The Olympic Video games Paris 2024 was by most accounts a extremely profitable Olympics. Some 10,000 athletes from 204 nations competed in 329 occasions over 16 days. However earlier than and through the occasion, authorities battled Olympic-size cybersecurity threats coming from a number of instructions.
In preparation for anticipated assaults, authorities took a number of proactive measures to make sure the security of the occasion.
Cyber vigilance program
The Paris 2024 Olympics applied superior risk intelligence, real-time risk monitoring and incident response experience. This program aimed to organize Olympic-facing organizations for rising cyber threats by providing a blueprint for cybersecurity methods.
Excessive alert and incident monitoring
The French Cybersecurity Company (ANSSI) was on excessive alert all through the Olympics, monitoring for assaults that would disrupt essential operations like organizing committees, ticketing, venues and transport.
Intensive use of AI
The Paris Olympics used AI to safe essential data programs, defend delicate knowledge and lift consciousness inside the Video games ecosystem. Moreover, underneath France’s Olympics and Paralympics Video games Regulation, a pilot program allowed the usage of “algorithmic video surveillance.” Due to Europe’s sturdy privateness legal guidelines, the surveillance didn’t permit the usage of biometric identification or automated knowledge matching. As an alternative, AI scanned video for eventualities, reminiscent of deserted luggage, the presence of weapons, uncommon crowd actions and fires.
Collaboration and coaching
French authorities collaborated with worldwide organizations and carried out intensive coaching for cybersecurity groups. They targeted on understanding risk actor ways and employed frameworks like MITRE ATT&CK to anticipate and mitigate potential assaults.
Regardless of the precautions, the Grand Palais, a venue internet hosting Olympic occasions, was hit by a ransomware assault. French authorities rapidly responded with containment measures, showcasing their preparedness to deal with such incidents.
How did the Olympic cybersecurity measures maintain up?
Sifting via obtainable details within the aftermath, the fact of the threats is changing into clearer.
French authorities introduced that greater than 140 cyberattacks struck the video games, however didn’t disrupt occasions. ANSSI detected 119 “low-impact” “security occasions” and 22 incidents the place malicious actors efficiently gained entry to data programs between July 26 and August 11, 2024. Many of those prompted system downtime, usually via denial-of-service (DoS) assaults.
Different tried cyberattacks had been geared toward Paris, however in a roundabout way on the Olympic venue infrastructure. For instance, the Grand Palais and a few 40 different museums in France had been focused by a ransomware assault in early August, which was thwarted as a result of speedy response.
Thwarting a large swath of potential threats
Authorities needed to battle not solely assaults coming via the worldwide web but additionally native threats. The Olympic Video games is exclusive in that it attracts authorities officers from France and all around the world, then locations them in shut proximity to giant numbers of unvetted worldwide guests. Spies and knowledge thieves little question noticed this as a uncommon alternative to steal confidential knowledge of excessive financial and geopolitical worth. A spread of strategies allows this sort of knowledge theft, together with Wi-Fi hotspot man-in-the-middle assaults and theft of bodily units.
Properly earlier than the video games, Olympic organizers battled with ticket scams. Researchers at risk intelligence supplier QuoIntelligence discovered that fraudulent web sites had been promoting pretend tickets to the Olympics, primarily to Russians unable to purchase legit tickets due to European sanctions imposed due to Russia’s invasion of Ukraine. Organizers recognized 77 pretend ticket resale websites.
One of the crucial outstanding threats was the unfold of disinformation. Russian teams, reminiscent of Storm-1679, broadly believed to be a by-product of Russia’s Web Analysis Company “troll farm,” had been utilizing AI-generated content material to create pretend information and pictures, aiming to discredit the Worldwide Olympic Committee and instill concern amongst potential attendees. These campaigns usually contain fabricated tales about terrorism and different threats, leveraging AI to boost their credibility and attain.
In the long run, regardless of monumental efforts by malicious actors, state-sponsored attackers and others, the Video games succeeded with out main disruption, violence or knowledge theft.