Cyber security

France and Cyber security

New destructive practices are developing in cyber space, including criminal use of the Internet (cyber crime), including for terrorist purposes; large-scale propagation of false information; espionage for political or economic ends; and attacks on critical infrastructure (transport, energy, communication, etc.) for the purposes of sabotage.

Coming from State or non-State groups, these cyber attacks:

  • know no border or distance;
  • are difficult to attribute: it is very hard to formally identify the true culprits, who are often acting under the cover of unwitting relays (botnets) or intermediaries (proxies);
  • can be carried out with relative ease, with little cost or risk for the attacker. They aim to jeopardize the smooth functioning of communication and information systems (CIS) used by citizens, businesses and administrations, and even the physical integrity of infrastructure that is crucial to national security.

Cyber security covers all security measures that can be taken to defend against such attacks. The spectacular increase in the sophistication and intensity of cyber attacks has, in recent years, led most developed countries to toughen their resilience and adopt national cyber security strategies.

A robust national arsenal that is growing stronger

France’s national cyber security arsenal is based on two key texts: the White Paper on Defence and National Security (2013) and the National Digital Security Strategy (2015).

This Strategy, which is intended to accompany the digital transition of French society, addresses new challenges that have emerged from changes in the use of digital technology and from threats related to the following five objectives:

  • guaranteeing national sovereignty;
  • providing a robust response to cyber attacks ;
  • informing the general public;
  • making digital security a competitive advantage for French businesses;
  • strengthening France’s voice at the international level.

Under the National Digital Security Strategy, the government is committed to the security of information systems in a bid to build, through a collective response, digital confidence that is conducive to the stability, economic development and the protection of citizens.

At the technical and operational levels, various actors contribute to the effectiveness of the mechanism:

  • Established in 2009, the French Network and Information Security Agency (ANSSI) is the national cyber security authority. At the frontline of French cyber security, it is responsible for the prevention of (including in the field of standard-setting) and response to computer incidents targeting strategically important institutions. Moreover, it organizes crisis management exercises at the national level. At present, the ANSSI employs over 500 persons and continues to grow.
  • The Ministry of Defence performs the dual functions of guaranteeing the protection of the networks that underpin its action and of placing the digital struggle at the heart of military operations. In order to consolidate the action of the Ministry in this field, a cyber defence command unit (COMCYBER ) reporting to Chief of the Defence Staff was set up in early 2017.
  • The Ministry of the Interior is tasked with tackling all forms of cyber crime that target national institutions and interests, economic actors, public authorities and individuals. It mobilizes to this end the specialized central networks and regional networks of the Director-Generals of the National Police, National Gendarmerie and Internal Security. They are responsible for conducting investigations to identify the perpetrators of cyber attacks and to bring them to justice. These services contribute, inter alia, to prevention efforts and to raising awareness among the persons concerned.

Guaranteeing the digital strategic autonomy of the European Union

Within the European Union, France advocates an ambitious vision and champions the EU’s digital strategic autonomy. This vision is based on three pillars:

  • An industrial and capacity pillar: the Directive on network and information security (the NIS directive) of July 2016 marks an important step forward in strengthening the cyber security of each Member State. France also supports the proposal of the European Commission to strengthen the European Network and Information Security Agency (ENISA), destined to become a genuine European cyber security agency and to enhance operational cooperation between Member States.
  • An industrial pillar: the ambitious contractual public private partnership (cPPP) on cyber security launched by the European Commission in July 2016 should promote research and development in the field of cyber security at the European level. In addition, the EU’s strategic autonomy will also depend on its ability to be at the cutting edge of the next technological revolutions in the digital field. Indeed, this is the thrust of the call made by the President of the French Republic to create a European version of DARPA, i.e. a funding agency for breakthrough innovation.
  • A standard-setting pillar: both on the political and technical front, France must ensure that the EU equips itself with the cyber standards that are compatible with a high level of rigour and security. This applies to the certification of cyber security products and the location of sensitive data.

Guaranteeing strategic stability and international security in cyber space

The strengthening of strategic stability and international security in cyber space is one of France’s top priorities. Therefore, France plays an active role in promoting a secure, stable and open cyber space. The Ministry for Europe and Foreign Affairs coordinates France’s work on cyber diplomacy.

France is particularly active within the United Nations, where rules on responsible conduct in cyber space are under discussion. France participated in five UN groups of governmental experts (GGE) on cyber security. Thanks to the work of these groups, it was possible to root cyber space in the international system based on the Charter of the United Nations and to guide States in a spirit of prevention, cooperation and non-proliferation in cyber space (in 2013, the applicability of international law, including the Charter of the United Nations, to cyber space was recognized; in 2015, a set of voluntary commitments on the good conduct of States (‘norms of behaviour’) in cyber space was consolidated).

France is also involved in other international bodies where cyber security issues are discussed, including:

  • Within the North Atlantic Treaty Organization (NATO), where France was behind the adoption by the 28 Nations of the Cyber Defence Pledge at the Warsaw Summit in June 2016. The recognition at this summit of cyber space as a domain of operations now obliges NATO to defend itself as it does in the air, on land, and at sea.
  • At the G7, where the work of the Ise-Shima group on cyber -related issues, established in 2016, led to the adoption of an ambitious Declaration on Responsible States Behaviour in Cyberspace by the G7 Foreign Ministers in spring 2017.
  • At the Organization for Security and Cooperation in Europe (OSCE), which has become a regional reference body for the definition and implementation of confidence-building measures in cyber space with the adoption of two packages of confidence-building measures in 2013 and 2016.

Finally, France intends to consider, together with its State partners as well as its partners in the private sector and civil society, the role and responsibilities of private actors in strengthening the stability and international security of cyber space. The Ministry for Europe and Foreign Affairs therefore chaired an event on this topic on 18 September 2017 on the sidelines of the 72nd session of the United Nations General Assembly (UNGA).

For more information, visit:

Updated: 04.10.17