Cyber threats: scale and scope of the French State

Olivier de Mazières: Cyber is a subset of the digital sector. When a hacker takes over a digital service, launches a denial-of-service attack, or compromises a database, this is cyber. I see four main categories of threats. Attacks that target the public (phishing for example), attacks of an economic nature (such as ransomware), State-to-State attacks (with geopolitical motivations which lie within the scope of services such as the DGSI)

and a new category that has emerged in recent years: manipulation of information and fake news. In practice, we must consider the increasingly hybrid nature of cyber threats. Today, attacks often fall into several categories: an economically motivated attack carried out with the help of State resources, for example.

O.de.M: There are several types. State organizations that seek to destabilize another country, cybercriminals who are seeking financial gain, "hacktivists" who are defending an ideology through more or less violent actions

and challengers who are seeking performance and satisfaction. All are becoming more sophisticated and coordinated in their actions.

O.de.M: On the business side, the most common risk is ransomware. For individuals, it is phishing for bank data and hacking payment methods. But the worst threats are the hybrid "cyber" - "physical" attacks. These begin in cyberspace, but they have serious consequences in the physical world: shutting down a hospital or paralyzing a water or electricity distribution network for example.

Let's take the transport network. We're looking at automated systems in cars, planes, and trains. When cybercriminals hack these daily activities, the consequences are potentially massive. So, we must build security and resilience into these systems right from their design. Attackers are extremely opportunistic, and they target a system's weakest point.

O.de.M: Indeed, hospital IT systems were particularly vulnerable and targeted during the pandemic for cyberattacks. Certain circumstances increase exposure, whether it's a democratic election or a major international event like the Olympic Games.

In 2024, the Paris Olympics will be a chance for cybercriminals around the world to hack security systems and interrupt the broadcast of events, stop competitions, or disrupt on-site security. Today, the war in Ukraine is also a vector for accelerating cyber risks.

O.de.M: The focus must be on the situations where there's the most exposure. Threats are agile and mutate quickly, so security systems cannot lag behind those of cybercriminals. Today, caution alone is no longer enough. It is essential to leverage the appropriate means at all levels so that there is no divide between the well protected and the more exposed.

That's why we work in coordination with players such as Orange Cyberdefense and the entire cyber ecosystem. The challenge is not to rest on your achievements - you have to constantly initiate new responses as cybersecurity must remain a constant process.

O.de.M: The State aims to provide an end-to-end response. First, there are operators of vital importance and operators of essential services. These are monitored closely by ANSSI and the DGSI because they are fundamental for the smooth running of the country. But today, cyber risks don't only affect major national companies. At the other end of the spectrum, the public interest group Action contre la Cybermalveillance (ACYMA) raises awareness and offers training courses and support to a wide audience.

It has introduced the ExpertCyber certification to identify legitimate partners that can help cyber victims. Between these two ends of the scale, there are medium-sized organizations (local authorities, public sector establishments, hospitals, companies etc.) who don't always have the resources to defend themselves on their own. It takes a major coordination effort to protect them, particularly at the local level through intermediaries such as Prefects and internal security forces.

O.de.M: European democracies are targets when they embody a certain socio-economic model, and several initiatives are in place to adapt our responses on a European scale. With the Digital Services Act (DSA) for example, the EU obliges digital service providers to act on the request of a State regardless of the country where the data is hosted. It also has rules for reporting any non-compliant content and creates points of contact to facilitate the work of security forces so that response can be faster and more direct. The EU also specifies that cyber protection respects individual freedoms. Unlike other states, the EU ensures transparency in the cybersecurity method that is being employed, and ensures citizens know what data is held about them and how they can access it.

This respect for individual freedoms is supported by the European Data Protection Board (CEPD), the European equivalent of CNIL. On a practical level, ANSSI also carried out an exercise in January 2022 in cooperation with its European counterparts from the Cyber ​​Crisis Management Cooperation Network (CyCLONe). This life-size simulation aimed to test the response capabilities of Member States during an international cyber crisis. The feedback from this exercise will help tighten systems and advance a range of cybersecurity topics. This is one of the objectives that France will pursue during its presidency of the European Union.

MagazineEuropean cybersecurity: how can we build a safer digital society?

• Sovereignty, trust, and competitiveness: the end goal for public-private cyberdefense cooperation
• What do you do in the event of a cyberattack? AFNOR shares its experience
• Cybersecurity: a booming market in Europe
• Why does European cybersecurity pose a talent challenge?
• Suzan: "We need to spread the word that there are many great benefits for women in cybersecurity"
• Cybersecurity in business: each player in the value chain must cooperate
• Cyber ​​protection: three things you should do in the office and at home