The Paris 2024 Olympic Games are a premier global event, attracting not only the international spotlight but also the attention of cybercriminals, turning this sporting event into a major arena for cybersecurity. With an alarming estimate of more than 4 billion anticipated cyberattacks, compared to 450 million during the Tokyo 2021 Games, France faces an unprecedented challenge in the history of the Olympic Games.
The increase in cyber risks for businesses and critical infrastructure is explained by the convergence of several factors. First, the Olympic Games are an exceptional showcase, not only for athletes but also for cybercriminals seeking to maximize the impact of their actions. Baptiste Robert, founder of Predicta Lab and an ethical hacker, points out that the threat is real and imminent, capable of affecting both the smooth running of the competitions and essential services such as transportation networks.
The cyber threat landscape is constantly evolving, with malicious actors exploiting every opportunity to inflict damage, whether through sabotage, reputational harm, or financial gain. Franz Regul, head of information systems security for Paris 2024, highlights three main risk categories: endangering people, sabotaging operations, and harming image and revenue. This diversification of threats requires an equally complex and robust response.
The cyber defense strategy put in place to counter these threats revolves around three main pillars: anticipation, cooperation, and expertise. Anticipation is critical for identifying and neutralizing threats before they materialize. Cooperation, both nationally and internationally, enables the sharing of knowledge, experience, and best practices in cybersecurity. Finally, technical expertise and the implementation of innovative security solutions are essential to ensure the protection of critical infrastructure.
The Olympic Games, given their visibility and importance, have always been a prime target for cybercriminals. Here are some notable examples of cyberattacks during previous editions of the Olympic Games:
- Vancouver 2010 Winter Olympics: Although the specific details remained relatively quiet, these Games are recognized as a starting point for awareness of cyber threats targeting Olympic events. Phishing attacks and attempts to compromise IT systems were reported.
- London 2012 Olympic Games: The British cybersecurity agency had detected reconnaissance missions targeting the Olympic stadium's power supply just hours before the start of the Games. While these attempts did not result in major disruptions, they highlighted the need to strengthen cybersecurity around the Games' critical infrastructure.
- Sochi 2014 Winter Olympics: Russia's sensitive geopolitical situation at the time attracted numerous cyberattacks. Several Russian institutions and organizations, even those with no direct link to the Games, were targeted, demonstrating the potential scope of cyber threats during such events.
- Pyeongchang 2018 Winter Olympics: One of the most notorious cyberattacks was the "Olympic Destroyer" malware. Just before the opening ceremony, the attack disrupted the stadium's Wi-Fi network and affected the official Games website, preventing results from being displayed and causing problems for ticket printing. Although quickly contained, the attack showed how vulnerable Olympic Games systems could be.
- Tokyo 2020 Olympic Games (held in 2021 due to the pandemic): These Games saw a massive surge in cyberattacks, with an estimated total of 4.4 billion according to some reports. These attacks included phishing attempts, distributed denial-of-service (DDoS) attacks, and disinformation campaigns. The nature of these attacks was diverse, ranging from simple disruption to more sophisticated attempts at data theft or espionage.
These examples illustrate the variety and evolution of cyber threats facing the Olympic Games. They also underscore the critical importance of strong cybersecurity preparation and response to protect not only infrastructure and data, but also the integrity of the competitions and the safety of participants and spectators.
The growing integration of Internet of Things (IoT) technologies into the Paris 2024 Olympic Games infrastructure opens a new field of cyber risks. IoT equipment such as digital timekeeping systems, advanced surveillance cameras, and athlete performance tracking devices offer significant benefits in terms of efficiency and engagement. However, their interconnectivity and ubiquity make them vulnerable to cyberattacks. A hacker could, for example, target the timekeeping system to alter competition results, or take control of cameras to compromise event security. In addition, compromise of these devices could lead to personal data breaches, jeopardizing the privacy of athletes and spectators. Securing IoT equipment is therefore a major issue for the organizers, requiring robust cybersecurity measures to prevent and counter any form of cyber threat.
Past experiences, particularly the incidents that occurred during the Pyeongchang 2018 Games with the Olympic Destroyer malware, are a reminder of the critical importance of constant preparation and vigilance. Subcontractors represent a notable vulnerability in the cyber defense system, underscoring the need for a secure supply chain and high security standards for all partners involved.
Beyond the technical dimension, awareness plays a vital role. Since human error is responsible for a large share of security breaches, in-depth training and awareness for employees, suppliers, and even athletes are essential to minimize risk.
In conclusion, the Paris 2024 Olympic Games highlight the considerable challenges that cybersecurity represents in an increasingly interconnected world. The success of this event will depend not only on the performance of the athletes but also on the ability to secure this great celebration of sport against cyber threats. France, its companies, and its institutions are therefore engaged in a long-distance race against cyber threats, where vigilance, innovation, and collaboration will be the keys to victory.
Sources:
https://www.solutions-numeriques.com/iot-leurope-la-plus-touchee-depuis-le-debut-de-lannee/