As the “cybersecurity” leader of the Paris 2024 Olympic and Paralympic Games, the Anssi has just published a new document summarizing its threat assessment for this major sporting event, which will first be preceded by the 2023 Rugby World Cup. Written by its incident response center (CERT-FR), this 27-page report thus takes stock of the attacks to be expected before unveiling a series of recommendations.
Unsurprisingly, as the publisher Microsoft did a little while ago, the Anssi recalls that these very large events, with a global audience, “constitute an opportunity to act for computer attackers with various motivations”. Even if Vincent Strubel’s agency does not have specific information to communicate on attacks targeting the Rugby World Cup or the Games, “the exposure area of these two events to computer attacks remains very important”, forcing the organizations involved to strengthen their defenses upstream.
The infrastructures of sports facilities, those of transport, access control systems or even the ticket office could thus constitute as many targets for hackers wishing to take criminal advantage of them, the main threat for the Anssi. The agency believes that organizers, athletes and spectators may be exposed to scam attempts or data theft, in particular via ransomware attacks that are particularly destabilizing if they occur just before the event.
But the Games could also be victims of an attacker seeking to destabilize the event to “tarnish the image of the organizing country”, like the incidents observed during the Pyeongchang Winter Olympics in 2018, affected by wiper (destructive software) attributed to Russian military intelligence by the British. For example, a failure of lighting or timing systems could lead to a postponement or cancellation of the events. Finally, the Anssi recalls that the Games can also trigger espionage operations.
The agency therefore calls on the organizations involved in the Olympic Games to strengthen their IT defenses, by setting up awareness-raising actions, such as, for example, the organization of exercises or the establishment of an active threat watch. Anssi also suggests reducing its attack surface by securing its workstations – for example by not granting administrative rights to users.
The agency also recommends a series of measures to better protect its information systems – by segmenting them and reducing their exposure to the internet – and its administration, by using dedicated and hardened workstations. Finally, Anssi reminds that event logs must be activated and collected to allow investigations after the fact or facilitate the detection of an attack in progress.