Cybersecurity during the Paris 2024 Olympic and Paralympic Games
The Olympic and Paralympic Games (OPG) are the most-watched sporting events in the world. Every nation strives to shine by winning as many medals as possible, thereby securing significant international prestige.
Beyond the sporting aspects, major events of this kind are particularly sensitive for the host countries. The success of their organization is crucial, especially in terms of security and cybersecurity.
The Paris Olympic and Paralympic Games, which took place from July to September 2024, were, of course, no exception. This was especially true given that they were held under unusual circumstances, making cyber threats ever-present.
A national and international context marked by tensions
While the run-up to the Games is traditionally marked by the Olympic Truce, it is clear that this tradition is increasingly being undermined by the political and geopolitical climate.
In France, social and political tensions were exacerbated by the holding of parliamentary elections on June 30 and July 7, 2024—less than 20 days before the start of the Paris Olympics.
On the international stage, conflicts involving major states or armed groups, not to mention growing geopolitical rivalries among major powers, have created fertile ground for potential cyberattacks.
All the factors were therefore in place to cast a significant shadow over the organization of the Olympic and Paralympic Games.
Terrorists, hacktivists (activists who use cyberattacks for political purposes), cybercriminals, or even hostile governments could have taken advantage of this major sporting event to carry out operations in cyberspace.
Cyber threats are becoming increasingly prevalent during the Olympics
In fact, cyber threats in the Olympic sphere did not first emerge in 2024. They have grown alongside the increasing role of digital technology in our society.
As early as 2008, the Beijing Olympics had been the target of cyberattacks. Cybercriminals had seized upon the economic opportunities presented by the event: selling counterfeit tickets to attend the competitions, conducting mass phishing campaigns to steal personal or banking information, and so on.
This year's event was also marked by the actions of hacktivists who took advantage of the platform provided by the event to address political issues.
In 2012, in London, a DDoS attack (a denial-of-service attack designed to disrupt server operations) was reported, but it did not disrupt the smooth running of the event.
In 2014, the Sochi Winter Olympics were marred by a cyberespionage operation that targeted Olympic organizations, athletes, spectators, and journalists alike.
In 2016, in Rio, cyberespionage once again made headlines, along with a significant increase in the number of phishing attempts leading up to the Games.
In 2018, for the first time, a large-scale cyberattack targeted the opening ceremony of the Winter Olympics in Pyeongchang, South Korea. The attack was intended to disrupt the smooth running of the event and its broadcast.
As the Paris Games approached, the cybersecurity landscape was therefore well understood. Simply put, the question was no longer whether cyberattacks would occur, but rather how to minimize their impact as much as possible.
Analyze, raise awareness, and secure systems to anticipate cyber threats
Major events are unique in that the primary objective is to carry out the mission at all costs. In other words, in the event of a cyberattack, the ability to recover must be immediate.
Based on this premise,ANSSI (the French National Cybersecurity Agency) has been working closely with the relevant authorities and the Paris 2024 Organizing Committee.
Security measures for the Games against cyber threats were organized around five key areas:
- Identify the cyber threats facing the Games
- Securing critical information systems
- Protecting sensitive data
- Raise awareness within the gaming industry
- Preparing to Respond to a Cyberattack
It should be noted that the Paris 2024 ecosystem comprised nearly 500 entities, divided into three categories based on their criticality. Each entity received support from ANSSI (cybersecurity audits, technical assistance, etc.).
The main challenge for the relevant authorities has been to raise awareness among employees within the Games ecosystem, who serve as the first line of defense in cybersecurity. This requires paying close attention to phishing and smishing attempts, which serve as the entry point for 80% of cyberattacks.
Learn how to raise your employees’ awareness of phishing prevention with the solution AvantdeCliquer.
Cybersecurity for the 2024 Paris Olympics: Time to Take Stock
ANSSI had anticipated a very critical summer from a cybersecurity perspective. While no cyberattacks made the headlines, that does not mean there were none. In fact, some 548 incidents affected the Games ecosystem between May 8 and September 8, 2024.
Of these 548 cases, only 83 were classified as “incidents”—that is, events in which hackers successfully reached their target. The overwhelming majority were therefore classified as “reports,” meaning that the impact on the victims’ information systems was limited.
One of the main objectives was to ensure that the opening and closing ceremonies went smoothly. Given that these events are watched by hundreds of millions of people around the world, it is easy to see just how much is at stake.
The goal was achieved, as no cyberattacks disrupted the events or, for that matter, the smooth running of the competitions. Cybersecurity can even be considered one of the major successes of Paris 2024. Unfortunately, it hasn’t received much media attention.
Organizing the Paris Olympic and Paralympic Games provided many stakeholders with an opportunity to make progress in the field of cybersecurity. The challenge now is to build on this momentum and not fall behind hackers—all while navigating a tight budget.
Especially since there haven’t been any major incidents to report. Paradoxically, this can lead to a relaxation of cybersecurity practices. Hence the importance of continuously training and raising awareness among the key players in cybersecurity: people.
Outlook: Cybersecurity in the Events Industry
One of the lessons learned from organizing the Olympic and Paralympic Games is that it highlights the vulnerability of events—particularly sporting events—to cyber threats.
It’s important to keep in mind that an event planner’s job is to successfully execute a project within a relatively short timeframe. Cybersecurity may seem unnecessary in this context, and for many stakeholders, it’s not yet second nature.
Especially since the entities involved in organizing these events are mostly small businesses. They obviously cannot afford the same level of cybersecurity measures as large corporations.
However, because of the media attention they attract, major events are a prime target for hackers. And they will likely become an even bigger target in the future.
That is the whole point of the Stadia project led by Interpol, which aims to establish a center of excellence for security (both physical and cybersecurity) at major international events, particularly sporting events.
Finally, it will be interesting to see whether the experience gained from the Paris 2024 Olympic and Paralympic Games in terms of cybersecurity will be incorporated into the French implementation of the European NIS2 Directive.
Sources: www.cyber.gouv.fr, www.blog.sekoia.io, CyberCercle Morning Briefing on November 13, 2024, featuring Philippe LATOMBE (Member of Parliament for Vendée), Nicolas Moreau (Digital Security Advisor to the Paris Police Prefecture), and Franz Regul (Head of Information Systems Security for Paris 2024).
CIOs, CISOs, DPOs, request a free demonstration of the fully automated phishing awareness solution:
