Paris Olympics Threatened by Cyberattacks

Commentary by Neli Rašović, Vice-President of Women4Cyber Montenegro

As the world eagerly anticipates the Paris 2024 Summer Olympics, it’s crucial to recognize the multifaceted challenges posed by cybersecurity threats. While the Games symbolize unity, excellence, and global celebration, they also represent a prime target for malicious actors seeking to exploit vulnerabilities in digital infrastructure.

The Paris 2024 Olympic and Paralympic Games will be the biggest events ever organized in France with billions of viewers worldwide, millions of spectators in Paris, and over ten thousand athletes, twenty thousand journalists, and thirty thousand volunteers. These individuals will all be connected through a labyrinth of digital networks ripe for exploitation.

The threat of cyberattacks and the Paris Olympics

The history of major sporting events is riddled with instances of cyberattacks, ranging from espionage and sabotage to data breaches and disinformation campaigns. Past Olympics, including Beijing 2008, Rio 2016, and PyeongChang 2018, have all fallen victim to cyber incidents, highlighting the pervasive nature of the threat.

The Tokyo 2020 Olympics faced over 450 million attempted cyberattacks, successfully blocked by the organizers. It is anticipated that the number of cyberattacks during the upcoming Games will be on the rise, particularly taking into consideration that the Paris Olympics are the first Games taking place in the artificial intelligence (AI) era. There is potential for AI-manipulated media to undermine the integrity of competitions.

Geopolitical tensions further complicate the risk landscape, as state-sponsored actors exploit digital vulnerabilities to advance political agendas. Ongoing conflicts have heightened concerns about retaliatory cyber operations targeting the Paris Olympics. Against this backdrop, it’s imperative for organizers to adopt a proactive stance and implement robust cybersecurity strategies to mitigate risks effectively.

Threats and countermeasures

On the severity of cyber threats speaks the fact that French authorities, led by the National Cybersecurity Agency (ANSSI), have included the military to mitigate cyber risks, acknowledging that present government resources may not be sufficient to counter all forms of potential cyber aggression.

Consequently, there is a notable emphasis on readiness and collaboration among cybersecurity specialists and governmental bodies, actively working to ensure the integrity of the forthcoming Paris 2024 Olympics.

Some of the key identified categories of cyber threats are:

1.  Cyber Espionage and Intelligence Gathering: Foreign intelligence agencies may target the Olympics to gather sensitive information about participating countries, athletes, officials, and event logistics. This information could be used for various purposes, including strategic advantage, political leverage, or future cyber operations.
2.  Disruption of Critical Infrastructure: Hacktivist groups or state-sponsored actors may attempt to disrupt essential services and infrastructure supporting the Olympics. This would include transportation networks, power grids, or telecommunications systems. These attacks could result in widespread chaos, logistical challenges, and public safety concerns.
3.  Supply Chain Attacks: Malicious actors may exploit vulnerabilities in the supply chain ecosystem of the Olympics, targeting vendors, contractors, or service providers involved in delivering goods and services for the event. Compromising these entities could lead to the insertion of malicious software, counterfeit products, or compromised infrastructure, posing significant risks to the Games’ operations and security.
4.  Cyber Attacks on Spectators and Visitors: With the increasing reliance on digital ticketing, mobile apps, and online platforms for event information and engagement, cybercriminals may target spectators and visitors attending the Paris 2024 Olympics. These attacks could involve phishing scams, fraudulent ticket sales, or the distribution of malware-infected mobile apps. By compromising personal devices or stealing sensitive information, such as financial data or personal credentials, cybercriminals can exploit unsuspecting spectators and undermine the overall security and experience of the event. Organizers must prioritize the protection of spectators’ digital assets and raise awareness on potential cyber threats to ensure a safe and enjoyable Olympic experience for all attendees.

To fight the identified threats, several measures are being taken:

1. Comprehensive Threat Assessment: ANSSI, in collaboration with international cybersecurity partners, has been conducting thorough assessments to identify and prioritize cyber threats facing the Paris 2024 Olympics.
2. Secure IT Systems: The Paris 2024 organizers, building on experience from previous Olympics, have been prioritizing the security of information systems and security operation centers (SOCs) by implementing robust encryption protocols and access controls.
3.  Data Protection Measures: Stringent data security measures, such as advanced encryption and access controls, are implemented to safeguard personal data and sensitive information from unauthorized access or exploitation.
4.  Cybersecurity Awareness and Training: Extensive awareness-raising campaigns and cybersecurity training programs are conducted for all stakeholders, including organizers, participants, volunteers, and spectators.
5.  Physical Security Measures: In addition to cybersecurity efforts, robust physical security measures are implemented to complement digital defenses.
6.  Advanced Surveillance Technologies: The French government will be deploying AI-based technological surveillance, including extensive networks of cameras integrated with AI algorithms, enabling them to closely monitor crowds and public areas for signs of suspicious activity.
7. Global Cybersecurity Alliances: Collaboration with international cybersecurity organizations and government agencies facilitates the sharing of intelligence on emerging cyber threats and best practices for mitigation.
8.  Simulation and Response Planning: Billions of cybersecurity simulations and response planning exercises have been conducted, training cybersecurity teams to identify vulnerabilities and refin response strategies.

Looking ahead: Ensuring a safe and successful event

As preparations for the Paris 2024 Olympics continue, it’s essential to remain vigilant and proactive in addressing cybersecurity challenges. By embracing innovative technologies, fostering collaboration, and prioritizing cybersecurity awareness, organizers can enhance the resilience of the Games against evolving threats.

The success of the Paris Olympics hinges not only on athletic achievement but also on the robustness of its digital defenses. By implementing comprehensive cybersecurity strategies and adopting a proactive stance, organizers can uphold the values of fair play, integrity, and unity that define the Olympic spirit. Jointly, all stakeholders can ensure the Paris 2024 Olympics are not only a celebration of sport but also a testament to the power of collective resilience in the face of adversity.