COP26 | CyberLab Success Stories



Identity Events Management, the agency contracted to deliver the 2021 United Nations Climate Change Conference (COP26), needed to ensure that their defences were secure for the conference.

COP26 logo

The Client

Identity Events Management, the agency that was selected to deliver United Nations Climate Change Conference (COP26) in Glasgow had to facilitate over 40,000 on-site attendees including world leaders, government representatives, businesses, citizens, and the media. 

Identity developed and delivered ‘the largest and most complex hybrid event solution the world has seen,’ as well as providing a dedicated team to deliver exhibition organisation and build services to over 180 countries. 

The Challenge

As the largest event ever staged by the UK Government, COP26 extended beyond governmental meetings and negotiations to include press conferences, working spaces, a full media centre, bilateral rooms, a film screening amphitheatre, expo-style areas, and exhibitor zones.  

With so many high-profile delegates attending and important climate discussions taking place, it was imperative that their cyber security was tested thoroughly, and without impacting the experience of the delegates. 

The Solution

To provide assurance to both internal stakeholders and the Cabinet Office security team, we decided on a two-pronged approach including phishing simulations and penetration testing the event platform.  

Our team of expert consultants developed a comprehensive penetration testing plan specifically for the COP26 digital platforms, beginning with an external unauthenticated penetration test.  

When running unauthenticated penetration tests, we do not provide our penetration testers with credentials to authenticate with the application. This approach allows us to emulate how a real-world treat would approach the target systems, and to evaluate exactly what is exposed to an attacker and whether they would be able to gain unauthorised access.  

We followed this up with a round of authenticated testing where we provided our testers with credentials to authenticate as each of the user roles. This allows us to identify vulnerabilities that could be exploited within the application itself, such as allowing for the elevation of privilege or lateral movement within the system. 

Once the penetration testing stage of the project was complete, we began to focus on the weak link in any organisation – people. 

We ran an advanced phishing simulation campaign involving every Identity employee, before following up with an analysis of how well they fared through the simulation, and supplying resources on how to spot and report phishing emails to keep the channel secure.  

‘We were delighted to be involved in the security testing surrounding the United Nations Climate Change Conference, and to work alongside Identity as they delivered hybrid event solution. At CyberLab, working securely from anywhere is ingrained in our company, and this event really encapsulated this new way of working and accessing events.’

Gavin Wood, CEO, CyberLab 

The Outcome

With the results and analysis of their penetration tests, Identity could take peace in the knowledge that their systems were secure against a potentially debilitating cyber attack at critical time.  

COP26, which had received numerous cyber security threats in the run up to the conference, was executed without any major cyber attacks reported. The Glasgow Climate Pact was signed on 13th November 2021 by 197 national delegates.  

Identity went on to deliver other successful national events, including the Coronation of King Charles III on 6 May 2023. 

Speak With an Expert

Enter your details and one of our specialists will be in touch.

Whether you’re looking to implement basic cyber security best practice, improve your existing defences, or introduce a new system or solution, our team of expert consultants, engineers, and ethical hackers are here to help.

Our team specialise in creating bespoke security solutions and testing packages to improve and maintain your security posture.

We are 100% vendor agnostic and will only ever recommend the best products and solutions for your requirements.

If you like this, then take a look at…

Penetration testing
What Is
Penetration Testing?
Blog: Defence in Depth
Defence in Depth: A Valid Approach?
Prevention v Cure: Introduction to Pen Testing
Blog - Hybrid warfare and cyber attacks
Hybrid Warfare and Cyber Attacks