The French approach to cyber
Strategic Review of Cyber defence
The Review pointed out the need for better coordination across the main public stakeholders in case of a cyber security crisis, hence the creation in 2018 of the Coordination Committee for Cyber Security Crisis, chaired by the Secretariat-General for Defence and National Security (SGDSN).
Organising the French cyber defence capacities around four chains, the document empowers ANSSI as leading the cyber protection of France.
Mindful of the growing impact on the global cyber space of major businesses, the Review called for more responsibility from the private sector in dealing with cyber attacks by not hacking back, and not developing or maintaining ICT products whose design flaws or improper support may result in systemic effect. These efforts towards more responsibility were transposed into formal discussion and even commitments during the December 2018 OECD Global Forum meeting, which is to be followed-up shortly.
Another key achievement stemming from the Review is the significant increase of power given to ANSSI regarding detection of attacks. Pursuant to the 2018 Military Programming Law, Telco carriers in France are now allowed to conduct threat detection on their customers’ network with sensors properly suited to handle ANSSI’s technical signatures. Besides this, ANSSI can implement a local and temporary detection device on the server of a French host’s server in case of serious proven threats likely to compromise information systems of operators of critical infrastructures, operators of essential services or public entities. ARCEP, France’s telecommunications regulatory authority, provides oversight for these two measures.
Last but not least, the Review calls for the European Union (EU)’s digital sovereignty, which is the baseline of ANSSI’s daily commitment in EU works. ANSSI is also very active internationally, in numerous multilateral fora as well as in bilateral cooperation, to promote stability of cyberspace.
To learn more about the Strategic Review of Cyber Defence, a condensed version of the review is available on the SGDSN website.
Manifesto
To deploy the Review, ANSSI has worked on nine strategic orientations that will pave its road until 2030. This document, the Manifesto, is a call for action:
- ANSSI wants to play a key role in the digital transformation, leading public policy in the field of digital security.
- The Agency wants to be more efficient in the operational field, in order to be able to address evolving cyber threats.
- ANSSI is willing to further share its expertise with cyber security education programmes and training.
- Playing a leading role in the French cyber protection chain, ANSSI will reinforce its cooperation with its national partners
- Aware that ANSSI cannot address France’s cyber defence on its own, the Agency will develop its cooperation with the private sector to strengthen France’s cyber capacities
- Active in the international arena, ANSSI will, as a matter of priority, contribute to developing EU cyber security policies and projects, with the goal to promote the EU’s digital sovereignty
- ANSSI will be more “customer-oriented” so that cyber projects are - by design – integrated and implemented within the French administration
- In order to better face the evolving threats, ANSSI will strengthen its innovation capacities
- The Agency will take good care of its most precious assets: its experts and human resources.
To read ANSSI’s Manifesto (in French) :
French National Digital Security Strategy
Prior to the Strategic Review of Cyber Defence, France had adopted on October 2015 a national strategy for digital security, which is still one of the pillars of the French approach to cyber security. This document reflects one of the obligations of the EU directive concerning measures for a high common level of security of network and information systems.