The Olympic Games in Montreal (1976) suffered the first cyberattack, those in Tokyo (2020) were exemplary in effectiveness. The Paris edition, next summer, will be the most exposed in history to cyberattacks, with artificial intelligence (AI) in the background.
Between criminal groups seeking villainous operations, “hacktivists” with more or less ideological ambitions and state actors keen to undermine the event, the threat is protean.
“There are so many moving parts that the spectrum of attacks is quite broad. “It’s a very important security challenge,” John Hultquist, an analyst at Mandiant Consulting, a cybersecurity consulting firm owned by Google, told AFP.
“We are worried about everything from broadcasters to sponsors, transport infrastructure, logistics and support, competitions. All forms of disruption are on the table,” he continues.
The management of these attacks falls mainly to the French Computer Security Agency (Anssi) and the Ministry of the Interior, with possible assistance from the cyber defense forces of the Ministry of the Armed Forces.
“Neither carelessness, nor panic,” Vincent Strubel, director general of Anssi, responded to AFP in March, when asked about his state of mind. “We trained well. And we still have a few months to finalize this preparation.”
But he admitted a high risk: “The worst-case scenario is that we find ourselves drowned in minor attacks and that we do not see a more serious attack coming, which would target critical infrastructure. »
Tokyo, a success story
In the research journal Hérodote, a risk management expert, hidden behind a pseudonym, recalls the case of Montreal in 1976, the stone age of computing.
The Games were hit by electrical disruption to information systems for 48 hours and several events had to be postponed or moved. “Montreal thus remains in the memory of the organizing committees as the cause of cyber risk,” he believes.
Tokyo, on the other hand, is a success story. The organizers, during the COVID-19 epidemic, had “integrated cyber risk, including in the design of buildings and sports infrastructures”.
Is Paris ready? The verdict will come in August. But the international geopolitical context multiplies risks.
Russia, whose relations with the International Olympic Committee (IOC) are execrable and whose athletes will not be able to participate under a national banner, is in the sights.
The IOC complained about Russian disinformation campaigns in November and March. And Paris denounces a wave of false information and pro-Russian manipulation on the Internet linked to the war in Ukraine.
At the beginning of April, the Kremlin denounced “unfounded” accusations from President Emmanuel Macron, according to which Moscow was disseminating information suggesting that Paris would not be ready for the Olympics.
The “masterful” impact of AI
“The major concerns point to Russian actors, in particular the GRU”, the Russian military intelligence services, estimates John Hultquist, recalling that they are notably accused of having been behind cyberattacks during the Winter Olympics in Pyongchang in South Korea. South in 2018, and during the French presidential campaign in 2017.
GRU agents “generally constitute Moscow’s pawn on this type of thing,” he adds. For Russia, as for others, “the objective is geopolitical: it is about undermining confidence and faith in the target and its ability to act effectively.”
Paris-2024 will also have to work, for the first time, in the era of democratized and powerful artificial intelligence. “AI will have a major impact for us,” assures a senior French military official in this regard.
In particular, it will allow “to mix data more quickly, to extract significant events”. But “the adversary has the same assets and above all, I will have many more adversaries”, he adds, noting that “the means are not up to all the attacks that we can undergo”.
Betsy Cooper, cybersecurity expert for the Aspen Institute in the United States, speaks of the entry “into a new era where it will be easier to affect the integrity of sport thanks to AI”.
Rigging a hawk-eye refereeing system, erasing times, confusing scoreboards: the means of disruption are multiple.
The analyst recommends in particular the compartmentalization of computer spaces, so that all systems are not connected to the same wifi and that the infection of one domain does not contaminate the others.
Ironically, it evokes as the ultimate defense… the good old paper medium. In the event of a cyberattack on a competition, “with a double on paper, no problem. Otherwise, who will be able to go back and find the right data? »