A perfect storm and an exposed target

            Such advance thinking is especially warranted.  The symbolism of the Olympic Games, and Paris’ recent
            history as a terrorist target, will mee the current geopolitical issues linked to the war in Ukraine and the
            question of the participation of Russian and Belarusian athletes to create a perfect storm of a privileged
            target that is potentially exposed.

            The response has been to task ANSSI with the cybersecurity of the Games and all digital protection of
            the sporting event. A budget of 10mn euros has been dedicated to conducting security audits, and a third
            of the agency's teams will be dedicated to the Games by their opening.

            ANSSI also announced the holding of “several crisis exercises” in 2023, spanning not only cyberattacks
            that target sports infrastructures but also the numerous elements of the supply chain - supporting the
            Games such as the French Anti-Doping Agency and businesses involved in transport, timing services,
            ticketing and other functions.

            Such  anticipation  and preparation  is  justified.  Last April,  the  technological  management  of  the  Paris
            Olympics predicted a likelihood of cyberattacks “eight to ten times” higher than those targeting the Tokyo
            Games in 2020.



            Identifying the attack and threat

            What does an attack amidst such a perfect storm look like? One example is the attack which targeted
            the computer system of the PyeongChang Winter Olympic Games in 2018, which remained famous under
            the name "Olympic Destroyer". More recently, on the eve of the NATO Summit in Lithuania on July 11,
            the  city  of  Vilnius  suffered  several  distributed  denial  of  service  (DDoS)  cyberattacks,  targeting  the
            websites of the municipality.

            Both  the  NATO  Summit  and  the  Paris  Games  share  the  symbolism  of  Ukrainian  membership  and
            sovereign recognition. It is reasonable to expect an organisation such as RomCom, located in Russia,
            whose  campaign  of  phishing  aimed  to  break  into  participants'  computers  at  the  NATO  Summit,  will
            attempt to hit the Games.


            The 2024 Games present a major strategic challenge. The events will be spread over fifteen sites and
            eleven for the Paralympic Games, not counting the sites in Île-de-France and the stadiums throughout
            the Metropolis and in Tahiti. These are all computer structures to monitor and protect.

            Despite significant preparation, the event will require rapid agility and the ability to intervene quickly, in
            the event of a security risk. Efficiency, speed and precision will be the hallmarks of a successful defence.

            Identifying  and  qualifying  the  threat  remains  a  major  challenge.  This  involves  mapping  all  assets
            (PCs/laptops,  tablets,  laptops)  present  on  the  information  system(s)  concerned,  in  order  to  exclude
            compromised assets. But it is only the first step.









            Cyber Defense eMagazine – October 2023 Edition                                                                                                                                                                                                          55
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.