Cybersecurity: Preparing for Paris 2024 Olympic Games

The Paris 2024 Summer Olympic and Paralympic Games will be the largest event to be held in France since 1900. The figures are staggering: a budget of 7 billion euros, 4 billion television viewers, 12 million spectators, 30,000 volunteers, 10,000 athletes, 206 nations, and 40 competition sites to secure. But let’s not forget the figures linked to the cyber issue either: following on from half a billion attacks in 2016 in Rio, the figure rose to over four billion cyberattacks during the Tokyo Games in 2021. Hence the importance of cybersecurity for this global event.

By Victor Poitevin, Editorial & Digital Manager at Stormshield

What Cyber Risks Do the Olympic Games Present?

For the organizers of this unique event, cyber risks are everywhere. Video capture systems for television or referees, CCTV cameras and alarm systems, badges, and ticket readers… every piece of smart equipment represents a potential entry point for cybercriminals. On top of this are issues of logistics and the subcontracting chain, which significantly increase the attack surface.

In addition, this Paris edition includes sporting events not just inside sealed-off stadiums, but also at the heart of iconic French cultural sites. Archery at the Invalides, beach volleyball at the Eiffel Tower, fencing at the Grand Palais, the opening ceremony on the Seine River… These open venues in the capital bring their own set of difficulties in securing them. Increasing digitalization and dematerialization thus suggest a rise in the level of cyber risk for organizers.

Fans, spectators, or television viewers are also potential victims here, suffering the impact of cyberattacks that can, for instance, bring down television broadcasting systems. But they can also be direct targets of cyberattacks, through phishing campaigns. Threats during the Olympic and Paralympic Games can also target the athletes themselves: for example, by compromising digital scoreboards and stopwatches or hacking into their hotel rooms. All are potential targets for these threats, as feedback from previous Olympic Games has shown.

A Decade of Cyberattacks on the Olympic Games

Going back to 2004 and the Athens Games, the main risk of technology disruption came from local seismic activity. In 2008, at the Beijing Games, a few dummy sites were set up for selling fake tickets. But cybersecurity only really came to the forefront of organizers’ priorities with the attack on the opening ceremony of the London Games in 2012.

London 2012

London 2012 was the event that marked the beginning of cybercriminals’ focus on the Olympic Games. At that time, more than 212 million cyberattacks were recorded on the day of the opening ceremony, marked by multiple offensives such as a distributed denial of service (DDoS) on the electricity infrastructure.

Sochi 2014

Yet in 2014, at the Sochi Winter Olympics, there were no major cybersecurity incidents. Closed communication from the Russian state? A lack of interest from cybercriminals, or fear of reprisals? The question remains open…

Rio 2016

In 2016, at the Rio Games, numbers went into overdrive, with half a billion cyberattacks reported – or 400 attacks per second. Large-scale DDoS attacks were carried out against the websites of the Olympic partner organizations several months before the opening ceremony.

PyeongChang 2018

In 2018, the phenomenon rose to further public prominence, impacting the opening ceremony of the PyeongChang Games. Some spectators faced challenges printing their tickets for stadium entry. There were issues with on-site Wi-Fi. The ceremony was not broadcast on the stadium screens. The RFID sensors on the access doors were inoperative. The official Olympic application experienced functionality issues, impacting access to the ticket office, timetables, information on hotels, access cards, etc. These problems had immediate consequences.

Tokyo 2021

In 2021, the Tokyo Olympics, postponed for a year due to a global pandemic, were held behind closed doors. Despite this, this edition would not be free of attacks, with 4.4 billion cyberattacks being launched against the organizers. According to the Nippon Telegraph and Telephone Corporation (NTT), various attack vectors were used, such as phishing emails and fake websites posing as the official Games websites.

Beijing 2022

Finally, in 2022, during the Beijing Winter Games, the official anti-COVID-19 application, My2022, would prove to be controversial due to fears of cyber espionage. A reverse-engineering study of the application later showed that athletes’ conversations were being collected, analyzed, and saved on Chinese servers.

These are primarily external threats, targeting organizers, athletes, the public, and, more broadly, government institutions. That’s why Paris 2024 needs to be ready!

Preparing Cybersecurity

The Olympic Games organizing committees (OCOG) apply lessons from past editions to prepare for cyberattacks. Each edition is unique; the changing context, evolving threats, and increasing attacks make comparisons with previous events difficult.

In response to the ever-increasing number of complex and innovative cyberattacks, the French authorities are getting their act together. For example, the ANSSI cybersecurity agency has collaborated with its Japanese counterpart, the NISC (National Center of Incident Readiness and Strategy for Cybersecurity). This facilitates enhanced dialogue and knowledge sharing on cybersecurity insights gained from major sporting events like the Rugby World Cup and the Olympic Games.

From an organizational perspective, the cybersecurity budget for the Paris edition totals over €17 million. It includes a prevention and defense program with full-scale simulations, secure application code, and an effort to compartmentalize network and server layers when designing infrastructure. Additionally, it involves security audits and the establishment of SOCs.

In line with previous editions, the major cyber threat to the Paris 2024 Olympic and Paralympic Games is state-sponsored disruption.  Some attackers might target certain systems to gain unauthorized access. Others could force spectators to leave and gather outside protected enclosures, facilitating terrorist attacks.

With the risk of terrorist attacks and other homeland security issues, cybersecurity should not be considered in isolation, but as an integral part of the event’s security program. 

WATCH OUR VIDEO REPORT. Inside Marseille’s Future Nautical Stadium for Paris 2024 Olympics