France and cyber security
New threats are emerging in cyberspace: use of the Internet for criminal purposes (cybercrime), attacks on IT networks and their military and strategic implications (cyber defence and information system security). "Cyber security" is a blanket term that encompasses all these issues.
Cyber attacks, whether state-sponsored or not:
purport to be the actions of individuals;
are anonymous, and make it very difficult to identify with any certainty the real instigator, who is often cleverly concealed behind a front of unwitting links (botnets) or intermediaries (proxies);
are relatively easy to mount, at little cost and with very little risk to the instigator.
Their aim is primarily to disrupt corporate and government information and communication systems (ICS) and even to threaten the physical integrity of infrastructure crucial to national security. Cyber security refers to all the security measures that can be taken to defend against such attacks. The spectacular increase in the level of sophistication and intensity of cyber attacks has encouraged most developed countries to reinforce their resilience to cyber attack in recent years and to adopt national cyber security strategies.
France’s national cyber security protection system
Strategic decisions taken at the highest level of State in recent years have made cyber security a priority for French government action. France reviewed its defence and national security policy in great depth at the time of the 2008 White Paper, and new priorities were identified and approved by the President of the day. Preventing and responding to cyber attack was identified as one of the key priorities in the organisation of national security.
To meet the growing challenge posed by cyber attacks, and in the light of the recommendations made in the White Paper on Defence and National Security, the French Network and Information Security Agency (ANSSI) was set up in July 2009. ANSSI is an interdepartmental agency operating under the authority of the Prime Minister. Its status was further reinforced early in 2011 when it became the national authority for information systems defence and security.
Following the creation of ANSSI, France published its national strategy for information systems defence and security in February 2011.
As part of the reinforcement of cyber defence capabilities at the Ministry of Defence, the post of Cyber Defence General Officer was created in 2011, with responsibility for coordinating the Ministry’s cyber defence activities and acting as the main interface in the event of a cyber crisis.
The Ministry of Foreign Affairs ensures the consistency of French positions on cyber security within the various international organisations and supports the development of international collaboration to address this issue. One of the key areas of action identified in the national cyber security strategy adopted in 2011 was development of our international collaboration: in addition to establishing bilateral relations on matters of cyber security, France is also an active contributor to the formulation of cyber security policies within international organisations. Particular emphasis is placed on work on cyber security currently being undertaken within NATO and the European Union, but also at the UN and OSCE.
In common with other countries (USA, UK, Germany, Russia, Japan, etc.) that have appointed a Cyber Affairs Coordinator within their respective foreign affairs ministries, the French Ministry of Foreign Affairs entrusted the responsibility for coordination of cyber security matters to its Deputy Secretary-General with effect from August 2011.
Cyber security issues in multilateral organisations
Within the European Union, the European Commission and the EEAS are drawing up an EU Cyber Security Strategy. France is actively contributing to the formulation of this strategy, which will reinforce the cyber security of European institutions and of member States but will also make the EU a key world player in cyberspace.
At the UN, the issue is being addressed by a Group of Governmental Experts (GGE) on cyber security, meeting from August 2012 to June 2013. France’s representative on the GGE is French Ministry of Foreign Affairs Deputy Secretary-General Jean-François Blarel.
For NATO, cyber defence is a major issue crucial to its renewal and its ability to adapt to new threats. Following adoption of the new strategic concept at the Lisbon Summit in November 2010, the 28 member States approved a NATO policy on cyber defence in June 2011.
The OSCE launched an informal working group on cyber security in 2012: its aim is to develop confidence-building measures and transparency between States in cyberspace.
The 2011 G8 Summit in Deauville, under the Presidency of France, recognised the importance of dialogue between key world players on the issues of cyber security and underscored the need for States to adopt common standards of behaviour in cyberspace.
International Conferences on cyberspace: following the first of the conferences, held in London in November 2011, the second was held in Budapest in October 2012. This is currently the only forum that brings together all the leading cyber nations of the world (delegations from over 50 countries attended the London conference) to discuss a vast range of cyberspace issues and learn lessons from work carried out by various international organisations. The third conference will be held in Seoul in October 2013.
Updated on : 01.13