Milan 2026: Securing the Upcoming Winter Games in an Age of Hyper-Connectivity and AI-Driven Chaos

The world's premier international sporting event represents one of humanity's highest expressions of excellence. Not only for the athletes competing on a global stage, but for the behind-the-scenes teams operating under extraordinary pressure to make the event possible.

And in 2026, cybersecurity becomes something else entirely. The same AI that is improving performance, safety, and fan experience is also reshaping cyber risk at scale. In many ways, the Winter Games compress years of enterprise risk into a two-week window where there are no do-overs.

The Winter Games in Milan–Cortina will be staged across multiple cities and venues, broadcast globally across digital-first platforms, and run on more interconnected infrastructure than any winter sporting event before it. The Games are no longer a two-week event with a perimeter. They are a temporary global enterprise, built at speed, under constant scrutiny, and attacked relentlessly.

Lessons learned from securing three global games 

I've had the privilege (and pressure) of helping protect the Games from three very different angles:

• London 2012, working for the host-country telecom provider, where the mission was to keep national-scale connectivity stable, trusted, and resilient under attack.
• Rio 2016, defending a Tier-1 domestic sponsor, where attackers didn't need to disrupt the Games themselves; they only needed to compromise the brand connected to it.
• PyeongChang 2018, supporting from a broadcast perspective where every second of outage is visible, reputationally damaging, and operationally catastrophic.

Those experiences all reinforced the same lesson: security at this scale is not a "big SOC" problem (more tools and more analysts). It's a systems engineering problem. It's about synchronizing resilience, identity, trust, and response across dozens of independent organizations that must operate as one, often for the first and only time.

Understanding the cyber attack surface (it's not just a perimeter) 

Today, the Winter Games function as a true system-of-systems, and attackers understand that better than most defenders. To understand how to secure Milan 2026, you first have to understand what the Games really look like from a cyber perspective. They are not just stadiums and scoring systems. They are a vast mesh of telecom infrastructure and high-speed interconnects, cloud platforms delivering identity, logistics, and collaboration, operational technology running venue facilities and access control, mobile applications and fan engagement platforms, broadcast production pipelines that are increasingly IP-based and cloud-assisted, sponsor ecosystems handling digital campaigns and payments, and national delegations carrying sensitive personal and medical data.

When you look at the Games this way, it becomes clear that the attack surface is not a circle. It's a web. And in a web, an attacker doesn't need to cut every strand. They only need the right weak point.

Three forces reshaping cyber risk heading into Milan 2026

Looking back from London in 2012 through Rio in 2016 and PyeongChang in 2018, one trend stands out clearly. The Games haven't just become more digital—they've become more interdependent. And, Three forces have fundamentally reshaped the risk profile heading into Milan 2026.

Identity is now the primary control plane

In 2012, the biggest concerns were availability and perimeter defense.

In 2026, the biggest concern is who can access what, from where, through what chain of trust.

Security teams supporting the Games aren't just defending networks, they're defending:

• Non-human identities (service accounts, API keys, automation tokens)
• Privileged access pathways (temporary admin access is a gold mine)
• Federated identities across partner organizations
• Vendor remote access, which is often the highest-risk access of all

If identity fails, everything fails: broadcast workflows, workforce access, venue operations, press systems, and sponsor platforms.
Most major disruptions don't start with malware. They start with access.

AI transforms the attacker playbook and the trust problem

AI isn't just a productivity tool for defenders. It is now a weapon for adversaries at scale.

What this means for the Games:

• Phishing becomes perfectly localized, multilingual, and personalized
• Fraud becomes more believable via voice cloning and deepfakes
• Disinformation becomes operational, not political and is designed to cause panic, confusion, crowd movement, or distrust of official communications

The future risk isn't only when "systems go down." It's when people believe the wrong thing at the wrong time, and operations suffer.

A hard truth about large-scale global sporting event security is that the most dangerous moments often look ordinary. A credentialing team gets an urgent message that appears to come from leadership. A vendor account needs temporary access to resolve an issue before the next event starts. A broadcast team is told to reroute traffic through a new path just for tonight. Under normal enterprise conditions, those requests might trigger review cycles and approvals. During the Games, they trigger action. AI-driven impersonation and time pressure turn those moments into openings, and in world-scale environments, small trust failures can quickly become operational failures.

Disruption remains a key objective

The highest-impact attacks against global sporting events of this scale have always focused on disruption, particularly through network availability and capacity exhaustion. From a telecommunications perspective, disruption manifests downstream across the ecosystem:

• Ticketing and accreditation delays driven by degraded connectivity
• Transport and logistics coordination failures tied to real-time network dependencies
• Venue access control interruptions relying on central identity and network services
• Broadcast feed degradation or loss caused by upstream network saturation
• Sponsor payment platform outages during peak demand
• Degraded emergency and safety communications during critical moments

Attackers don't need months of persistence. They need impact for minutes. And those minutes are watched by the entire world.

Why risk looks different depending on where you sit

One of the hardest lessons from securing the Games is that risk looks different depending on where you sit. From the host-country telecom perspective during London 2012, everything revolved around continuity. Connectivity had to remain stable under extraordinary load and attack, emergency communications had to work without hesitation, and failures could not cascade. When this work is done well, it looks boring. No visible degradation. No crisis calls. No headlines. That's success. But achieving that while enabling rapid deployment and temporary access across massive operations is incredibly difficult.

The sponsor view during Rio 2016: The games weren't the asset 

From the sponsor perspective, the event itself wasn't the asset. The brand was. Sponsors are targeted because they have massive visibility, trusted digital touchpoints, active marketing campaigns, and payment infrastructure tied directly to the Games. Attackers don't need access to core systems to cause damage. They only need to turn the sponsor into the story through DDoS, impersonation, fraud, account takeover, or ransomware timed to peak attention.

The broadcast view during PyeongChang 2018: Security became production

From the broadcast perspective at PyeongChang 2018, security became inseparable from production. Broadcasting the Games isn't enterprise IT. It's real-time production engineering. Feeds must stay up. Workflows must keep moving. Integrity matters as much as availability. Modern broadcast environments are tightly integrated with third parties, increasingly cloud-assisted, and intolerant of delay. When something breaks, there is no opportunity to quietly recover later. The world sees it immediately.

What Milan 2026 security leaders must do differently

The focus for Milan 2026 should not be on adding more tools or dashboards. It should be on how the entire Winter Games ecosystem operates under stress. Threat modeling must extend across organizational boundaries, because attackers consistently exploit the seams between teams rather than the systems themselves. Privileged access needs to be treated with the same seriousness as physical venue access, as it often provides the fastest path to disruption. Security operations must function less like ticket queues and more like an incident command structure, with clear authority, rehearsed escalation paths, and intelligence-led decision-making.

Equally important is focusing on the workflows that actually break the Games when they fail. Credentialing, ticketing, transport coordination, broadcast production, emergency communications, and sponsor digital platforms all require engineered resilience. The goal isn't just recovery. It's controlled degradation with the ability to keep operating in a predictable, trusted way even when things go wrong. And finally, disinformation must be treated as an operational risk, not just a reputational one. In 2026, trust itself is part of the security perimeter.

Securing the games Is ultimately about protecting belief

At its core, securing the Games is about protecting belief. Belief in fair competition. Belief in safety. Belief in operational excellence. That belief is exactly why attackers target the Games in the first place.

Milan 2026 will be more connected, more digital, and more interdependent than any Winter Games before it. The teams defending it won't stop every attack. That's not realistic. 

It will be about building a security posture that can operate at event speed:

Resilience without hesitation. Trust without delay. Response without confusion.

That's how you protect the Games and the belief that comes with them.

The next 30 days: High-leverage moves that matter most

If you're a security leader reading this and thinking "this sounds like my enterprise," you're not wrong. The Games are simply an accelerated version of what many organizations already face. In the next 30 days, there are a few high-leverage moves that matter more than adding yet another tool:

• Map the critical workflows that must not fail (identity, access, ticketing-equivalents, customer platforms, communications)
• Eliminate standing privilege where possible, and inventory non-human identities and tokens
• Stress test availability and capacity assumptions, including dependency chains and failover paths
• Move security operations toward incident command, with clear authority and rehearsed playbooks
• Build AI-era trust controls: verification procedures, callback protocols, and deepfake-aware escalation

Final thought: Preventing small failures from becoming systemic ones

What I've learned from securing global sporting events is that the challenges aren't actually unique. The scale, visibility, and operational pressure are different, but the underlying problems look exactly like those of today's modern enterprise: interconnected systems, heavy third-party dependencies, identity everywhere, and AI increasingly embedded in critical workflows and decision-making. The real question isn't whether you can stop every attack, it's whether the business can operate predictably under pressure when things go wrong. That's why resilience, identity integrity, trusted communications, and AI-aware security controls matter as much as detection. At WWT, we sit at the intersection of strategy, engineering, and operations, validating approaches in our labs, pressure-testing them across technologies, and helping teams operationalize them in a way that supports both resilience and business velocity.

The goal is simple: keep the mission running, protect trust, and prevent small failures from becoming systemic ones.