Cybersecurity: “Cyber defense cannot be a supranational issue”
A question that is no longer just rhetorical. From Tuesday and until Thursday, the city of Lille hosts the International Cybersecurity Forum (FIC). An unmissable meeting place for start-ups or giants in the sector as well as institutions, all deal in their own way with virtual but real threats, on a scale ranging from ransoming an SME to attacking a country. At the European level, while each Member State is working on the issue on its own, there is not (yet) a global policy. Nevertheless, for the Director-General of the National Agency for Information Systems Security (ANSSI), the future is going in this direction.
Van attacks, James Bond spies, it’s (almost) over. For some time now, the upward trend has been in cyber threats, +37% between 2020 and 2021 according to ANSSI. The motivations of “malicious actors” are mainly financial, for espionage purposes, or to practice destabilization. And the task of these offenders is greatly facilitated by the “generalization of poorly controlled digital uses”, notes the Agency for France, but also at the European level.
“Real progress in awareness”
On the national territory, we seem rather well-armed on the cybersecurity side. Finally, with regard to institutions and, generally, large companies. “The real problem concerns medium-sized companies in non-sensitive sectors, which criminals attack more easily to avoid strong reactions from States”, notes Guillaume Poupart, Director General of ANSSI. This can also concern small communities, such as town halls. “There is nevertheless real progress in the awareness of the threat on the part of potential victims and the progress of industrial developments for defense and response to attacks”, he continues.
An awareness that is also gaining European authorities but whose realization is slow in coming. A regulation on the cybersecurity of EU institutions has been drafted but still needs to be voted on. Ditto for the “Nis 2 directive” which aims to expand the sectors subject to cybersecurity obligations. The boss of ANSSI also dreams of “European solidarity” around cybersecurity.
“Cyber defense cannot be a supranational issue”
“There are networks between the member countries but their operation is not yet well established”, concedes Guillaume Poupart. However, securing the EU institutions is “technically possible quickly”. Politically, it’s another story, the most complicated being to “gentle the sensitivities” of the Member States.
Everyone, therefore, starting with France, wants to keep control of their security management. “Cyber defense cannot be a supranational issue. Making a big, the more efficient whole is not possible, assures the boss of ANSSI. On the other hand, nothing prevents us from doing things at the European level”. This is what the intelligence services have already been doing for a long time. “There is real cooperation between European states in the field of intelligence, whether cyber or traditional. As there is good collaboration between the various French services”, thus assures a spokesperson for the Military Intelligence Directorate (DRM).