Lisa Plaggemier

The 2022 Winter Olympic Games in Beijing are set to be one of the most intensely monitored Olympic Games yet, when it comes to cybersecurity.

Coming at a time of heightened global tensions due to the standoff at the Russia-Ukraine border, the COVID-19 pandemic and a surge in cybercrime activity - which jumped more than 600 per cent during the coronavirus pandemic - all eyes throughout the international cybersecurity, national security, and law enforcement communities are focused squarely on the threat landscape stemming from this year’s Games.

Cyberattacks targeting the Olympics are not new. For example, according to the Federal Bureau of Investigation (FBI), Tokyo 2020 was the target of 450 million cyberattacks, with the 2018 Olympics in Pyeongchang reportedly experiencing more than 600 million attack attempts, including an incident during the Opening Ceremony where hackers deleted data from thousands of computers, leaving them inoperable after the "devastating malicious software attack".

But as tensions continue to grow between global superpowers, data privacy concerns rise, and bad actors become more and more sophisticated. Meaning, the Beijing Olympics have emerged as one of the most intriguing events in the history of cybersecurity to date.

With that in mind, below are some of the key cybersecurity topics and trends that are set to dominate the Beijing 2022 news cycle.

Host Nation a Prime Cybercrime Suspect

Unlike in past Games where cybersecurity experts have been most wary of attacks coming from the outside-in, one of the foremost threat actors atop cybersecurity professionals lists for the 2022 Olympics is actually the host nation itself. 

Much maligned for its stance on data privacy and cybersecurity, China has emerged as arguably the biggest focal point in terms of potential cyber maleficence during the event. In fact, China’s cybersecurity conduct has become such a big concern that the FBI and British Olympic Association, among others, have strongly suggested that athletes participating in the Olympics and Paralympics leave their personal devices at home and instead bring temporary devices as a way to protect against data theft, spyware and other threats that could be deployed by the host nation. 

The Dutch Olympic Committee is even taking this one step further by effectively forbidding its participants from bringing personal devices to Beijing, and instead equipping them with unused devices which will be destroyed once the Olympics conclude.

A cyberattack hit the Pyeongchang 2018 Winter Olympics during the Opening Ceremony ©Getty Images
A cyberattack hit the Pyeongchang 2018 Winter Olympics during the Opening Ceremony ©Getty Images

MY2022 App

Since the beginning, vaccine passports have drawn significant scrutiny from data privacy experts from around the world - regardless of which nation was deploying them. However, given ongoing concerns regarding data privacy in China, the MY2022 app - which will serve as a news resource, tourism guide, and health monitoring app for the 2022 Olympics - has become immensely popular among the cybersecurity and national security circles.

Unfortunately, although it’s mandated for download and use by all attendees of Beijing 2022, the MY2022 app has already come under fire over reported encryption flaws and vague information around which parties will have access to the app’s data.

In addition, according to a recent report by Citizen Lab, the app also contains a feature to report "politically sensitive" content and also has a censored keyword list - which includes terms such as Tibet and Xinjiang, among others - raising obvious concerns about press freedom and general digital privacy.

The Broader Cyber Security State of Play

Cybersecurity professionals are also paying close attention to Beijing 2022 in hopes of gleaning a better understanding of the broader cybersecurity landscape as well. Unlike the most recent Olympics which took place in countries closely aligned with the United States, the threat landscape around the Beijing Olympics will likely look significantly different.

For example, while past Russian and Chinese led attacks have likely indirectly impacted each nation’s cybersecurity, these nations have largely avoided targeting each other directly with large-scale attacks. 

Additionally, nations that are closely aligned with these two countries - such as North Korea and Iran - may also steer clear of launching significantly disruptive attacks as well. That said, this does not mean that the 2022 Olympics will be cyberattack free. Cybercriminals are known for attempting to takedown the biggest fish they possibly can, and there is arguably no bigger target than the Beijing Olympics.

All attendees at the Beijing 2022 Winter Olympics are required to download the My2022 app, although it has caused controversy due to concerns around encryption flaws ©Beijing 2022
All attendees at the Beijing 2022 Winter Olympics are required to download the My2022 app, although it has caused controversy due to concerns around encryption flaws ©Beijing 2022

What Type of Threats We are Likely to See

From surges in the number of ransomware attacks to the Log4j vulnerability, there has been no shortage of cybersecurity related headlines over the last two years. And with that, cybersecurity professionals and the general public alike have one question on their minds, "What could be in-store for Beijing 2022?"

Cybersecurity professionals have got incredibly sophisticated in their methods and tactics and now deploy teams of graphic artists and other technical professionals to create sites and content that appear completely authentic. Moreover, they have become much more effective at targeting individuals, departments and businesses that may be the most vulnerable. 

Thus, expect cybercriminals to not be shy in using their entire toolbelt in order to breach the operations of the Beijing Olympics. This includes everything from cutting-edge artificial intelligence-driven attacks to traditional tactics such as spoofed websites and phishing - which was one of the primary threat types used against the Tokyo 2020 Olympics.

From a cybersecurity perspective, Beijing 2022 could arguably not have come at a more hectic time. However, thanks to the growing international collaboration and public-private partnerships that have occurred over the last several years, in many ways the world is in the strongest position it has ever been in, in terms of cybersecurity. 

And with that, if these working relationships can continue throughout the event, there is hope that we will see a safe, secure, and "disruptionless" Beijing 2022 Olympics.