The 2000 Sydney Summer Olympics were arguably the greatest ever. Their preparation also kickstarted the last quarter century of Australian national security capability building—considerably before 9/11, to which Australia was able to respond from more than a standing start. Securing the Olympics was a forcing function, just as the 1999 Timor crisis jolted Defence from complacency about strategic insulation and operational readiness (and self-reliance) before the wars of the 21st century.

Because Sydney went off without a hitch, we’ve since underappreciated its security dimension. Australians won’t have that excuse in 2032. Brisbane will have the longest Olympics preparation time ever—11 years. And we now have a more mature understanding of, and capability for, national security. But the threat picture is also sharper and much more complicated. Security will therefore need to be built into the early design of Olympic games infrastructure and operations, not retrofitted. That work should build on a full range of insights, advice and analysis, including from entities outside government.

Olympics have not been free from security failures. Notorious examples include the 1972 Munich games, when 11 Israelis (including athletes, coaches and officials) and a German policeman were killed during a Palestinian terrorist attack, and the 1996 Atlanta games, when two attendees were killed and more than 100 injured in a right-wing extremist bombing.

When planning for Sydney 2000, Australian security officials therefore focused on the prospect of terrorism, which they considered the ‘most pervasive’ threat. For example, cabinet records released in 2021 revealed that three major security exercises pre-Olympics—named Sky Ring, Blue Ring and Ring True—involved aircraft hijacking, hostage-taking on the harbour and a siege scenario.

Organisationally, the Olympic Security Command Centre (OSCC) was stood up in 1995 (originally named the Olympic Security Planning Group) and included an Olympic Intelligence Centre. The Federal Olympic Security Intelligence Centre would evolve into what’s now the National Threat Assessments Centre within the Australian Security Intelligence Organisation. OSCC staffing reached 250 by the year 2000, including federal liaisons. This was a whole-of-government effort but with an emphasis on singular command and control, under the New South Wales Police Commissioner.

Operationally, security was event-centric and perimeter-focused. It prioritised sanitising and securing venues pre-use, then controlling movements of individuals and supplies to prevent explosive devices or weapons entering. On a broader level, this focus on the perimeter involved enhanced international accreditation and entry processes. Planning was also informed by the prospect of violent protests—some things don’t change. Notably, the infamous S11 riot at the World Economic Forum in Melbourne occurred only days before Sydney’s opening ceremony.

So, what’s different about security considerations for the 2032 Brisbane Olympics?

Some perennials will need to be addressed, including the bane of any international event: the need to respond to participants’ parochial needs within local laws and culture. For example, as in 2000, national teams and dignitaries will want to bring their own (sometimes armed) security. Despite the increasing trend towards more violent forms of disruptive protests, there will also be the same pressure for security to be as unobtrusive as practically possible. One difference is that 2000 was a time of relative international peace. All indications suggest this won’t be the case in 2032. Indeed, there’s a broader threat spectrum facing Brisbane beyond terrorism, including:

—Cyber operations, including disruption of ticketing, transport, broadcasting, logistics and emergency services, as well as data theft and ransomware;

—Critical infrastructure vulnerabilities, spanning energy, telecommunications, water, transport nodes and cloud-based systems underpinning the games;

—Supply-chain interference, from venue construction and security hardware through to uniforms, catering and digital services;

—Fraud and financial crime, including large-scale ticketing fraud, identity exploitation and laundering through Olympic-adjacent commercial activity;

—Espionage and influence activity, targeting not just governments but corporate partners, technology providers and data-rich systems;

—Physical sabotage, as allegedly targeted Paris 2024 (and potentially Milan-Cortino 2026); and

—Disinformation and information manipulation, intended to undermine public confidence, inflame social tensions or delegitimise the event itself.

Technology and tradecraft developments (such as Iran’s sponsorship of terrorism in Australia through criminal proxies) mean Australia has also lost a geographic buffer. We’re a long way from the post-Sydney assessment that ‘unlike some other countries that have hosted past Olympic Games, Australia’s experience with terrorism has been mild. This is in part due to its geographic, political and historical isolation from the world’s trouble spots.’

Security thinking has evolved over the past 25 years as well. A notable change is the development of ‘security by design’, which involves embedding risk mitigation into infrastructure, systems, procurement and governance from the outset, rather than layering protection on at the end. This reflects hard-earned lessons across counterterrorism, cyber security and critical infrastructure protection. Retrofitting security is expensive, inefficient and often ineffective. Designing it in early shapes outcomes for decades.

For Brisbane, that has profound implications that may not yet be fully appreciated amid rising pressure to fast-track development. Importantly, decisions taken now—about technology platforms, data architectures, vendor relationships and intergovernmental coordination—will determine Australia’s exposure well beyond 2032.

There is limited information on the public record so far (expressions of interest for security services have just been released) but, to be sufficiently prepared, Olympic planning should already be underway with this whole-of-system mindset. In 1993, when Sydney’s bid succeeded, many security considerations could be deferred. That logic no longer holds.

Another fundamental difference from 2000 is the significant technological dependencies across all aspects of the games now. Stadiums are dependent on sophisticated lighting, entertainment systems, and essential services and amenities. Global audiences expect real time coverage and quick secure networking to post reactions across traditional and social media. From the moment fans start to engage with the Olympics, technology will need to be secure and resilient.

Attendees in 2032 will expect modern, smooth and technology-enabled processes from the moment they ballot for tickets or enter their visa applications to when they want to quickly get past security screening systems or return home securely on public transport. Any accidental disruption to these services could cause embarrassment on the world’s stage.

This context alone requires significant investment and doesn’t even factor a deliberate attack by a hostile nation state. There has been significant advancement in offensive cyber capabilities in the 14 years since the London 2012 Olympics open ceremony was threatened by a sophisticated cyberattack.

The technology architecture to link all the different security systems across the venues and local infrastructure needs to be considered now—at the design phase, before spades go into the ground. Trying to bolt security systems onto venues that aren’t designed to accommodate them with only a couple of years to go will be expensive and likely outright dangerous. Blind spots and vulnerabilities will be introduced.

Security isn’t just the responsibility of the Queensland government. The federal government will need to pay to ensure that critical infrastructure is secure through testing, upgrades and protective monitoring.

Treating Brisbane 2032 as an upgraded version of Sydney 2000 would be a category error. The operating environment is different, the attack surface is wider, and the consequences of failure—particularly in cyber and critical infrastructure—potentially extend far beyond the event itself.

So, how should Australia design Olympic security for an era in which threats are diffuse, digitally enabled and strategically motivated?

Answering effectively requires moving beyond terrorism alone and treating the games as a fundamental technology challenge as well as a national security and resilience project from the ground up—before the clock runs down.