In Conversation with David Tuffley: Securing the Olympics Through Smarter Cyber Defence

What is the biggest threat to public sector data, and what can be done to stop it?
Sophisticated nation-state actors targeting critical infrastructure during high-profile events. 

The Olympics faces heightened risks that would include cyber espionage, data breaches, phishing attacks, and credential theft. These attacks vectors attempt to exploit both technical vulnerabilities and human weaknesses. The best risk management for governments is to implement zero-trust architectures, conduct continuous threat hunting, and maintain real-time incident response capabilities. Best practice in this regard would include multi-layered defence strategies combining AI-driven monitoring, employee training, and international intelligence sharing prove most effective. For best results, cybersecurity must be seen as a shared responsibility across all levels of government, not just an IT problem. 

How can public sector organisations work collaboratively to strengthen a country’s cyber security?
Effective cybersecurity calls for seamless collaboration between local, state, federal, and international agencies. Threat intelligence must be shared in real-time via secure platforms. Government agencies must also coordinate incident response protocols and standardise security frameworks. Joint training exercises simulate large-scale attacks, building muscle memory for crisis response. 

During major events like the Olympics, attackers will likely target multiple systems at the same time – ticketing, transport and broadcasting infrastructure to cause maximum disruption and perhaps embarrassment.  The key is to break down silos, establish clear lines of communication, and if possible, create unified command structures. 

How can AI and automation enable stronger cyber defence?
AI has tremendous capability to transform cybersecurity from reactive to proactive defence. Machine learning algorithms can analyse massive data streams to identify subtle attack patterns that humans would probably not notice. And it can do this in milliseconds rather than hours. AI-driven surveillance and security are being talked about as key solutions for major events like Brisbane 2032. With automated AI response systems, a compromised network can be immediately isolated, preventing the threat from spreading to other networks. 

Natural language processing can monitor social media for threat indicators. Behavioural analytics can flag unusual user activities. And AI can reduce false positives by learning what normal system behaviour looks like, allowing security teams to focus on actual threats. But it must be emphasised that automation requires human oversight to prevent algorithmic bias and ensure appropriate responses. It is the team - the combination of AI speed with human judgment that creates the most robust defence posture. 

How can the public sector best test and prepare against threats?
Testing cybersecurity calls for comprehensive red team exercises that simulate real-world attack scenarios. Organisations should conduct tabletop exercises involving all stakeholders, from IT teams to executive leadership, testing both technical controls and decision-making processes. 

Penetration testing should be happening continuously, not annually, with different teams attacking various system components in a non-predictable way. Olympic-scale events face broad attack surfaces including live streams, digital ticketing and transport infrastructure. 

Stress testing can replicate peak load conditions when systems are most vulnerable. Purple team exercises, where offensive and defensive teams collaborate, are a good way to identify gaps. Regular drills with international partners can ensure coordination mechanisms work under pressure.  

What problem will you be sharing a solution to onstage?
The core problem is securing the Brisbane 2032 Olympics while the world watches and adversaries rub their hands in anticipation. The Games run from July 23 to August 8, 2032, making Brisbane a prime target on the world stage. 

Traditional cybersecurity approaches fail under Olympic-scale pressure, where millions of users access critical systems simultaneously while sophisticated attackers exploit the attention. 

My solution integrates AI-powered threat detection with human-led incident response, creating adaptive defence systems that scale with demand. This approach combines predictive analytics, automated containment, and international collaboration protocols. This framework protects athlete data, broadcast systems, and ticketing platforms while maintaining seamless user experiences. 

Success requires treating cybersecurity as an Olympic sport itself – requiring preparation, teamwork, and flawless execution when it matters most. 

Describe your session in three words.
"Adaptive Olympic Defence"  

Cybersecurity systems that evolve in real-time to counter emerging threats while providing the seamless digital experience millions expect from the Games. 

Don’t miss David Tuffley live at the Government Cyber Security Showcase QLD on the 3 September 2025. He will be discussing Securing the Queensland Olympics as the world descends, sharing his insights on uplifting cyber resilience in the lead-up to Brisbane 2032. Register here.