Preparing for Cyber and Physical Security Risks at the 2024 Olympics – Security Boulevard

State-Sponsored Actors

Paris Olympic Games officials are anticipating and preparing for cyber threats during the Games, including attacks from state-sponsored threat actors (see source 1 in appendix). Cyber attacks during large-scale global sporting events are not uncommon, and the Olympic Games are a frequent target of state-sponsored hacking groups. In an attack known as “Olympic Destroyer,” a hacking unit affiliated with Russia’s military intelligence agency, the GRU, disrupted the 2018 Winter Games in Pyeongchang by targeting the organizers’ internet infrastructure, shutting down the 2018 Winter Games’ website, grounding news broadcasting drones, and preventing attendees from printing ticket reservations, which ultimately prevented spectators from entering the sporting events (see source 2 in appendix). Additionally, the UK government exposed a series of alleged Russian-backed cyber attacks planned for the 2020 Olympic and Paralympic Games in Tokyo before the Games’ postponement.

State-sponsored cyber threat actors from Russia, China, Iran, and North Korea have sophisticated capabilities that have the potential to cause disruptions to internet networks, digital ticketing systems and scanners, and timing systems for the Games. Russia is banned from competing in the 2024 Paris Olympics as a country, but Russian and Belarusian nationals can compete in the games as Individual Neutral Athletes (AINs) (see source 3 in appendix). The ban may increase the likelihood of a Russian state-sponsored actor attempting to conduct a cyber attack on critical infrastructure in Paris or against another Olympics-related target. Historically, state-sponsored cyber threat actors have targeted host nations, Olympics-affiliated groups, and other related athletics organizations to discredit rival nations and to gather and leak damaging or fabricated information.

Possible Cyber Threats for Attendees

Attendees at the 2024 Olympic Games should also be aware of cyber threats associated with attending the Games, including:

• False or unofficial mobile applications designed by threat actors or cybercriminals to harvest user data, specifically personally identifiable information (PII) and device information.
• Malware can possibly infect devices to gain unauthorized access, steal credentials, and load additional malicious software onto them.
• Threat actors compromise Wi-Fi networks to steal information or interrupt network connections.
• Social engineering scams, including possible ticket fraud scams, which Nisos has covered in previous research.

Opening Ceremony

Olympic officials expect the 2024 Opening Ceremony to be the largest in Olympic history. Opening ceremonies are typically held in a stadium, which allows for increased security measures inside the controlled area. This year’s ceremony will take place along the Seine River with a boat parade for the athletes and will not require tickets upon entry, allowing free admission to spectators, therefore posing a greater than usual security risk to attendees (see source 4 in appendix). With a large number of spectators able to freely enter part of the Opening Ceremony grounds along the river, this allows potential threat actors easy access to a venue where a physical security threat is likely to have a high impact. The six-kilometer parade route also makes heightened security measures difficult, with resources required to cover a large, dynamic area.

Civil Unrest

Civil unrest and protest demonstrations are frequent in France, with the most recent demonstrations in Paris focused on the conflict in Gaza and climate activism (see source 5 and 6 in appendix). The Olympic Games are expected to have over a billion viewers worldwide and millions of attendees, which serves as a possible large platform for activism, increasing the potential for protests and demonstrations (see source 7 in appendix). Additionally, French union workers, including public transportation employees and air traffic control workers, regularly participate in strikes to advocate for improved working conditions. The French government has offered bonus payments to civil servant employees who are working during the 2024 Olympic Games to avoid any disruptive strikes (see source 8 in appendix). French union employee strikes could lead to travel delays or public transportation disruptions and closures. Nisos recommends that Games attendees receive official updates from 2024 Olympic channels and outlets as well as reputable French news sources.

Terrorist Threat

Since March, France’s terrorist threat warning level has remained at its highest level (see source 9 in appendix). France continues to work to counter threats posed by terrorist networks, including by cooperating with international partners, preventing radicalization and the spread of propaganda, and training partners on counterterrorism measures. Terrorist attacks typically target areas that will impact large numbers of individuals as well as critical infrastructure, which often includes areas densely populated with tourists or highly trafficked public transportation lines. The 2024 Olympic Games represent an attractive target for terrorist groups, offering an international platform, billions of viewers, and a large concentration of individuals in a metropolitan area and capital city. Spectators should remain vigilant of their surroundings while traveling to and from the Games and in attendance at any events.