One chance to succeed

Later this month, around 2,500 athletes from around the globe will meet to compete at the Winter Olympics held in Turin. They will take part in 84 events in 15 sport disciplines at 14 competition venues, watched by 10,000 media representatives, a million spectators and an expected three billion television viewers.

Information systems have a crucial part to play in feeding that interest and getting the latest results out to an impatient audience. And for those charged with building those systems, security and reliability are essential.

"There are no second chances", says Claude Philipps, programme director at Atos Origin, the company in charge of the task. "It is unique because it cannot be postponed or delayed." Any downtime would be unacceptable, and information has to be available within seconds, regardless of traffic on the network. At the Athens Olympics in 2004, for example, 16 million pages were viewed on the intranet alone.

The company's responsibilities include providing the data feed to the official Turin 2006 website and managing the official intranet service, INFO2006, which is available to accredited media and athletes' families. Applications range from accrediting 90,000 athletes, coaches, and officials, to sending results to broadcasters and media representatives within a fraction of a second.

The system includes 4,700 networked terminals installed across the various venues, with local support staff to keep things up and running.

It is a daunting task and the Atos team only has to look back at the 1996 Atlanta games to see how bad things can get when systems fail. At that time, IBM was running the show and systems collapsed under the weight of work.

What happened there has been described as a nightmare for the IT team. Not only was information delivered late, but it was also often completely wrong about basic facts, such as competition results, athlete information, weather forecasts and the countries competing.

In the end, media representatives were seen running from venues to the press centres to deliver information and also began installing faxes and laptops, because the online systems had failed. Even the EU demanded reimbursement from the International Olympic Committee for the funds it had provided for computer terminals.

As a result Atos Origin took over the job and has been managing the Olympics' IT ever since, with its contract running up to the London games in 2012. But any mention of IBM and Atlanta is still strictly taboo. Any attempt to discuss it with them is met with mumbles and sentences that trail away to silence.

"IBM couldn't make it work", says member of the management board Xavier Flinois.

"I don't want to think about that," says Massimo Dossetto, IT security architect. "It's part of every job – in every job there is that possibility. All you can do is make sure you have planned everything and redundancy is in place. It's like the risk that you have in every job. If you are designing planes, or if you are a part of the engineering making the Airbus, you are assuming the same risk."

Enrica Brisonzo, technology manager for the Palavela venue, cannot even admit the possibility of failure. "No! Please! I don't want to think about it," she winces.

Behind the scenes, though, the company has worked hard to anticipate any kind of failure and to plan against it. It has installed two separate data centres for redundancy, and a raft of defences (see panel, right) to keep out malware and the inevitable attempts that will be made to bring the system to its knees.

Because the Olympics are always highly visible events, causing a disturbance to the games in any way would be the ultimate prize for a hacker, so the network itself is a prime target, as are the final scores of the competitions. There is also the risk of an overloaded network due to a high number of users, as well as the threat from within, either from employees trying to sabotage the network or more benign factors such as staff becoming overwhelmed and forgetting their training once in the pressure zone during 'game time'.

Systems security is, therefore, key to the smooth operation of the games. The security architecture includes a standard layer of defence of anti-virus, firewalls and intrusion detection systems. According to Dossetto, Cisco provides network security and firewalls, anti-virus comes from Symantec and intrusion detection is a mixture of Cisco and Symantec.

Atos has applied its experience from previous games to identify and mitigate threats. "We don't reinvent the wheel each time," says Philipps. They use a risk-based approach by testing various scenarios – 300 in their last test rehearsal – which enables them to detect and control any known or predicted risks.

Part of their risk management plan involves 200,000 hours of testing in order to understand what is normal activity on applications, servers, PCs and the network by measuring the bandwidth needed, so monitoring controls will log an incident if anything abnormal occurs.

The test scenarios also involve simulating the three busiest days of the games. "We tested a lot of things, including a simulation of a virus in the system," explains Dossetto. Other tests include reactions to power failures, hardware failures, and people disconnecting devices to plug in their own.

In addition, all 1,200 members of the IT team will go through an intense two weeks of training in security policies and procedures before the event starts. At the Athens games in 2004, the systems experienced 452 high-level or critical alarms, but none had any impact on performance. The IT security team in Turin intends to do just as well.