The organisers of the 2018 Gold Coast Commonwealth Games are hunting for an IT security firm to protect the high-profile event from cyber attack, and say they will consider swapping branding at the event for the service.
The government body running the event is expecting a cumulative TV audience of over a billion people, 1.1 million ticket sales, 84 million page views on its websites, and 6600 athletes and officials for the April 2018 games.
This scale, it says, will make it a popular target for would-be hackers and cyber criminals, so it is looking for a provider with a strong Australian presence to deliver 24x7 security monitoring and forensic response capability for the lead-up to and duration of the event.
The successful provider could even see its logo pinned to the international sporting event if it takes the Commonwealth Games Corporation up on its offer of an “value in-kind” deal that could see cyber security services traded for sponsor status.
“[Value in-kind] must be budget relieving against the agreed final scope of work and schedule of rates,” the organisation said in tender documents.
The games organisers are hoping to have a cyber security operations centre running regular monitoring activities from the first quarter of 2017.
Full-scale activities will peak between March and April 2018, when the IT fleet will jump from 350 desktops to 1650 and website traffic will ramp up to an estimated one million visitors per day.
Sport fans will also begin flowing to a proposed proprietary Commonwealth Games app for iOS and Android.
The games organisers expect to sign a supplier to conduct at least 20 rounds of penetration testing, identify a list of likely assailants in the lead up to the games by monitoring social media and compiling intelligence from other sources, and to analyse games systems and infrastructure for vulnerabilities and the presence of malware.
The Gold Coast Commonwealth Games Corporation has been progressively building up a Microsoft-based IT environment for a number of years.
It expects to decommission and phase out the cyber security services by the second quarter of 2018.