« For great aims we must dare great things ». This reference to the essay of military strategy On war, written by Carl von Clausewitz, sums up the "war-like" atmosphere which prevailed during the International Cyber security Forum (FIC) on 25 and 26 January 2016.
In the heart of an anti-terrorist fight, the interventions of the National agency on computer security (ANSSI) and the Ministry of the Interior, left their mark on this eight edition of the FIC. Digital Security was present beside more than 140 partners and more than 4,000 visitors. This new FIC edition revealed the vitality of the cyber defense market.
This year, the main subject was the protection of personal data. After a year particularly busy on cyber crime: theft of over 5 millions customers' account data from V-Tech, data leak and disclosure of 32 millions users of Ashley Madison website, or even theft over 4 millions US federal employees' data, the issue was relevant.
Never-ending talking shop, the Vauban amphitheater turned into an atypical agora, where we witnessed a 45-minute verbal joust around the issue of digital trust. As part of the Big Data phenomenon, the massive processing of personal data raises numerous security concerns.
On this occasion, Jérémie Zimmermann, co-founder of La Quadrature du Net, was opposed frontally to David Oman, former head of British intelligence. He denounced the lack of transparency of information programs that exploit our personal data, and he objected to the reconsideration mentioned by David Oman of the encryption right.
And for Guillaume Poupard, Head of the ANSSI, the encryption is essential to ensure the protection of our personal data. Moreover, he’s opposed to the creation of a sovereign operating system, passed on its first reading of the law for a digital Republic: « [...] if it’s an OS employed by the government with backdoors everywhere inside, I will oppose ».
Opening the second day of the FIC 2016, the Minister of the Interior, Bernard Cazeneuve, mentioned without major surprise, the 2015 attacks to warn about the terrorist threat which remained «very high and that the fight will be done in cyberspace also [...] ». Technically, the Minister of the Interior came back to the use of the Pharos platform: in 2015, 283 terrorists site have been blocked and more than 188,000 recording forms have been created which 32,000 were related to terrorism only. Also, he mentioned the analysis of Big Data, already mentioned at the opening of the FIC: «It aims at exploiting, in strict accordance with individual freedoms, the large volumes of data available and accessible [...] ».
In addition to technical developments, Bernard Cazeneuve called for the strengthening of European and international cooperation. The construction of a European Cyber Defence Identity is on the right track on that regard. Andreas Könen, from the German BSI, and Guillaume Poupard, Head of the ANSSI, congratulated the parallelism of the missions of their agencies. For example, the French model of encryption of e-mails is directly inspired by the German approach. For his part, John Hayes, Secretary of State for Security for the British Minister of Interior Theresa May, commended the common features of French and English cybersecurity strategies. The United Kingdom has been working for several years on raising awareness of companies and individuals about cybersecurity, as did his French counterpart the ANSSI.
Guillaume Poupard took advantage of the FIC to raise awareness about the dangers posed by the Internet of the things. For years, security researchers demonstrate the presence of significant security flaws, confirmed by the demonstrations at DEFCON in Las Vegas.
The situation is particularly worrying in the field of healthcare «When you see the volume of information collected, when you see the consequences that this may have on patients, there will be dead people tomorrow». Worrying acknowledgement that the conferences about the Internet of things have not fail to uphold.
Digital Security presented the flaws on connected locks, revealing the ease with which they could be hacked. The Research Institute SystemX proposed at its stand, a live demonstration of how to hack a smart grid, in order to warn the visitors about the dangers of cyberattacks against critical infrastructures.
With its CERT-UBIK, Digital Security offers CSIRT and SOC services to protect information systems and connected objects ecosystems. For its part, in the field of connected cars, the ANSSI promises direct involvement, modeled on the Central observatory of intelligent transport systems (OCSTI) whose objective is to identify the risks associated with cyberattacks on connected cars.
Guillaume Poupard also warned about the risks posed by the lack of education and awareness of Internet users. «It's quite disturbing to see people with five years of extensive studies in computer science who never had at least one lecture on cybersecurity issues». However, to nuance this picture, it should be noted that several engineering schools do offer specialized training in cybersecurity, such as the EPITA (School of Computer Intelligence), the National School of Engineers of South Brittany or Polytech Grenoble.
Political stakeholders have called for strengthening the capacity of the national cyber defense in order to fight effectively the multifaceted threats our country faces: «Any defense [...] aims to move to the offensive as soon as it has paid off» argued Carl von Clausewitz. Thus, the fight against cyber terrorism requires a mobilization of European cyber defense agencies and a consolidation of our cyber infrastructure. Also, one of the themes of an offensive cyber strategy illustrated by Bernard Cazeneuve, relies on a mobilization of cyber resources at the European level. The fear of some actors about the hyper-surveillance risk of the society, as George Orwell described in his best-seller 1984, is not unfounded in view of the significant development, achieved or desired, of the monitoring tools.
This eight edition of the FIC also confirms a trend glimpsed in the last editions: the development of the private sector in the field of cyber defense. For example, Orange's CEO, Stéphane Richard, announced the opening of a center of expertise in Lille, whose objective is the training of cybersecurity experts. Moreover, the partnerships against cybercrime between private companies and public authorities are increasingly important. The dismantling of Simda botnet in April 2015, with the help of Kaspersky Lab, INTERPOL, the FBI, Microsoft, the Cyber Defence Institute and a number of other actors, perfectly illustrates this collaboration.