From London to Paris: the changing threat landscape of high-profile international events

As threat actors become more sophisticated, managing digital risks requires strong collaboration. Initiatives like the Netherlands' Connect2Trust Foundation exemplify the crucial role of public-private partnerships in enhancing cybersecurity resilience.

Just days before the opening ceremony of the London Olympics 2012 the security services warned the Olympic authorities about a potential cyber-attack on their power supply by a hacktivist group. The 2012 Olympics was hit by cyberattacks every day including some that were well organized and automated resulting in several Ddos attacks, and one that was a major assault. In ten years, the number of security events has grown to reach 3 billion during the 2022 Olympics in Beijing. These numbers are not unique and can be found at other international high-profile events such as NATO summits and confirm the overall trends in cybersecurity: a growing variety of resourceful threat actors and their respective attack methods, increasing complexity of the IT landscape and potential hackers that include hacktivists, cybercriminals and state-sponsored actors advancing their geopolitical agendas.

While the cyberthreat to the energy supply at the London Olympics failed, it did prove feasible when the energy supply to Ukraine was successfully attacked by BlackEnergy in 2014. These cyber-attacks to critical infrastructures continue until today with the Danish and Ukrainian energy sectors both being hit in 2023, while several water utilities were recently compromised as well. The underlying reports also confirm that a growing number of threat actors is targeting Operational Technologies (a.k.a. Industrial Control Systems) which means that future high-profile international events need to take these risks into account.

Rapid digital transformation provides threat actors with even more ways to access these IT and OT systems. The rise of the Internet-of-Things increased the number of connected assets in each organization and therefore the number of possible entry points, while the use of artificial intelligence has significantly reduced the time to respond to the (global) vulnerabilities in hard- and software. It also made organizations highly dependent on connectivity and the proper management of all connected technologies by themselves, but also by their suppliers and customers. One could say that organizations have transformed from being a (more or less) independent organization into a dependent ecosystem in which each cog wheel needs to work closely together in order to manage their digital risks. But these cog-wheel no longer include only large organizations, but extended into dependencies with many SME’s as well. This digital transformation and its associated risks does not apply to organizations alone since high-profile international events are also equally dependent on such ecosystems.

To manage information security risks, cybersecurity risks and digital risks, each organization and event needs to start with three cybersecurity basics: identify the assets in your most critical processes throughout your value chain in- and outside your organization, unlock relevant information about those assets, and build a workforce supported by as much automation as possible. Each of these three basics is a challenge on its own: value chains run across sectors, countries and regions that create legal and governance issues, while public and private partners must work together to unlock the information and build the workforce.

The Netherlands is known for its public private partnership and has successfully extended it into the cybersecurity domain as well. The Connect2Trust Foundation is the largest cross-sectoral NGO in The Netherlands that is formally acknowledged by the Dutch Ministry of Security and Justice to receive information from public sources such as the National Cyber Security Center, but also private sources such as the Dutch Institute for Vulnerability Disclosures (DIVD). Its cross-sectoral nature allows entire ecosystems to onboard and reach the same level of knowledge with regards to threats and vulnerabilities, but also provides them with a platform where they can assist each other if necessary. To solve some of the workforce challenges, DIVD created an academy for cybersecurity professionals and researchers. Supported by the municipality of The Hague, this best practice is now applied to the ecosystem of international NGO’s by Connect2Trust, DIVD.Academy together with the Cyber Peace Institute, Shadowserver and The Hague Humanity Hub to increase their cyber resilience. To bring the international community of young professionals together, Connect2Trust and DIVD.Academy invite them each year to the unique CyberSQUAD event which they co-organize and have succeeded in bringing this across the Dutch border already.
Organizers of multinationals and international events must be ready to manage their digital risks today, and in the future. The cyber-attacks since the London Olympics have shown that these events have become a testing ground for cyber attackers with little risk for retribution. This especially holds true for nation states that harbor cybercriminals, but also for nation states themselves. Olympic Authorities must adopt a digital risk reduction approach that is inclusive to all organizations that make up the critical ecosystem, irrespective of their size, geographic location, and possible status as critical infrastructure or NIS2 applicability. Both science and experience confirm that each ecosystem will likely include all types and is therefore federated by nature. This means sharing information and working together on solving these challenges is unlikely to be successful with a centralized approach but works best by applying famous democratic principles onto the digital ecosystem. The French principles of “Liberté, Égalité, Fraternité” changed the way in which democracies work… Why would it not be equally successful in cyberspace to manage digital risks?