As the world anticipates this summer’s Olympics, the head of cybersecurity for the Games faces an unprecedented challenge: billions of cyber attacks targeting the event.
The 2024 Olympic and Paralympic Games are expected to have about 9.7 million spectators across 40 official sites. With France in the global spotlight for almost two months, cybersecurity is a crucial concern for the organizers at every stage of planning and hosting the Games.
France is investing $94 million in cybersecurity with extensive planning and international collaboration to protect the Paris Olympics. Despite these efforts, the likelihood of multiple cybersecurity campaigns remains high.
The cybersecurity team at the last Summer Games, in Tokyo in 2021, reported that it faced 450 million attempted “security events.” Paris expects to face eight to 12 times that number, said Franz Regul, managing director for IT at the 2024 Paris Olympics.
The International Olympic Committee (IOC) cannot simply rely on the cybersecurity measures from the last Olympics, as technology evolves rapidly, and new threats emerge. Eric Greffier, head of partnerships at CISCO, explained: "In terms of cybersecurity, four years is the equivalent of a century."
A History of Cyber Threats
The Olympic Games have long been a target for cyber criminals. Here are some notable examples from the past seven Olympics, highlighting challenges that Paris planners may face:
2008 Summer Olympics (Beijing, China)
“Operation Shady Rat”: A cyber espionage campaign targeting the IOC, Olympic Committees, and the World Anti-Doping Agency from 2006 to 2011.
Fraudulent Activities: Included fake ticket websites, spear phishing, and deceptive streaming platforms.
2012 Summer Olympics (London, UK)
212 Million Cyber Attacks: A notable 40-minute DDoS attack disrupted power systems in Olympic Park.
Phishing Campaigns: Scams promising free airline tickets through fake surveys.
2014 Winter Olympics (Sochi, Russia)
Cyber Espionage: Targeted Olympic organizations, judges, journalists, spectators, and athletes.
U.S. State Department Alert: Warned travelers about cybersecurity threats.
2016 Summer Olympics (Rio de Janeiro, Brazil)
DDoS Attacks: Affiliated organizations experienced significant DDoS attacks before the Games.
APT28 Campaign: Russian military intelligence targeted the World Anti-Doping Agency.
2018 Winter Olympics (Pyeongchang, South Korea)
“Olympic Destroyer Attack”:
Traced to Russian military intelligence, confirmed by cybersecurity firms and the U.S. Department of Justice.
Allegedly in retaliation for the IOC's ban on Russia from the Pyeongchang Games due to widespread doping violations.
Used sophisticated malware to delete data, disrupt networks, and create operational chaos.
Impact:
Significant delays and communication breakdowns.
Confusion during the event. Official website taken offline, preventing ticket printing.
Wi-Fi at the stadium knocked out, hindering communication among staff.
2021 Summer Olympics (Tokyo, Japan)
450 Million Cyber Threats: Two and a half times higher than the London Olympics.
Phishing and Espionage: Fake "Olympic Games Official Token" scams and espionage campaigns.
The Rising Stakes
As technology becomes more important in the Olympics, the risk of cyber threats increases. Hacking groups and nation-states pose significant threats, with Russia being a particular concern due to past incidents and ongoing tensions with France and the IOC.
Cybersecurity measures are now seen as more crucial than ever, with cyber attacks considered more likely to cause disruption than physical threats. The focus on cybersecurity highlights the evolving nature of threats facing high-profile international events like the Olympics.
Increased Technology Usage
The IOC has revealed its "AI agenda" for the games, aiming to make it the most technologically advanced event ever.
IOC President Thomas Bach emphasized that the sporting realm doesn't grapple with what he termed "the existential question" confronting other societal sectors—whether AI will supplant human roles. He highlighted that "in sport, the performance will always have to be delivered by the athlete." This allows the IOC and the entire sports community to focus on leveraging AI to support the athlete.
Intel is teaming up with the IOC to boost AI capabilities for the Olympics through:
Creating an immersive sports experience for fans in Paris, connecting them with Olympic athletes.
Enhancing athlete performance analysis using AI applications on Intel's processors.
Transforming archive videos into 3D digital artifacts for the Olympic Museum.
Improving broadcasting with AI, encoding high-quality live TV signals for global live streaming.
Bach recognized the risks of the technology, but emphasized that the IOC was dedicated to embracing new technology, adding, "we are determined to exploit the vast potential of AI."
Advanced Preparations for Paris 2024
Considering past incidents and the increased reliance on technology, Paris 2024 organizers are leaving no stone unturned. They have been conducting extensive "war games" in collaboration with the IOC and partners like Atos, the Games’ official technology partner.
During these exercises, ethical hackers are hired to attack the systems in place for the Games, and "bug bounties" are offered to those who discover vulnerabilities.
Despite these preparations, concerns remain. Critical systems like event scheduling and ticketing could still face potential disruptions. Paris organizers have trained staff to recognize phishing scams, yet incidents of impersonation and fraudulent emails have already occurred.
The 2024 Paris Olympics promises to be a spectacular sporting event as well as a critical test of advanced cybersecurity measures.
As the world watches the athletes compete, another battle will be taking place behind the scenes—a digital battle to protect the integrity and smooth operation of the Games. The outcome of this battle will set a new precedent for how cybersecurity is handled at international events.