The Athlete as Critical Infrastructure
As the Milano Cortina 2026 Winter Games approach, a fundamental shift has occurred in the cyber risk landscape. The “Internet of Bodies” (IoB), the mesh of biometric sensors, smart safety equipment, and performance trackers, has transformed the elite athlete from a participant into a high-value node within a critical infrastructure network. For stakeholders, this convergence creates a volatile Cyber-Physical System (CPS) where the attack surface has migrated beyond the stadium firewall to the athlete’s own biology. A breach in this environment risks more than data loss; it threatens physical safety (“kinetic” consequences) and the fundamental integrity of global competition.
The Kinetic Threat: Hackable Hardware and Safety-Critical Systems
Unlike traditional IT environments, the IoB introduces risks where digital exploits translate into physical force. As 2026 kicks off, the reliance on active, algorithm-driven safety gear has created a new vector for sabotage.
The most severe risk involves the Dainese D-air Ski airbag vests, which are now mandatory for Downhill and Super-G events. These vests rely on complex algorithms, accelerometers, and GPS to deploy protection milliseconds before a crash. A firmware corruption or wireless jamming attack could theoretically trigger a false deployment mid-race, causing a high-speed crash, or disable the system during a genuine accident, leading to catastrophic injury.
In the alpine conditions of Cortina, athletes also rely on app-controlled heated garments. As seen in recent field recalls of consumer heated wearables due to battery surges, a malware attack targeting these thermal regulation systems could cause severe burns or hypothermia, physically degrading an athlete’s ability to compete.
Data Sovereignty & Supply Chain Failure
The assumption that athlete health data is private and secure was challenged by events in late 2025, serving as a stark warning for Olympic data governance. The class-action lawsuit of the Lomeli v. Whoop Inc. in November 2025 revealed allegations that sensitive physiological data was shared with third-party analytics brokers without explicit user consent. For Olympic athletes, this confirms that proprietary recovery data is likely flowing through insecure vendor supply chains, potentially accessible to commercial bidders or rival intelligence teams.
Additionally, the introduction of the Visa SkiTap26 wearable for the Games combines payment tokens with ski-lift access. Unlike a smartphone, this “always-on” wearable broadcasts a continuous stream of location and financial data. If compromised, it allows bad actors to track the precise real-time movements of high-profile athletes across the Olympic villages, merging physical security risks with financial fraud.
“Biological Insider Trading”: The Integrity Crisis
The legalization of micro-betting has monetized millisecond-level data, turning athlete biometrics into material non-public information. The primary risk is biometric latency arbitrage. If hackers intercept the Bluetooth Low Energy (BLE) signal from an athlete’s wearable, they can detect a spike in resting heart rate or a drop in recovery score hours before the athlete competes. This allows syndicates to place bets on the athlete’s failure before the public market adjusts.
This threat is amplified by the fragility and speed sensitivity of real-time sports data feeds. Public risk disclosures note that errors in third-party sports data can lead to incorrect bet settlement outcomes. If an official data pipeline is disrupted through latency, outages, or corrupted inputs, the integrity of Olympic betting markets is at risk. The IOC estimated aggregate betting volume around €11 billion for Paris 2024 alone, underscoring how quickly small timing or accuracy failures can scale into major market integrity exposure.
Mitigation Through Improved Data Privacy
Recognizing these elevated threat levels, stakeholders for Milano Cortina 2026 should prioritize pragmatic, defense-in-depth controls that reflect the realities of these cyber-physical systems operating at global scale. Zero Trust principles applied to wearable devices and operational technology, including strong device identity, mutual authentication, least-privilege access, and cryptographically signed firmware updates, can significantly reduce the risk of tampering with safety-critical systems. At the data layer, end-to-end encryption, strict data minimization, segmentation of biometric signals from identity and location data, and tighter governance over third-party access are important to preserving athlete privacy and market integrity. These measures can help ensure that the Games are decided by athletic performance rather than the exploitation of digital or biological attack surfaces.
