Securing a U.N. Climate Convention

Last year, CSC’s Global StrikeForce team was tasked to assess both physical and IT security used for the United Nations Framework Convention on Climate Change in Denmark. The conference’s goal: to reach a binding global climate agreement that would go into effect when the first commitment period under the Kyoto Protocol expires in 2012.

Some 30,000 people, including 15,000 delegates, 7,500 media members and 7,500 nongovernment participants attended the two-week conference. In addition, protestors, 2,000 of whom were arrested, joined as uninvited guests. Conference floor space, which spread across more than 60,000 square meters, was webbed with almost 1,000 kilometers of network cabling, 5,000 network end points, public and private voice and data networks, and a core network infrastructure that rivaled a large, permanent data center.

StrikeForce began work months before the December 2009 conference, providing security assessment and testing of the entire cyber and physical environment in which the U.N. conference would take place. Risks ranged from espionage against participants to protecting privileged information and infrastructure from outside groups pushing specific, and potentially disruptive, agendas. Denmark’s police force was responsible for external security.

Complex distributed security

During the project, StrikeForce worked with numerous participants, including government staff, such as heads of state, police and intelligence services; U.N. staff; nongovernment organizations; media; and IT suppliers. CSC worked with all participants to ensure the highest levels of security were achieved across all areas, including straddling groups that worked independently, but whose actions could have affected security in adjacent areas.

Protecting highly sensitive data

During the conference, United Nations staff and delegates accessed voice and data, much of which would have been considered highly sensitive, via internal trusted, external untrusted and semitrusted networks. During an event such as this, where hundreds of groups have different objectives and agendas, this segregation not only becomes more important, but infinitely more complex.

Everything from voice communications to print jobs needed to be protected from adjacent third parties. Hackers could have intercepted this traffic by introducing a rogue access point masquerading as a legitimate wireless access point.

Cyber reports and solutions

During the project, and after the conference was finished, we provided detailed assessment reports that identified security events as they happened and provided concrete solutions that would eliminate the potential for similar future events so they could be resolved before any damage occurred. CSC also provided a complete historical record of security events enabling users to fully investigate any actions or events that led to a failure of one or more of the security controls.

Each contractor and service provider supporting specific elements of the conference’s infrastructure was responsible for fixing any StrikeForce identified threats or weaknesses. StrikeForce worked directly with each group to determine the most effective and appropriate remediation plan based on the security objectives, time and budget.

Related Information:

Download a longer, PDF version of this case study.

Watch a video about our work Securing the UN Climate Convention

To learn more visit www.csc.com/strikeforce or contact us.