27 February 2024

The Games of the 33rd Olympiad

4

A colossal organisation and a big Cyber Challenge to take up
By Christèle Arnoult

February 2024 | 3 MN

What are your plans for July 26 to September 8, 2024?

Will you be in front of your screen like 4 billion television viewers (more than half the world’s population)? Or perhaps among the more than 15 million visitors expected in Paris? Will you be supporting some of the 10,500 athletes taking part in the competition? Will you be watching them parade down the river Seine, among 200 boats during the opening ceremony?

These dizzy figures give a good idea of the scale of the event, the diversity of the profiles involved and the resources committed. Indeed, the organisation of the 2024 Olympic Games will involve not only men and women with different missions, but also unprecedented levels of protection for the biggest sporting event ever organised on the territory.

JO 2024: A Prime target for cyber attacks

The attack surface is very large. Stormshield, an expert in the field, estimates that over 4 billion attacks are expected during this event, 10 times more than during the Tokyo Olympics in 2020.

The Olympic Games Organising Committee (Cojo), supported by the French National Agency for Information Systems Security (ANSSI), is anticipating all possible scenarios.

Vigilance at all levels

Among the threats identified are the direct damages to people (e.g. crowd movements) and the sabotage of events (e.g. timing, broadcasting, ticketing). All activities directly linked to the sporting event itself are potential targets. This also applies to organisations in sectors such as energy, transport and public authorities.

Who is behind these attacks, and what motivates them?

As mentioned by François Deruty, Head of Intelligence at Sekoia.io -a French company based in Paris and Rennes, specializing in intelligence on serious threats spotted on the darknet in particular-, an event of this scale represents a great opportunity for all kinds of hackers.

These include hacktivist groups who want to draw attention to a cause or ideology, and who may carry out denial-of-service (DoS) attacks to bring a vital service to a halt. There are also cyber-terrorists who wish to influence geopolitical issues and destabilise a country by attacking its image and interests, or cyber-criminals with purely financial motivations who will take advantage of the event to demand ransoms. All are likely to attempt to infiltrate our information systems.

Security 7057560 1280

All cyber roles are mobilised

To respond to this situation, a strategy that is both preventive and reactive is being put in place. All cybersecurity professions are involved.

A brief overview of the teams involved:

  • SOC (Security Operation Center) and CESIRT (Computer Emergency Response Team) teams orchestrate alert supervision and processing
  • Cyber experts analyze data to better qualify criticality levels
  • Pentesters preventively attack information systems to assess their vulnerability and remedy the most critical flaws
  • Intelligence teams ensure that geopolitical or hacktivist threats are contained
  • Data scientists work on models based on artificial intelligence, harnessing the power of algorithms to facilitate access to relevant data
  • Cryptologists ensure that information exchanged is protected, for example by encrypting data or obfuscating source code
  • DPOs (Data Protection Officers) ensure that the integrity of manipulated data is respected
  • CISOs (Information Systems Security Managers) are at the heart of a company’s cyber system, coordinating resources to protect their organisation’s information Systems

It’s difficult to be exhaustive, given the wide range of professions and solutions involved. In terms of networks and applications, the many interconnections between stakeholders make the event particularly vulnerable. Cyber specialists are mobilized to detect, react and protect with optimum efficiency.

With just a few months to go before the opening of these 33ᵉ Olympiads, the event provides an opportunity to remind everyone that France can count on an ecosystem of organised, sharped and determined cyber professionals and experts.

These talents can be trained at the CyberSchool which, thanks to the comprehensive range of partner schools involved in the consortium, offers courses covering all these cybersecurity fields.