2024 Olympics: A Colossal Challenge for Cybersecurity

For the past two years, the cybersecurity world has been gearing up to host the Olympic Games, a global event that poses a significant virtual threat. Therefore, this challenge, which could jeopardize the entire country of France, must be addressed at all costs.

Olympics: A Historic Challenge

Paris 2024 Games

From Friday, July 26, to August 11, 2024, during the 33rd edition of the Olympic Games, the eyes of the world will be on France.

Over 17 days of competition, 10,500 athletes, 31,500 volunteers, and 26,000 accredited journalists are expected. The event will draw no less than 10 million spectators and 4 billion TV viewers (representing over half of the world's population).

In a society where everything is connected, the stakes of cyber threats are multiplied. The media exposure and excitement surrounding the Olympics increase the risks of cyberattacks, especially due to the significant visibility of this event and the volume of data that will be transmitted. The International Olympic Committee's motto is maximum anticipation! Zero incidents are the goal for the 2024 Games.

Previous Attacks Before the 2024 Olympics

Concerns about cyber attacks during the Olympics are real. In the past, regrettable events caused by cybercriminals have been witnessed, as they see it as a significant challenge.

Recently, in 2021 during the Tokyo Olympics, a staggering 450 million cyberattacks took place. In 2018, during the Winter Olympics in South Korea, a cyberattack targeting the Olympic website rendered it inaccessible for twelve hours, parallel to the Wi-Fi network at the Olympic stadium being cut off. Finally, during the 2018 Olympics in China, the intrusion of a malicious code named Olympic Destroyer plunged all screens into darkness during the opening ceremony.

These past episodes rightly put those in charge of the cybersecurity of the 2024 Games on high alert. No less than 3.5 billion virtual threats are expected, alarming predictions demonstrating the threat looming over this 33rd edition.

What Cybersecurity Threats Loom Over the 2024 Olympics?

Various digital attacks threatening the Olympics are expected from hackers:

- A risk related to Data, including personal data

- Server attacks

- Ransomware injection

- Takeover of IoT (Internet of Things) devices, used, for example, in event timing

- Hacking of the official Olympic website

- Ticketing system hacking via a DDOS attack

- Cyberattacks on press rooms

- Hacking of stadium access systems

- Hacking of TV broadcasting

- Hacking of the power supply to physical sites

?

A Collective Challenge

A substantial budget of 17 million euros is allocated to cybersecurity through ANSSI, as well as through the services of the SOC and outsourcing. The IT infrastructure revolves around 200 applications, about a hundred websites, and nearly 12,000 workstations spread over a hundred temporary sites. This significantly elevates the potential vulnerability.

The cybersecurity of the Paris 2024 Olympics involves an entire ecosystem of partners. The two selected providers to support this event in IT management are Alibaba, the sponsor of the IOC (International Olympic Committee), entrusted with the Cloud infrastructure, and the French giant ATOS, which handles outsourcing and part of the cybersecurity. It turns out that Alibaba is incompatible with GDPR and the management of sensitive and personal data. Therefore, this responsibility will ultimately be entrusted to ATOS, which is legitimate in this field. However, a portion of the data related to data processing remains within Alibaba's scope, which will have to work with ATOS to provide a coherent and efficient service to counter the most sophisticated attacks.

?

How to Guard Against Cyber Attacks?

To address this colossal challenge, five major guidelines are put in place by ANSSI:

1. Enhance knowledge of the threats to the games

2. Secure critical information systems

3. Protect sensitive data

4. Raise awareness in the Games ecosystem

5. Prepare to intervene in the event of a cyber attack affecting the Olympics

?

Other proactive and defensive measures are also implemented through advanced and innovative technologies:

- "Zero Trust" strategy: No implicit trust is granted when connecting to the internal or external network. No user or application is considered inherently reliable.

- All access is regulated with controls at each step.

- Maximum network segmentation to protect the overall infrastructure and minimize risks.

- Regular intrusion testing to assess system vulnerabilities.

- Acquiring tools such as XDR, NDR, or EDR to recognize the most sophisticated threats.

?

The 2024 Olympics represent a major strategic challenge in French cybersecurity. This event is an extraordinary global sporting spectacle but also the result of accomplished cybersecurity prowess.