Football, the World Cup, a sport with a long history of bringing people together, is a popular and exciting event.
Qatar, the 2022 host country, is expecting around 1.5 million visitors during this sporting month. Preparing for a World Cup brings with it a host of challenges. How will the country manage the issues surrounding the event? How has it prepared for cyber risks?
Major international competitions are ideal targets for hackers. Here are a few examples: during the 2014 World Cup, 2,000 targets per day were recorded. In 2018, during the Pyeongchang Games, a cyber attack disrupted the official Games application, cutting off WiFi, Internet and television. Finally, the last World Cup in Russia recorded 25 million cyber attacks. Qatar will be no exception.
What might be the motivation?
We can of course cite the financial lure, but also hacktivism, particularly for this controversial World Cup. It's an opportunity to make your demands heard: climate protest, defence of human rights, challenging the awarding of this event to this country... Finally, let's not forget the geopolitical context in which Qatar finds itself. Its position as a gas exporter to the detriment of Russia places it at the heart of major geostrategic issues. It is against this backdrop that the country will have to do its utmost to protect the smooth running of this global event, thanks to international cooperation and new security innovations.
What have they set up?
For several years now, , Qatar has understood and taken on board the challenges and risks associated with cybersecurity.
In 2005, the Ministry of Transport and Education created the Qatar Computer Emergency Response Team (Q-Cert). The team's mission is to provide information on current and emerging threats to information systems, encourage the adoption of best practices and tools in terms of cybersecurity, and strengthen the capacity to manage and respond to cyber risks.
Qatar has also financed the STADIA project created in 2012 by Interpol. The aim of this project is to help countries plan and put in place the appropriate systems needed to organise major sporting events.
Finally, the Supreme Committee for Delivery and Legacy has published the Qatar 2022 cyber security framework. The controls are mapped to international standards: ISO 27001, NIST SP 800-53, PCI-DSS and RGPD.
With regard to the World Cup alone, the Security Committee has organised cooperation exercises covering various aspects such as defence, resilience and incident response. The aim is to strengthen the role of the participating forces in carrying out their mission, and to exchange and share information and feedback.
Ready to go?
Qatar has prepared for cybersecurity risks, but is it really up to speed? Some of the organisations that had to comply with the requirements of the Qatar 2022 Cybersecurity Framework were unable to do so on time. "Preparation is half the battle": on paper, Qatar is more reassuring than worrying, and the resources used should set an example at every level. As the World Cup gets underway, we'll be keeping a close eye on this month from both a cyber and a footballing perspective.
Allez les bleus ! 🇫🇷
Cybersecurity is a huge challenge, especially for such global events. Interestingly, despite all efforts, not all organizations have had time to prepare.