[MILIPOL REPORT N°1] A year after the Paris Appeal

The strategic intelligence team of digital.security attended the 2019 edition of Milipol, a salon dedicated to homeland security and cybersecurity. The conference was divided into two parts, the first of which was an opening speech delivered by Eric Bothorel (Côtes d’Armor’s deputy, member of the Economic and European Affairs Committee), followed by a roundtable discussion gathering experts of the cybersecurity sector. Both interventions were aimed at evaluating the effectiveness of the “Paris Appeal”, a year after President Macron’s address at the UNESCO on November 12, 2018. The main objective of the session was to address a major issue facing the industry today: users no longer have confidence in the digital world, following scandals involving cyberattacks or data leaks. It was therefore with the aim of restoring this confidence that the speakers reflected on both the causalities and possible solutions.

 KEYNOTE: The future of cybersecurity in Europe

For starters, Eric Bothorel warned against a shift in the nature of the main threats to states’ security, and emphasized the rise of “hybrid” ones which come hand in hand with the development of new technologies and the Internet of Things. To strengthen their defense, many countries have invested in the creation of national cybersecurity agencies, such as the ANSSI in France or the BSI in Germany. These entities all refer to the European ENISA, which in charge of centralizing their work in order to raise awareness of the threats and security breaches identified, which then helps spread good practices and establish a legal framework. Bothorel thus highlighted the need to ensure the security of this communications continuum to promote the development of a functional cyber-resilient strategy. To this end, the MP encouraged investments in CSIRT-type cyber infrastructure and information sharing, a strategy of which we could see a glimpse at the consortium organized in July 2019 aimed at boosting cooperation between stakeholders. Bothorel finally referred to Guillaume Poupard’s concept of “positive” cybersecurity: the head of the ANSSI insists on the implementation of new certifications that enhance credibility at the international level. Following the path initiated with the GDPR, member-states must harmonize to create an “exportable” legislation that strengthens their diplomatic digital footprint. Bothorel added that cybersecurity can be a real asset for the state’s economy should the government invest in it, starting with the establishment of a dedicated ministry.

ROUNDTABLE: Strategy and vision for digital trust at the dawn of 2020

According to Philippe Trouchaud, cybersecurity associate at PwC, this lack of confidence stems from the fact that despite their innovative aspects, these technologies are seldom tested before being marketed; as a result, billions of euros in security breaches are sold to companies, which 85% of Internet users consider “overwhelmed” by cyber risks. The controversy surrounding the Linky counter, at first heralded upon its release five years ago and now accused of spying on households, is indicative of the widening gap between users and manufacturers. The same goes for Google, whose autonomous cars fail to convince the public, or for the GDPR, which scrambles to gain Europeans’ trust. Trouchaud believes it is necessary to involve all players along the production chain in order to restore user confidence.  

Coralie Héritier, CEO of IDnomic (recently acquired by Atos) emphasized our capacity to take the lead in terms of legislation: many directives such as the Cyber Act or the NIS have already been implemented, preparing us to compete with the American Cloud Act notably. However, the ENISA does not currently have the capacity to coordinate these measures at the European level, in addition to being subjected to the presence of lobbyists working for our American counterpart in Brussels. Cooperation between agencies is thus needed in order to reinforce member-states’ sovereignty. Trouchaud nonetheless argues that collaboration remains the realm of the government for now: he notably deplores the fact that, in France, the ecosystem does not benefit entrepreneurs, subjugating the state to the GAFAs’ standards and regulations. Jean Larroumets, CEO and founder of Égérie, subsequently emphasized the need to master digital solutions, by not submitting to the GAFAs. To do so, he suggested to adopt a hybrid approach that harnesses the community of bug bounties and white hats present in France to test the safety of the systems developed.

On the other hand, Coralie Heritier’s solution was to inspire ourselves from the Singaporean model, which has utilized technology as a factor of social inclusion. It notably rests on four pillars designed to create a network of confidence, based on infrastructure (communications), equipment (computers, devices), e-payment (essential to the digital economy), and digital identity, in order to avoid usurpation and fraud. This strategy aims to create a “network of trust”, by fitting smart devices with a strong identity and means of authentication. The European Union has sought to take ownership of these initiatives by developing its own electronic identity card, which should be introduced in 2021. Heritier also re-iterated the need to set up a minister dedicated to digital technology, and resolutely oriented towards cybersecurity issues in order to implement a coherent technological roadmap. For Alain Vernadat, Managing Director of the Deveryware Group, this also involved raising awareness at all levels: restoring people’s trust in technology should not only depend on governments or manufacturers, but also be the responsibility of individuals. He stressed the importance of preparing seniors and the youth, the most frequent victims of cybercrime, to the digital century by providing an adequate education.

That last argument was picked up by Philippe Trouchaud, who re-iterates the fact that the cyber sector struggles to attract new talents; the market is suffering from a shortage of professionals of the sector, with 2 to 3 million positions to fill. Statistics show that only “40% of IT specialists feel comfortable with cyber issues”, which unveils a serious need to level up transferrable skills in order to avoid “digging the digital gap”. The associate also advocated the feminization of the sector, hitherto dominated by men as we can see from the poor diversity in engineering programs, which count only 8 to 10% of female students. On the other hand, Coralie Heriter and Jean Larroumets argued that the sector would benefit from all types of profiles as cybersecurity also deals with physical security (home automation, electrical cars etc), that needs to be instilled to every professions. The roundtable concludes that “confidence” goes hand-in-hand with “awareness” (of the challenges) and that “if danger is everywhere, security involves everyone”.