Cybersecurity at Major Global Events: Satellite Security Insights for the 2024 Olympics

In early April, the Kremlin firmly condemned President Emmanuel Macron’s statement accusing Moscow of spreading disinformation regarding Paris’s readiness to host the 2024 Olympics. This accusation is not just a diplomatic issue but also highlights the real threats the world faces today: disinformation and cyber-attacks in the increasingly powerful era of artificial intelligence (AI). The 2024 Olympics will be a major test for Paris, not only in terms of logistics and infrastructure but also in terms of cybersecurity.

With the development of generative AI technology, threats to data security and digital infrastructure are increasing. A senior French military official even stated that AI would have a significant impact on security, both in speeding up data analysis and giving advantages to malicious actors. Amid these preparations, the role of satellites as vital infrastructure becomes increasingly crucial.

Satellites play a strategic role in supporting various aspects of the Olympics, ranging from communication, navigation, and security surveillance, to broadcasting. However, this dependence also opens up opportunities for various types of cyber-attacks. An event as large as the Olympics will always be a prime target for various motives, such as sabotage, espionage, political disinformation, undermining the host’s reputation, spreading fear and anxiety worldwide, and financial gain.

Attackers may aim to damage the host nation’s image by creating chaos and demonstrating the inability to manage an international event as large as the Olympics, which can reduce global trust in the host’s ability to organize large events and affect its image and political position internationally. Moreover, by leveraging the global attention on the Olympics, attacks can be designed to induce fear and anxiety worldwide. The spread of false information or physical attacks broadcast widely can create panic and social instability. Ransomware attacks or data extortion can also be conducted to gain money by targeting critical systems related to the Olympics, causing financial losses and disrupting important operations and services during the event.

Satellites have a vital role not only in major events like the Olympics but also in daily activities. In the context of communication, satellites enable reliable and extensive communication between organizers, security, and participants at various locations, and support telephone, internet, and television broadcasting services used by millions of people daily. For navigation, GPS satellites ensure smooth logistics, transportation of athletes, and spectators, and are used by personal vehicles, aircraft, and ships to determine the best and safest routes. In security surveillance, satellites help monitor wide areas to detect security threats and coordinate quick responses, and are used for environmental monitoring, border surveillance, and detecting illegal activities.

Satellites also ensure that live broadcasts of the Olympics can be accessed by viewers worldwide without interruption, and support television and radio broadcasting that provides information and entertainment to the public. Thus, satellites as vital infrastructure play a crucial role in helping major events like the Olympics but also in daily activities of the global community. Threats to satellites must be anticipated and managed well to ensure smooth operations and optimal security.

Identifying Satellite Vulnerabilities

In the context of the 2024 Olympics, several potential attacks on satellites include:

Data Falsification and Manipulation:

In June 2017, at least 20 ships in the Black Sea reported that their GPS systems showed incorrect locations, specifically at Gelendzhik Airport, Russia, about 32 kilometers from their actual location. This incident is suspected to be a GPS spoofing attack, where fake GPS signals were sent to mislead GPS receivers. This attack caused confusion and potentially endangered navigation in the area.

In the context of the 2024 Olympics, similar attacks could cause much larger and more complex disruptions. For example, if GPS spoofing or jamming attacks are directed at navigation systems used to coordinate the movement of athletes, spectators, and logistics, this could result in major delays, confusion, and even accidents. Imagine if buses transporting athletes to venues are suddenly directed to the wrong locations, or if air navigation systems used by commercial and charter flights suddenly provide incorrect information, causing chaos at airports.

Furthermore, generative AI can be used to create fake satellite images or data that look authentic, which can then be disseminated to spread false information about locations, security conditions, or infrastructure. For instance, AI could generate fake satellite images showing natural disasters or infrastructure damage that hasn’t actually occurred. This could cause panic among spectators and athletes and influence critical decisions made by organizers. This false information can also be used to spread fear and uncertainty, reducing public trust in the event’s security and preparedness, and damaging the host’s reputation.

Additionally, AI-supported disinformation attacks can be used for political purposes, aiming to damage the host nation’s image in the eyes of the world. For example, disinformation campaigns could be spread through social media or news platforms, suggesting that Paris is not ready to host the Olympics, even if that is not the case. This could create doubt and anxiety among international participants and spectators, reducing participation and negatively impacting France’s economy and global reputation.

To address these threats, sophisticated mitigation measures and international coordination are required. This includes enhancing cybersecurity, using strong encryption, continuous monitoring of satellite systems, and providing training and awareness for all relevant parties to quickly and effectively detect and respond to threats. With these measures, the security and smooth execution of the 2024 Olympics can be maintained, and the strategic role of satellites in supporting major events and daily activities can continue to be relied upon.

Interception and Signal Hijacking:

Interception of communications is a serious threat, where eavesdropping on satellite communications used for security coordination and operations can result in the leakage of sensitive information. For example, in 2013, it was revealed that the United States’ National Security Agency (NSA) was eavesdropping on global satellite communications, including diplomatic and military messages. In the context of the Olympics, if attackers manage to intercept communications between security teams and organizers, sensitive information such as security plans, VIP movements, or emergency response actions could be leaked. This not only endangers the physical security of participants and spectators but also provides opportunities for malicious actors to plan further attacks using the stolen information.

Satellite signal hijacking is also a real threat, where attacks can be used to spread propaganda or disrupt live broadcasts of the Olympics, damaging the event’s reputation and viewer experience. A similar case occurred in 1986 when a hacker known as “Captain Midnight” hijacked an HBO broadcast to air a protest message about high subscription fees. In the Olympic context, attackers could hijack broadcasts to air propaganda messages or false information designed to incite fear and confusion. For example, attackers could broadcast false news about terrorist threats or major accidents that did not actually happen, causing panic among stadium spectators and millions of viewers worldwide. This could damage the host nation’s reputation and erode public trust in the event’s security.

Other potential scenarios include attacks on the Olympic opening or closing ceremonies, which are moments with the largest audiences. Hijacking broadcasts during these critical moments could significantly impact the viewer experience and cause extensive damage to the event’s image. Additionally, live broadcasts of competitions being taken over and replaced with inappropriate or offensive content would severely damage the sports experience and could trigger international controversy.

To address these threats, mitigation measures include using strong communication encryption, continuous monitoring of satellite signals, and implementing strict security protocols. Training for security personnel and event organizers is also crucial to ensure they are prepared to handle and respond to any cyber threats quickly and effectively. With these measures, the risks of communication interception and broadcast hijacking can be minimized, ensuring the security and smooth execution of the 2024 Olympics.

Denial of Service (DoS) Attacks:

Network disruptions are a serious threat where DDoS attacks on satellite networks can disrupt communication, navigation, and security monitoring services, causing chaos and instability during the event. A notable example of a severe DDoS attack is the one against Dyn in 2016, which caused massive internet outages in the United States and affected various online services. In the context of the Olympics, DDoS attacks targeting satellite networks could disrupt communication between organizers, security teams, and participants, hampering crucial coordination. Additionally, disrupted navigation could lead to delays in transporting athletes and spectators, while halted security monitoring could increase security risks at the event locations.

System outages are another significant threat, where attacks targeting satellite infrastructure could cause total outages, hindering communication and broadcasting capabilities during the Olympics. The attack on the EchoStar XVII satellite in 2017 demonstrated how attacks on satellite infrastructure can significantly disrupt internet services over a wide area. In the Olympic scenario, similar attacks could lead to the loss of live broadcasts of competitions, cut off critical communications, and hinder the delivery of emergency information. If broadcasting is disrupted, millions of viewers worldwide would lose access to live coverage, damaging the viewer experience and the host nation’s image. Furthermore, disruptions in communication systems could affect the safety and coordination of emergency responses, increasing risks during the event.

To address these threats, strong mitigation measures must be implemented. This includes strengthening cybersecurity protocols, continuously monitoring satellite networks, and ensuring effective backup plans are in place. Using strong encryption and regularly updating software are also important to reduce vulnerabilities. Training for security personnel and event organizers in handling cyberattacks is crucial to ensure they can respond quickly and effectively. With these measures, the risks of network disruptions and system outages can be minimized, ensuring the security and smooth execution of the 2024 Olympics.

Satellite Control Takeover:

Zero-day attacks are a serious threat where the exploitation of unknown vulnerabilities in satellite systems can allow unauthorized control, causing significant operational disruptions. For example, in 2014, a zero-day vulnerability was found in a European communication satellite that could potentially be exploited for unauthorized access. In the Olympic context, zero-day attacks could be used to control satellites that support communication, navigation, and broadcasting, disrupting the entire event’s operations. For instance, taking control of communication satellites could cut off the network between organizers and security teams; while taking over navigation satellites could cause chaos in the transportation of athletes and spectators.

Furthermore, generative AI can be used to create more sophisticated and harder-to-detect automated hacking tools, increasing the chances of successful attacks. An example is the increasing complexity and automation of malware, such as Stuxnet, which was used to attack Iran’s nuclear facilities in 2010. In the Olympic scenario, AI could generate hacking tools capable of precisely targeting satellite systems. These tools could scan and exploit vulnerabilities quickly, causing major disruptions to live broadcasts, emergency communications, or security monitoring systems. Additionally, automated hacking tools could launch simultaneous attacks on multiple systems, making mitigation efforts more challenging and complex.

To address these threats, strong mitigation measures are required, including strengthening cybersecurity protocols, continuously monitoring satellite networks, and ensuring effective backup plans. Using strong encryption and regularly updating software is also crucial to reduce vulnerabilities. Training for security personnel and event organizers in handling cyberattacks is vital to ensure they can respond quickly and effectively. With these measures, the risks of network disruptions and system outages can be minimized, ensuring the security and smooth execution of the 2024 Olympics.

Crippling Public Infrastructure:

Potential attacks on satellites to cripple public infrastructure such as transportation, banking, and other essential services are very real and can induce fear as well as damage global reputations. For example, if satellites managing GPS navigation systems are attacked and disabled, it could cause significant chaos in transportation. Land, air, and sea vehicles relying on GPS could lose direction, resulting in accidents, major delays, and logistical instability. A notable example is the GPS spoofing attack in the Black Sea in 2017, which caused ships to report incorrect positions. If similar attacks occur during the Olympics, they could cause significant disruptions in the movement of athletes, spectators, and logistics.

Banking systems that heavily rely on satellites for data communication are also vulnerable to attacks. Outages on satellites supporting financial transactions could cause major disruptions in banking services, such as ATM system failures, delayed online transactions, and loss of account access. This could induce panic among the public and damage trust in the security of financial systems. An example of a cyberattack on the SWIFT network in Bangladesh in 2016, where hackers managed to steal $81 million, demonstrates the potential for significant financial losses.

Healthcare services are also potential targets. Many hospitals and healthcare facilities use satellites for communication and storing medical data. Attacks on satellites supporting healthcare services could cause outages in health information systems, disrupt hospital operations, and even endanger patients’ lives. For example, the WannaCry ransomware attack in 2017, which crippled computer systems in many hospitals in the UK, shows how cyberattacks can disrupt critical healthcare services. Additionally, energy networks that rely on satellites for communication and monitoring are also at risk. Attacks on satellites supporting energy networks could cause widespread power outages, affecting households, businesses, and public services.

To address these threats, strong and comprehensive mitigation measures are required. This includes strengthening cybersecurity protocols, continuously monitoring satellite networks, and ensuring effective backup plans. Using strong encryption and regularly updating software are also crucial to reduce vulnerabilities. Training for security personnel and event organizers in handling cyberattacks is essential to ensure they can respond quickly and effectively. With these measures, the risks of disruptions to public infrastructure and the spread of fear can be minimized, ensuring the security and smooth execution of the 2024 Olympics and maintaining the host nation’s reputation.

Why Major Events Increase Threats

The Olympics is one of the largest events in the world, attracting global attention and involving many countries. The scale and high profile of this event make it an attractive target for malicious actors with various motives. Besides the Olympics, other major events that are potential targets for attacks include the FIFA World Cup, national elections, the G20 Summit, and large international conferences like COP26 on climate change. Attacks on vital infrastructure such as satellites can have widespread impacts, from political instability to economic losses, and require more sophisticated and coordinated mitigation strategies.

The actors who could potentially carry out these attacks range from individuals to more organized groups. State actors are often involved in espionage or sabotage attacks with political or economic objectives. Organized criminal groups may carry out attacks for financial gain, while cyber terrorists aim to create fear and chaos by targeting vital infrastructure. Hacktivists might launch attacks to promote their political or social agendas, and highly skilled individuals may launch attacks to hone their skills and build reputations in their communities.

The capability for these attacks can be greatly amplified by the presence of AI, particularly generative AI, which allows for the creation of more sophisticated and harder-to-detect hacking tools. Generative AI can automate the process of finding vulnerabilities and creating malware, thus lowering the barrier to entry for attackers. This technology can also be used to create more precise and adaptive attacks, able to adjust to the mitigation measures taken by the target, such as generating highly convincing phishing emails or faking satellite data that looks authentic.

To address these threats, strong and comprehensive mitigation measures are required. These include strengthening cybersecurity protocols, continuously monitoring satellite networks, and ensuring effective backup plans. The use of strong encryption and regular software updates is also important to reduce vulnerabilities. Additionally, training for security personnel and event organizers in dealing with cyberattacks is crucial to ensure they can respond quickly and effectively. With these measures, the risks of disruptions to public infrastructure and the spread of fear can be minimized, ensuring the security and smooth execution of major events and maintaining the reputation of the host nation.

Conclusion

The 2024 Olympics in Paris will be a major test of the readiness and resilience of digital infrastructure in the AI era. Satellites, as vital infrastructure, must be protected from increasingly sophisticated cyber threats. Success in protecting satellites and other digital infrastructure is not only crucial for the success of the Olympics but also for global security and stability in the future.