A great threat hangs over the Olympic and Paralympic Games that will be held in France this summer from July 26 to August 11, 2024. The threat of an attack has already, in this sense, the Minister of the Interior stated on March 21 that 715 people had been excluded, including 10 on S files reviewing the files of thousands of individuals subject to Olympic Organizing Committee or prefecture accreditation requirements.
The threat also comes from the theft of, for example, computers or other devices such as USB keys that can potentially contain sensitive data.
Two thefts occurred last February and March; first, an engineer working for the city of Paris had his bag stolen on a train at Gare du Nord containing your professional computer and USB key and the other is an employee of the management of the Avicenne hospital in Bobigny (Seine-Saint-Denis) whose laptop was stolen in the parking lot.
In these two cases, the stolen devices contained data related to the Olympic Games, but this information would not be classified as sensitive according to interested parties and the judiciary.
Finally, let’s not forget the cybercrime threat that has already begun, according to our interlocutors we spoke to in this dossier; proof of this predilection is the massive attack, via DDoS technique, on several government websites, which was carried out on Sunday, March 10, by the group Anonymous Sudan, which supports Russia and several Islamist causes, but also the latest attacks on France Travail (link to ) I of the French Football Federation.
This flurry of events shows how strategic the security of the Olympic Games is, both from a physical point of view and in terms of the security of the IT infrastructure and the dedicated pages of all French companies and organizations.
In its latest cyber threat barometer for 2023, presented on February 27, ANSSI also warns all actors connected or unrelated to the Paris Olympics to the high level of threats hovering over the event.
Vincent Strubel, its director, assured that ANSSI is already mobilized for the cybersecurity of the Olympic Games with a strengthened system for monitoring, alerting and processing computer security incidents, and this system has been put in place in cooperation with the various government departments involved.
For the agency, strategic and industrial espionage is the threat that mobilized its teams the most in 2023 according to the latest barometer.
In addition to ANSSI, the Cyber Crisis Management and Anticipation Section of the Home Office’s Cyberspace Command (COMCYBER-MI) led by Lieutenant Colonel Sophie Lambert is already heavily mobilised: “Present in the Cyber Campus, our department, composed of twenty people, most of whom are expert analysts, has the mission during these JOP 2024 to monitor and predict various threats. We will also be present at the national strategic command center (CNCS) in Beauvau. Let’s not forget that this event, with its strong media coverage, also benefits cybercriminals whose goal is to disrupt the holding of the Games, destabilize French interests, and transmit propaganda messages. JOPs are a showcase for cybercriminals who recruit them into their ranks “.
Colossal architecture for insurance and more…
Securing the IT architecture of the Olympic Games is no easy task, especially when it is built on a cloud-native approach with 206 interconnected applications, according to David Pillant, responsible for IT architectures for Paris 2024, who spoke during the API Days show. last December.
In numbers, there are 12,000 installed screens, 400,000 km of optical fibers (90% of which already exist), 13,000 computers and 8,000 WiFi hotspots that serve the athletes… In addition, let’s not forget that the competitions will be followed by 20,000 journalists, thousands of employees, around 35,000 accredited volunteers (editor’s note: and as many in reserve just in case), as well as several billion spectators, not including the 13 million enthusiasts expected in the stadiums for the Games.
“As for the amount of data, it is colossal, we are talking about billions of page views, billions of raw data. Golf, for example, is one of the sports that generates the most data. A unique opening ceremony, under a clear sky (editor’s note: with over 1,000 boats on the Seine or the Trocadéro, see Stade de France in case of trouble)it will also generate massive amounts of data, specifies Christophe Thivet, Director of Technology Integration for the Paris 2024 Games at Atos.
It will also be necessary to consider the protection of the workstations of accredited volunteers who come with their own equipment according to Eric Greffier, responsible for the partnership with the Paris 2024 Olympics for Cisco. As such, a significant effort has been made to raise cyber risk awareness and training for all staff.
But more broadly, it is necessary to provide IS around the Olympic Games, which itself is broken into several subsystems (assets for selling tickets or applications intended for the general public, display management, accreditations, etc.) because, as the Cisco spokesperson reminds, all categories of cyber will be present threats.
Data collection will also be at the heart of cyber attackers’ strategy, and for Jean-Philippe Iseman, associate partner at consultancy RSM France and administrator for ISACA-AFAI, the concern is the economic intelligence we don’t measure so we won’t know.
On this topic, Vincent Strubel indicated during the opening of the InCyber Forum held in Lille last March, that the worst scenario is the kinematics of the event, that is, to be overwhelmed by very visible small attacks and not to see other more important ones.
Furthermore, for Boris Lecoeur, CEO of Cloudflare, we must not forget all the companies and institutions that indirectly revolve around the Olympic Games, some of which, sometimes less prepared, are more vulnerable. “All infrastructure services, whether partners or not, government offices, ticket offices are potential targets, even small, visible French structures are expected to be attacked.», Determined by the manager.
An opinion shared by Eric Greffier: “For example, transportation, which is often managed by communities, is a prime target for cyber attackers. Cisco is therefore working with communities affected by the Olympics to provide them with risk information and advice on how to better protect themselves. “, and add: “In partnership with Paris 2024 and Eviden, we even launched a CISO club to prepare for real-time collaboration during the games.. “.
Atos, first focused on the Olympic Games
For the smooth running of this global event, and despite financial and strategic difficulties, Atos has positioned itself as the main contractor: it is the official technology partner of the 2024 Olympic Games, it is also an integrator and cloud service provider in addition to Alibaba Cloud (which will not be in charge of sensitive data), cyber security solution provider through its Eviden subsidiary and application publisher (see box).
As for Atos’ current financial struggles (a loss of 3.44 billion euros in 2023), Christophe Thivet is categorical, there will be no impact on the security of the Olympic Games. “Due to our history in the Olympic Games, our teams have a very strong attachment to the Olympic world, having participated in those in London, Vancouver and Tokyo. The organization of the Olympic Games is a unique project in the CV.
This will be Atos’ last participation in the Games, the contract with the IOC is coming to an end. The same observation by Ivan Frain, director of cloud transformation consulting at PwC France and the Maghreb: “As a partner, we have noticed that all teams are strongly mobilized and involved, an investment that will undoubtedly contribute to the success of the 2024 Olympic Games. »