Italy's new National Cybersecurity Agency is preparing to meet its own challenge (securing the 2026 Winter Olympics) at a time of increased cyber threats.
.png?width=1920&height=1080&name=Cybersecurity%20at%20the%202026%20Winter%20Olympics%20(1).png)
The approach of the 25th Winter Olympics is stirring up global intrigue as sports fans around the world make plans to watch the event and cheer on their favorite countries. The Milano Cortina 2026 Olympic Games will take place from February 6th to February 22nd, 2026, in Italy, with competitions being split between Milan and Cortina d'Ampezzo. Similarly, the Paralympic Winter Games will also be hosted in Milan and Cortina, but will run from March 6th to March 15th, 2026. Preparations for the historical event, including venue renovations and the construction of the Olympic Village, began as early as 2019, when the Fondazione Milano Cortina 2026 was founded to "organise, promote, and publicise sporting and cultural events relating to the Olympic and Paralympic Winter Games." In addition to the physical preparations for the Games, there is another critical element that Italy has not overlooked - cybersecurity.
Cybersecurity has become increasingly important during the Olympics. The event is an attractive target to threat actors, as the global stage means that cyberattacks in the name of specific causes - also known as "hacktivism" - can push political messages to a wide audience. 2025 was marked by straining geopolitical tensions between several countries, like China and the US, Russia and Ukraine, and the US and Venezuela. Unfortunately, 2026 is yet to see any resolutions to these conflicts, so hacktivism and state-sponsored cyber attacks remain notable threats since the last Olympic Games.
Ahead of the 2024 Summer Olympics in Paris, Russian influence actor Storm-1679 pushed a disinformation campaign to slander the reputation of the International Olympic Committee (IOC) and spread fear about acts of terrorism occurring during the event. Olympic organizers then collaborated with cybersecurity companies and their national agency for information security (ANSSI) to test 500 sites related to the Games. These groups even used artificial intelligence (AI) and 'ethical hackers' to stress test the systems. Their efforts were generally successful, and while 141 cyber incidents were recorded, disruptions to the competitions were avoided. Still, 22 (15.6%) of the cyber incidents did result in successful access to information systems, suggesting more defensive measures could be considered.
For the 2026 Olympics, Italy has a new cybersecurity tool they plan to 'test' - their National Cybersecurity Agency (ACN). ACN was only established in 2021 with the responsibility of "safeguarding security and resilience in cyberspace," and "preventing and mitigating as many cyber attacks as possible". Crucially, the 2026 Games will be the organization’s first Olympics. In anticipation of the games, the Agency has been observing the dark web over the past year in hopes of preventing cyberattacks on the Winter Olympics. This year’s Games pose a special security challenge: the competitions are being hosted by two cities (a first in Olympic history), and the continuing advancements in AI.
AI has been recognized as a threat to European security for a while. In the European Union’s 2025 Serious and Organised Crime Threat Assessment (SOCTA), the EU found that AI lowered the technical skill requirement for malicious threat actors and allowed for the dissemination of several far-reaching cyber attacks at the same time. During a tour with Reuters, Gianluca Galasso, the director of cyber operations and crisis management at ACN, explained the AI problem: "Cyber phenomena keep growing for obvious reasons. Now there's artificial intelligence, and we expect attackers to use AI agents to support cyber operations. We anticipate a heightened threat level, but we are prepared. At the moment we don't see any specific, elevated risk."
Italy’s confidence is predicated on its approach, which prioritizes prevention through early detection. Galasso described their method: "Our work happens before someone tries to enter a system. We look at everything that moves in the criminal ecosystem to anticipate the threat." This ecosystem includes criminal forums and social channels that specialists at the ACN monitor to identify future threats and patterns. Such forums are often key to the sale of malware and hacking services, like the RAMP cybercrime forum that was seized by the FBI on January 28th, 2026. The RAMP site shutdown may eventually lead to arrests based on identifiable user data like emails and IP addresses, a tactic that could also be useful to ACN if they uncover actors planning to attack the Winter Olympics.
Closer to the Olympics, ACN will place 20 (about a fifth of the agency’s) operational experts at their headquarters based in Rome. These experts will communicate in real time with the teams set at the Olympic venues. An additional group of 10 senior experts will be in Milan two days before the games begin to work with the Technology Operations Centre (TOC), the organization overseeing the technological systems during the Olympics. Like the 2024 Paris Olympics, this year’s Games will also depend on collaboration. ACN experts will work alongside a 400-strong workforce (100 Deloitte specialists, 300 local staff) tasked with managing digital infrastructure.
Italy has been working hard to secure the Milano Cortina 2026 Olympic Games. Hopefully, ACN’s work will keep the Games running smoothly and safely for the expected 2,800 competing athletes, the half million spectators, and the three billion viewers around the globe.