Major Event Security and Effective Capability Building

Milipol Qatar organise this year a new session of highly informative seminars, case studies and disruptive panel debates featuring international thought leaders. 2 insightful seminar sessions already hold on Cyber security & Cyberthreats, and Civil Defense topics.

Today, Wednesday 31, the session covers the Large events security management topic.

Interview of Shimizu SatoshiCorporate Officer, Public Business Enablement Office, Trend Micro Incorporated is one of the speakers.

Integrated Risk Management

Due to its nature of complicated situation with regards to the major events, such as FIFA world cup or Olympic Games, it is quite important to set up the integrated risk management framework to ensure the event success. The risk management for the event sounds not difficult for everyone, but to address the proper and effective risk management, it is critical if it is the integrated or holistically approached because of following reasons.

  • Almost all risk area will have interaction with other risk areas.

  • So many stakeholders who has different value of senses.

  • Usually, the expectation set to higher than usual.

  • Cyberspace plays an important role to interconnect each risk area.

To address the proper risk management framework, it is recommended to have a top down approach with the strong leader-ship who should define and declare what is the success of the event, where the risk management scope can be properly addressed. A tip to develop the success measures, it is also helpful to have some “key words” such as “safety”, “athlete”, “hospitality” etc which help stakeholders to imagine the critical success factors – which is quite important to address quantitative risk management, not just qualitative one.

The leadership

The person in leadership position who leads the entire projects toward event success is of course the most important key person who should have a broad knowledge to influence to the various subject matter expert teams. For example, if the leader will leave the dedicated team for cyber security and will show no interest in what does team will do, it will easily concluded to let the team will lose the focus or sometimes the activities may not link to the goal of the events. Also, the leadership is not just by one person, it is important to define a clear RACI (Responsible, Accountable, Consulted, and Informed) to the leadership team.

How to face the “Cyber” as the risk-space ?

Sometimes, or more often, Cyber Security will be dealt as the isolated risk area but it is strongly not recommended approach. With the recent cybercrime landscape, technology can be categorized into 3 groups, 1) Technology as a Tool, 2) Technology as a Target and 3) Technology as a Distraction. Due to the evolving ICT, IoT or IIot etc, cybercrime can be a trigger to enable physically damaging crime as most of you knows ransomeware attack etc. Before start thinking about such a scenario, it is highly recommended to lift up the scope, such as “no down time during the event by power plan”, then you can find cyber-attack will be a part of (but very significant) vulnerability against defined “ideal state”. And this is typically draws how integrated risk management works.

Scenario based risk management

When the risk area are identified, and how cyber risk will interact with the risk is clear, next step is to develop the risk scenario which requires more detailed conditions, as well as understanding of the way how cybercriminals will attack to pursue their malicious intent against organization or the event itself. In this phase, it is also critical to know about potential adversaries to refine the TTP(s) <Tactics, Technique, Procedure> of each attack scenario. As all well applied risk management process, based on the scenario, next step is to evaluate the scenario and then to develop each plans to deal with each risk scenario. If the evaluation can be done in measurable level (quantitative), it will greatly help managing the budget and resource effectively.


Not just addressing the Risk Management PDCA (Plan, Do, Check and Act) cycle, it is quite important to have the OODA loop because it is quite effective to know what will be on going with regards to the risks, for example, if the sign of attack can be detected in a very early moment, you will have more option to take what kind of risk response. while if detected later. almost limited options remains. OODA (Observe, Orient, Decide and Act) loop upon the base of PDCA framework is the effective approach to enable the earlier detection of sign of risk. Other factors to make sure the PDCA cycles will work is the organizational or environmental changes – such as “keep on increasing stakeholders of organizing committee” which also tells us that “Check” and “Act” among PDCA is quite important which requires more frequent audit due to the drastic change. Lastly, it is quite critical to know that OODA requires the effective organization capability which also requires to understand how to build up the capability.

Organizational Capability

In the cyber security area, usually it is misunderstood that it is about the individual skill development. Of course the individual skill will support organizational capability, but is a part of the factors. Capability needs to be defined from the expectation or the vision, mission and strategy of the entire organization. Also, because the cyber threat evolves too fast, it is quite important to have a guidepost for the effective learning. It is recommended to refer to the taxonomy to understand from the beginning to the end to know what kind of knowledge, skills, experience and maturity required, then to go deep into the each subject matter expert learning. For example, research across the deep web became a hot topic, but it is quite important to understand first where and how to collect the artifacts of the cybercrime as well as the cyclic approach to reach to the proper scope of the crime – which is to finally identify WHO and WHY, not just WHAT and HOW over the crime. One of a good idea to address such an effective learning for the capability is to have “Body of Knowledge” which looks like bone of the human body, then to develop muscle upon the bone.