Securing the 2024 Paris Olympics

Written By Charbel Bassil

As the world witnessed the excitement of the Paris 2024 Olympics, behind the scenes, major cybersecurity efforts have been underway to ensure the games run smoothly and securely. The French National Cybersecurity Agency (ANSSI) has been leading the charge in partnership with key organizations like the Ministry of the Interior and Overseas Territories, the Interministerial Delegation for the Olympics (DIJOP), and the Paris 2024 Organizing Committee. Together, they’ve developed a comprehensive strategy focused on five key areas:

  1. Understanding cyber threats targeting the Olympics

  2. Securing critical information systems

  3. Protecting sensitive data

  4. Raising awareness across the Olympic ecosystem

  5. Preparing for a cyberattack response

Let’s dive into the key measures that have been put in place.

Preventive Actions: Awareness and Security

In collaboration with the Coordination for Olympic Security (CNSJ) and Paris 2024, ANSSI identified nearly 500 entities involved in the Olympics, grouped into three categories based on their critical importance. To ensure a proactive approach to cybersecurity, the following actions were taken:

  • Security Audits: Over 100 cybersecurity audits were conducted to identify vulnerabilities and create security plans.

  • Support & Security Checks: Technical support was provided to many entities, and follow-up audits ensured security measures were properly implemented.

  • Attack Detection: Critical entities benefited from advanced monitoring through managed Endpoint Detection and Response (EDR) and industrial probes.

These entities were also encouraged to use ANSSI’s automatic audit tools. Additionally, a comprehensive awareness campaign started in 2023 to educate the entire Olympic ecosystem about cybersecurity threats and best practices. This campaign included:

  • Regional and sector-specific awareness sessions

  • A major awareness seminar in July 2023 at Cyber Campus

  • Publication of reports assessing cyber threats to large sporting events

  • A series of 10 thematic email campaigns

ANSSI even created a documentary showcasing its efforts in raising awareness and preventing cyberattacks before the Paris 2024 Olympics.

Operational Preparedness and Training

ANSSI worked closely with various government services to establish a heightened monitoring and alert system tailored for the Olympics. They organized several crisis simulations throughout 2023, preparing all involved parties to respond quickly to cyberattacks. ANSSI also offered "exercise kits" to over 100 entities, enabling them to train independently for potential cyber incidents.

Coordinated Cyber Defense

A special coordination system was set up within the National Center for Strategic Command (CNCS), ensuring streamlined communication and incident reporting. ANSSI served as the primary point of contact for cybersecurity incidents, consolidating information across all stakeholders.

To enhance collaboration, an ANSSI liaison officer was embedded with the Paris 2024 cyber teams, facilitating the identification and resolution of security events. Additionally, international cooperation played a critical role, with ongoing information sharing between global partners and dedicated organizations such as the International Cooperation Center (CCI) and the EU Cyber Crises Liaison Organization Network (EU-CyCLONe).

Cybersecurity Incidents: Minimal Impact on the Game

Paris 2024 incident report

Paris 2024 Olympic Games Incident Report

Between May 8 and September 8, 2024, ANSSI reported 548 cybersecurity-related events connected to the Olympic Games. Despite this, none of the incidents impacted the opening or closing ceremonies, nor did they affect the games' overall operation. The incidents were categorized as follows:

  • 465 Security Alerts: Low-impact incidents requiring minimal intervention.

  • 83 Confirmed Incidents: Malicious actors succeeded in carrying out actions on victims’ information systems.

Of the reported incidents, nearly half involved service disruptions, with 25% caused by DDoS (Distributed Denial of Service) attacks. The remainder included data breaches, system compromises, and vulnerability reports. The most targeted sectors were government entities, sports organizations, entertainment (competition sites and Paris 2024), and telecommunications.

Conclusion: Cybersecurity Success

ANSSI, alongside its partners, played a vital role in managing and resolving incidents, ensuring that no significant cybersecurity threats disrupted the 2024 Olympic Games. The events that occurred were characterized by low impact, showcasing the effectiveness of the preventative measures in place.

Charbel Bassil
Next

How to get ready for an ISO27001 certification audit