Cyber security of Mega Events: A Case Study of Securing the Digital Infrastructure for MahaKumbh 2025 -- A 45 days Mega Event of 600 Million Footfalls

TL;DR

This paper details the cybersecurity approach for MahaKumbh 2025, a large-scale 45-day religious event with 600 million participants, emphasizing risk management and securing temporary digital infrastructure against cyber threats.

Contribution

It presents a novel cybersecurity assessment and risk management methodology tailored for the unique challenges of securing temporary mega-event digital infrastructure.

Findings

No successful cyber attacks during the event

Effective risk management strategies implemented

Framework applicable to future mega-events

Abstract

Mega events such as the Olympics, World Cup tournaments, G-20 Summit, religious events such as MahaKumbh are increasingly digitalized. From event ticketing, vendor booth or lodging reservations, sanitation, event scheduling, customer service, crime reporting, media streaming and messaging on digital display boards, surveillance, crowd control, traffic control and many other services are based on mobile and web applications, wired and wireless networking, network of Closed-Circuit Television (CCTV) cameras, specialized control room with network and video-feed monitoring. Consequently, cyber threats directed at such digital infrastructure are common. Starting from hobby hackers, hacktivists, cyber crime gangs, to the nation state actors, all target such infrastructure to unleash chaos on an otherwise smooth operation, and often the cyber threat actors attempt to embarrass the organizing country or the organizers. Unlike long-standing organizations such as a corporate or a government department, the infrastructure of mega-events is temporary, constructed over a short time span in expediency, and often shortcuts are taken to make the deadline for the event. As a result, securing such an elaborate yet temporary infrastructure requires a different approach than securing a standard organizational digital infrastructure. In this paper, we describe our approach to securing MahaKumbh 2025, a 600 million footfall event for 45 days in Prayagraj, India, as a cyber security assessment and risk management oversight team. We chronicle the scope, process, methodology, and outcome of our team's effort to secure this mega event. It should be noted that none of the cyber attacks during the 45-day event was successful. Our goal is to put on record the methodology and discuss what we would do differently in case we work on similar future mega event.