day to day? Certainly not. Privacy engineering is as critical to the information age as the Olympics are to global goodwill. Let's advance both causes.
Jarno Limnéll is Director of Cyber Security for McAfee, a division of Intel Security. He participates in NATO and U.N. working groups on cybersecurity and is considered a cyberwarfare expert. He holds a doctor of military science degree from Finland's National Defence University. He can be followed on Twitter at @JarnoLim.