Cyber protection for the 2024 Olympics


From July 26 to September 8 this year, Paris will host the 2024 Olympic and Paralympic Games. And away from the stadia, track and field,  one of the main concerns that has already arisen has been the ability to respond quickly, in the face of cyber threats and attack vectors.

The symbolism of the Olympic Games, and Paris’ recent history as a terrorist target, will meet the current geopolitical issues linked to the war in Ukraine – and the question of the participation of Russian and Belarusian athletes – to create a perfect storm of a privileged target that is potentially exposed.

The response has been to task ANSSI with the cybersecurity of the Games and all digital protection of the sporting event. A budget of 10mn euros has been dedicated to conducting security audits, and a third of the agency’s teams will be dedicated to the Games by their opening.

ANSSI also announced the holding of “several crisis exercises” in 2023, spanning not only cyberattacks that target sports infrastructures but also the numerous elements of the supply chain – supporting the Games such as the French Anti-Doping Agency and businesses involved in transport, timing services, ticketing and other functions.

Such anticipation and preparation is justified. In April 2022, the technological management of the Paris Olympics predicted a likelihood of cyberattacks “eight to ten times” higher than those targeting the Tokyo Games in 2020.

Identifying the attack and threat

What does an attack amidst such a perfect storm look like? One example is the attack which targeted the computer system of the PyeongChang Winter Olympic Games in 2018, which remained famous under the name “Olympic Destroyer”. More recently, on the eve of the NATO Summit in Lithuania on July 11, the city of Vilnius suffered several distributed denial of service (DDoS) cyberattacks, targeting the websites of the municipality.

Both the NATO Summit and the Paris Games share the symbolism of Ukrainian membership and sovereign recognition. It is reasonable to expect an organisation such as RomCom, located in Russia, whose campaign of phishing aimed to break into participants’ computers at the NATO Summit, will attempt to hit the Games.

The 2024 Games present a major strategic challenge. The events will be spread over fifteen sites and eleven for the Paralympic Games, not counting the sites in Île-de-France and the stadiums throughout the Metropolis and in Tahiti. These are all computer structures to monitor and protect.

Despite significant preparation, the event will require rapid agility and the ability to intervene quickly, in the event of a security risk. Efficiency, speed and precision will be the hallmarks of a successful defence.

Identifying and qualifying the threat remains a major challenge. This involves mapping all assets (PCs/laptops, tablets, laptops) present on the information system(s) concerned, in order to exclude compromised assets. But it is only the first step.

The ability to identify malicious actions on the computer network, followed by rapid intervention, at any point on the network to protect a targeted site – or on a central “node” – must be an essential element of cyber protection for the 2024 Games.

Such comprehensive protection, so far in advance, may seem excessive. But in the modern world, such anticipation is going to be a key aspect behind the scenes, to allow us to celebrate, together, the Olympic spirit and the greatest sporting event in the world.