EXECUTIVE SUMMARY:
In some Western countries, National Olympic Committees (NOCs) have expressed concerns around cyber security during the 2022 winter Olympic games. Several NOCs have provided athletes and staff with temporary phones and/or laptops to mitigate risks of surveillance during and after the games.
“It should be assumed that every text, email, online visit and application access can be monitored or compromised,” stated the United States Olympic and Paralympic Committee.
Olympic organizations in Canada, Germany, the UK and the Netherlands have also warned athletes about the potential for surveillance. The Canadian Olympic Committee noted that the games present “a unique opportunity for cybercrime.”
My2022 app concerns
Olympic organizing officials require all attendees to physically remain within a “closed loop,” a geographical bubble that consists of media centers, hotels, athlete villages and event venues. Attendees are also required to use a COVID-19 monitoring app on a daily basis.
Analysts report that the app contains security weaknesses. The app fails to provide encryption on many of its files. On Tuesday, Chinese state media outlet Global Times waived away concerns saying that “all personal information will be encrypted to ensure privacy.”
A Citizen Lab report also highlights a list of “censorship keywords” built into the My2022 app, alongside a feature that enables ordinary persons to flag “politically sensitive” expressions.
What’s being censored?
The list of censored words includes the names of Chinese leaders, government agencies, references to the 1989 killing of pro-democracy protesters in Tiananmen Square, and the Falung Gong religious group.
While these features and security weaknesses are not uncommon in China, they may be problematic for visitors. According to analyst, the “illegal words” file appears to be inactive, but the status could change.
Buying a burner phone
The BBC reports that international athletes, attendees and press should bring burner phones and create separate email accounts to handle messages related to Beijing travel. People who purchase burner phones should not use them upon leaving China.
Wider concerns
Reports point out the “sophisticated” and “broad” surveillance culture in China. Rental or disposable computers have been recommended for certain groups. All data and applications are potential avenues for intrusion and data compromise.
Mitigating security risks
Offering cyber security advice remains at the discretion of individual countries, but nations participating in the Olympics are taking the cyber risks seriously. In addition to using VPNs on devices, winter Olympic attendees have been advised to regularly update VPNs, network equipment, and devices. Also, admins may wish to audit logs for new users of services and admin accounts within established systems.
Athletes have also been advised to take care not to criticize China in communications. At present, as many as 1 million Uygurs are being held in detention camps within the Xinjiang region. Officials have warned that persons who criticize the nation’s political actions could face consequences.
In conclusion
Like the games played at the Olympics, cyber security is also a team sport. The scope and scale of the issues are too large for any individual to tackle alone. For more information about how to win at cyber security, please see this CyberTalk.org article.
