Risk management on display at the 2018 Winter Olympics
Managing risk will be in the spotlight at the 2018 Winter Olympics in Pyeongchang. With a televised audience in the billions, the Games open Friday, February 9. From a risk perspective, you can be assured that Olympians, information technology professionals, and an Olympic-sized security force are all focused on managing risk.
Here are a few risk management examples to watch for in the next two weeks.
Risk and reward
We watch the Olympics to see the best athletes in the world compete for gold, silver, and bronze.
When Lindsey Vonn competes in the downhill event, she’s all about taking risks for a winning time and medal. If she’s airborne a little too long and loses a fraction of a second, she might assume more risk and take the next turn sharper to get back the lost time. That sharper turn is risky but necessary to be the first one down the hill. For all the men and women competing in the downhill event, they make split-second decisions to assume risk or lessen it. That’s what makes the event so exciting to watch.
When Shaun White competes in the Halfpipe, he knows the risks he has to take to get a winning score. He might manage risk by executing an easier move instead of a harder one, yet score well enough to advance. Then again, White has a way of defying risk. At the U.S. Grand Prix where White secured his spot on the Olympic team, he went one better and put up a perfect score. From a risk perspective, how do you explain that?
Olympians in every event manage risk, while seeking to perform their best. In figure skating where a fall is unrecoverable, skaters manage risk by replacing a risky triple axel with a less risky double axel. The goal is to complete the routine cleanly. Even curling with its shouting and sweeping involves strategy and risk management.
Risk from technology
With each Olympics, we advance two years from the previous games. A lot can change in two years from a technology standpoint. In 2016 at the Rio Olympics, a major concern was cyber criminals using Wifi hotspots to steal visitors’ personal information and passwords. In 2018, the level and sophistication of cyberattacks has increased.
According to Wired, “more so than any previous Olympics, the run-up to Pyeongchang has been plagued by apparent state-sponsored hackers.” A Russian-linked campaign stole and leaked sensitive documents from Olympic organizations. Another attack spoofed a message from South Korea’s National Counter Terrorism Center and timed it to the actual terrorism drills. If a recipient opened the attachment in the message, a script would run giving access to the computer to the attacker.
Another likely risk and threat from technology is from unmanned systems like drones. A chemical or biological agent could be placed on board. Managing this technology risk requires technology. In this case, drones will be used to catch drones. If a dangerous unmanned aircraft comes near Olympic stadium or an Olympic venue, a drone-catching drone would cast a net over it.
Risk of a major incident
The risk of a major incident happening seems unlikely, but history tells us differently. At the 1996 Summer Olympics in Atlanta, a 40-pound pipe bomb exploded in Olympic Park. Terrorists taking athletes hostage occurred at the 1972 Olympics in Munich with tragic consequences. Pyeongchang is located just 50 miles from the North Korean border. With the world watching, could an act of terrorism occur?
South Korea is preparing for the threat with drills, training, and monitoring. As this article notes, an Olympic security force of 60,000 conducted drills, “from a terrorist taking athletes hostage and about to ram a vehicle into the Olympic stadium, to a chemical bomb exploding in a trash can as spectators run for their lives.”
Incidents and Olympics go together like figure skating and the Double Axel. Let’s hope risks of major incidents are managed and nothing tragic occurs.
Managing risk at the Olympics
The risk management examples we will look for in the next two weeks are world-class athletes balancing risk with the rewards for performance, managing the risk of technology being used for nefarious purposes, and major risks to physical security. May all these risks be managed or mitigated.
Learn about CIS’s first five controls and examine what each control addresses.
Learn about how privacy programs and the importance of being prepared for a breach.
Learn about the constant vigilance of continuous security monitoring.