“One year is not too late! » On the stage of a Defense amphitheater (Hauts-de-Seine), the expert from the National Agency for Information Systems Security (Anssi) assures us: to prepare for the Olympic and Paralympic Games (JOP ) of Paris, in 2024, there is still time to get started. And precisely: the Anssi, responsible for the digital security of the State, invited a few dozen decision-makers in connection with the Games (local authorities, sports federations, transport operators, etc.), Wednesday July 5, to take stock stage on the issue of digital protection of the event, to make them aware of the risks and discuss the basic measures to thwart them.
“The Olympic Games are an exceptional event in terms of cybersecurity. I think we are on time. There is a real mobilization, and that is very reassuring”assures Vincent Strubel, the director of the agency, designated by the Prime Minister as responsible for the cybersecurity of the Olympic Games.
A budget of just over 10 million euros has been allocated to the agency by the law relating to the Olympic Games to carry out security audits. “We toured the stadiums, the communities that will host events and we audited the entire digital system that underpins the Olympics. This work is well under way.”, welcomes Mr. Strubel. An initial mapping of all the actors involved has been carried out and meetings between Anssi and the organizing committee take place every week.
Read also: Olympics 2024: how the organizing committee is preparing for cyberattacks
The worst case scenario… for training
The agency also carried out, in June, with, among others, the Ministry of the Interior and the organizing committee, an ambitious exercise. “It was a scenario that aimed to test the worst that can happen: a totally disrupted opening ceremony and attacks in all directions”, explains the director of Anssi. The idea was for the various state actors to “test all interactions, who does what, who talks to whom”, says Mr. Strubel. Other exercises will be carried out by the end of the year.
The director of the agency also listed at length the various threats which weigh on the event and which force, he says, a “healthy paranoia”. The main one is an attack on sporting competition itself. “We can imagine attacks on timing or the anti-doping system, even transport or ticketing. In short, anything that would create visible disturbances”, says Vincent Strubel.
But other, less intense attacks are also on the authorities’ radar: “denial of service” attacks, aimed at overloading systems (websites in particular) with connections in order to make them inaccessible, data theft , hijacking of accounts on social networks or, more broadly, online scams targeting the many visitors.
Four sources of threats have been identified. The first is that coming from hostile states, in particular Russia. The latter has a history in this area: it had tried to derail the opening ceremony during the Pyeongchang Games (South Korea) in 2018. The big unknown in this area will be the inclusion, or not, of Russian and Belarusian athletes in competitions.
Russia had reacted strongly to the exclusion of some of its athletes in the past: groups of hackers from the Russian military intelligence services had attacked the World Anti-Doping Agency, in particular after the exclusion of Russian athletes for doping. These attacks require a long period of planning, but the Anssi ensures that it does not have information, at this stage, as to possible first maneuvers targeting Paris 2024.
Cybercrime worries
activists, who “will see in the Games an extraordinary spokesperson”and cybercrime also worry the French authorities. The latter, an omnipresent scourge, will be more intense during the Olympic period, according to Vincent Strubel. According to him, hackers could bet that companies will be more ready to pay ransoms – the main modus operandi of these gangs is to paralyze a computer system and ransom its owner – in the context of increased activity accompanying the Games. .
Overall, Anssi fears that the entire economic fabric will suffer from an increase in malicious online activity. “It concerns everyone, and everyone can be attacked during the Olympics”insists its director: “Beyond the sports infrastructure, there is everything else, it requires passing simple messages: good safety practices, good reflexes and preparation. »
Also read our survey: Ransomware attacks: the wave
Throughout the day, Anssi agents took turns to discuss the main possible attack vectors and best practices to limit them. One piece of advice in particular was hammered home: anticipating a hack greatly limits the damage. “Managing a crisis is a matter of training”, thus launched one of the specialists of Anssi.