Cybersecurity Concerns Test Paris Olympics Preparations

Paris Olympics, cybersecurity

The opening ceremonies of the Paris Olympics are set for just over a month from now, and the event is starting to look a lot like the banking and payments industries: Expect a lot of data, a big dose of AI and the ever-present concern around cybersecurity.

Because while the rest of the world is preparing for “faster, higher, stronger” security professionals are preparing for the eventuality of a wide range of scenarios that make a global event a target.

“I would anticipate that the cybersecurity threats targeting the 2024 Olympics in Paris will be diverse, sophisticated, and persistent,” Steven Baer, vice president, field sales and services at cybersecurity firm NetWitness told security news source Dark Reading.

“I would expect to see cyberattacks aimed at stealing sensitive data, disrupting critical infrastructure, sabotaging operations, extorting money, or spreading propaganda and misinformation” Baer added. “The Games are a prime opportunity for cybercriminals, nation-state actors, hacktivists, and terrorists to exploit the vulnerabilities of a high-profile event with a global audience.”

In 2021, the Olympics Games in Tokyo endured an estimated 450 million cyberattacks, according to technology giant Cisco. The company is an official partner for Paris 2024, and says it expects eight times more attacks on the Paris Games.

Cisco is responsible for providing network infrastructure and cybersecurity solutions to ensure the safety and smooth operation of the Games. The company reported that it has been collaborating with the French Cybersecurity Agency (ANSII) and other key partners like Atos and Orange​. It has been largely silent on its strategy outside of focusing on securing the communication and entertainment infrastructure that will connect venues, teams, volunteers and fans.

However, that hasn’t stopped some of its competitors from weighing in.

For example, Google Cloud company Mandiant has warned that disruptive operations could target the Games to cause psychological effects and reputational damage through website defacements, DDoS attacks, wiper malware and operational technology targeting.

Information operations are also likely to exploit the heightened global interest, spreading disinformation and leveraging disruptive attacks to amplify specific narratives. Financially motivated actors may seize this opportunity with ticket scams, theft of personal identifiable information (PII) and extortion, Mandiant executives said, writing on the Google Cloud blog.

“Organizations involved in the Games should update their threat profile to account for potentially new threats to which they will be exposed,” the blog post stated. “Intelligence on relevant threat actors can be used to inform detection efforts, insert proactive security controls, conduct threat hunting within a network, and inform cyber risk assessments linked to the Games.”

Several organizations, including Cisco, will be organized into teams that include the establishment of a state-of-the-art cybersecurity operations center, which will monitor and respond to threats in real time using advanced AI and machine learning tools. The center is tasked with overseeing the digital security of over 500 sites, including competition venues and local collectives, ensuring resilience against cyber threats.

To further bolster defenses, 2024 Paris Olympics organizers have also enlisted the help of “ethical hackers” to conduct stress tests on their systems, identifying vulnerabilities before they can be exploited. The collaboration extends to major cybersecurity firms like Cisco and Eviden, which contribute to the deployment of security measures, including artificial intelligence (AI)-based threat detection systems that can differentiate between minor disturbances and potential catastrophic events. ​

Of course, AI will have a major part to play at the Olympics, including fraud detection and defense. For example, a significant component of the cybersecurity measures includes Blackbird.AI’s Constellation platform, an AI-based narrative intelligence system designed to detect, analyze and assess disinformation narratives. This platform can monitor online conversations across various platforms, including the dark web, social media and news outlets, in over 25 languages.

According to a blog post on the Blackbird site, the Games have already been a target. On Nov. 13, Viginum — the French government’s technical and operational service responsible for vigilance and protection against foreign digital interference — reported that it suspected a network of Azerbaijani state-affiliated threat actors of having carried out a disinformation campaign aimed at France’s ability to host the Games.

This operation allegedly arose in July — a year before the event — amid heightened diplomatic tensions between Paris and Baku as the French government openly supported Armenia in light of the Nagorno-Karabakh conflict.

It’s a template for the kinds of attacks and disinformation AI can generate on one side of the coin and the kinds of attacks it can stop on the other side.

“To combat mis/disinformation campaigns, organizations should closely monitor and collaborate with social media platforms by establishing protocols to detect and report sources of false information for flagging or removal,” read a recent blog post from security consulting firm Teneo. “For individuals, if something looks suspicious or doesn’t seem credible, it is important to fact check before sharing or disseminating content further through corroboration or reporting.

“Lastly, while the previously mentioned cyberattack threats are most common and expected, this does not rule out the potential for a cyberattack which may cause panic, injury or the potential loss of life,” the company added. “ Heightened awareness of the threat landscape and vigilance while present at the Games by everyone will help keep the focus on the primary objective: sports.”