Annual Review 2020
French flag

Foreword

Guillaume Poupard

The global health crisis that we have been experiencing for over a year now has shaken up our lifestyles, our practices and our customs, both in the private and professional spheres.

While wearing a mask and social distancing are now part of our daily lives, the pandemic has also led us to renew our work habits. I would particularly like to thank ANSSI’s staff, who have embodied one of the agency’s core values – agility – by showing outstanding adaptability in this period. Without their commitment, their reactivity, their mobilisation and their professionalism, we would not have been able to pursue our missions as we needed to. Especially as, despite the health crisis, cyber activity is as strong as ever.

Like our work methods, this annual report has reinvented itself and now offers, in a digital format, a look back at the most significant actions carried out by ANSSI over the past year.

From the presentation of our Manifesto in January 2020 to the launch of the new European cyber security strategy, through the launch of “France Relance”, the French economic recovery plan, the second edition of Blue OLEx – all in an intense operational context marked in particular by the exponential increase in the criminal threat – 2020 has been, once again, a particularly rich year for ANSSI.

In the face of the magnitude of the threat, we find strength through unity, and so ANSSI, true to its principles of openness, has continued to forge partnerships with public and private stakeholders to raise awareness and to support companies, administrations and local authorities as well as the French people in addressing cyber risk.

As the cyber threat can no longer be ignored, we need now more than ever to look to the future and to anticipate. Many challenges lie ahead, at the national, international and European levels. In the first half of 2022, France will preside over the Council of the European Union. ANSSI is already fully mobilised to contribute to the success of this presidency, as well as to the events that will enable the development of digital security and trust in our country in the coming years.

Keep Calm and Carry On!

Key facts and figures

Key facts and figures
1

Adapting and evolving

In 2020, the Covid-19 pandemic disrupted the habits and work conditions of many companies and organisations. ANSSI was no exception. Agility and creativity have been essential to allow ANSS to pursue its missions.

The year also saw a number of structural developments for ANSSI:

  • Manifesto.

    ANSSI published its vision in its Manifesto, for the ANSSI of the next ten years. The new strategic directions described in the Manifesto are the result of a participative approach taken both internally and with the agency’s partners. They will guide ANSSI’s actions for the coming years.
  • Couverture Papiers numériques

    Papiers numériques.

    ANSSI launched its new annual review in June 2020: Papiers numériques. The review gives an insight into ANSSI’s work and looks back on the trends in the cyber threats landscape and the agency’s operational figures in 2019. Find more
  • Logo Campus cyber

    Campus Cyber.

    Initiated by the French President Emmanuel Macron, the Cyber Campus aims at bringing together and federating private and public and associative stakeholders in the cyber security ecosystem in a single location in order to develop cooperation and promote French expertise. This project underwent numerous developments in 2020: numerous stakeholders, including ANSSI, have joined the adventure and a location has been chosen. The Cyber Campus will be located at La Défense in the Eria Tower. The opening is scheduled for November 2021. This site will house ANSSI’s Information Systems Security Training Centre.
  • Rennes branch.

    ANSSI will gradually set up in Rennes beginning in September 2021. With 200 staff members, this branch will aim first of all at reinforcing exchanges with the agency’s privileged partners already present in Rennes (the Ministry of the Armed Forces, industry and start-ups). The new facility will also accommodate the expected growth in ANSSI’s workforce over the next few years, while offering new career paths to its employees.
  • Talents.ssi.gouv.fr.

    Given the threat evolution and stakes, and because the wealth of ANSSI is in its agents, ANSSI has significant recruitment objectives. To better support candidates and recruiters, a dedicated hiring platform was launched in June 2020. This collaborative tool enables online publication, and management of job offers, as well as online applications.
  • Public Innovation Laboratory.

    This initiative is based on objective 8 of the Manifesto, which calls for « strengthening the internal culture of experimentation and increasing the capacity for innovation ». Supported by a set of initiatives, means and principles, the Public Innovation Laboratory aims at facilitating the processes of innovation carried out by ANSSI’s officers.

Key figures

  • 548 officers
  • 105 new recruits
  • 37 the average age of ANSSI’s officers
  • EUR 21 million ANSSI’s budget (excluding payroll)
2

Enlightening and sharing

The trust placed in ANSSI is rooted in the French cyber defence model, which is characterised by a distinction between offensive and defensive missions and the agency’s interministerial position. At the heart of this model, ANSSI has demonstrated technical expertise acquired over the years. ANSSI’s skills are well known, and have been called upon for the development of digital tools linked to managing the health crisis.

  • Securing crisis management information systems.

    ANSSI supported the securing of information systems developed within the framework of the health crisis. Its expertise has notably benefited the StopCovid application.
  • Logo France Relance

    The cyber security component of France Relance.

    In order to revive the hard- hit economy and to foster the development of forward-looking sectors, the French Government launched in September 2020 an economy recovery plan, France Relance. This plan includes a cyber security component, funded at EUR 136 million. Objectives: strengthening cyber security in French administrations, local authorities, health facilities and organisations serving the public while supporting the economy.

In addition, ANSSI continued its advisory mission and the promotion of the construction of a secure and trustworthy digital environment on a European scale.

  • Drapeau européen

    European Cyber Security Strategy.

    On 16 December 2020, the European Commission published the new European Union Cyber Security Strategy. This strategy, which will contribute to the strengthening of European sovereignty, contains a « cyber package » which includes a proposal to revise the Network and Information Security Directive and a report on the implementation of the 5G toolbox recommendations.
  • Drapeau européen

    Cybersecurity of the European institutions.

    Faced with the explosion in cyber threats and in order to assert European sovereignty, the European Commission has proposed a regulation aimed at strengthening the cyber security of European institutions. ANSSI will also be fully committed at making its expertise available for this crucial work.

Key figure

  • EUR 136 million amount allocated to the cyber security component of France Relance
3

Defending and responding

The digital transformation and the resulting benefits bring new vulnerabilities that we cannot ignore. In 2020, ANSSI’s monitoring and analysis enabled the deepening of France’s knowledge of the constantly evolving threat.

Threat analysis

The trends observed in 2019 were confirmed in 2020. The year was marked by an upsurge in ransomware attacks. The number of reports related to ransomware increased fourfold compared to 2019. Strategic threats, espionage and supply chain attacks have also been the most observed phenomena over the past year.

No sector is spared from cyber attacks. Nevertheless, the victims of ransomware are mainly local authorities, health facilities and companies in the industrial sector.

Anticipating and practising

ANSSI is involved in CSIRT networks. Its participation contributes to a better common understanding of the threat and to a more efficient dissemination of alerts. Given the level of the current threat, experience sharing and networking are crucial at all levels.

2020 was marked by the emergence of system detection devices, which complement existing detection means. These new devices have notably added value in incident response operations by enabling monitoring of attacker’s actions and verification of the effectiveness of remediation or containment measures.

In the face of the ever-expanding threat of cyber attacks, anticipation and preparation are essential.

Three major guides have been published in partnership with French organisations (Association des Maires de France et des Présidents d’Intercommunalité, Club de la Continuité d’Activité, Ministry of Justice) to raise awareness of cyber risks and more particularly of ransomware as well as to provide a methodology for organising a cyber exercise. The English versions of these guides will be made available in 2021.

Because training is essential at all levels, the second edition of Blue OLEx provided an opportunity to test the European cyber crisis management system. The 2020 edition was marked by the establishment of CyCLONe (Cyber Crisis Liaison Organisation Network). This coordination network, the strategic level in the management system, brings together the heads of the national cyber security authorities of the European Union (EU) member states. Objectives: contribute to the implementation of the European Commission’s incident response plan and complement the existing cyber security structures within the EU.

Operational figures

  • 2,287 reports
  • 759 incidents
  • 7 major incidents
  • 20 cyber defense operations
4

Training and raising awareness

Training in information systems security and raising the French public’s awareness of digital risks are major issues.

ANSSI’s Information Systems Security Training Centre (CFSSI) is in charge of defining and implementing the agency’s policy in this area. It offers civil servants as well as staff of vital and essential services operators training provided by cyber security professionals, including many ANSSI’s officers. Their adaptability and reactivity enabled remote training sessions over the past year.

CFSSI also contributes to making training and employment opportunities in cyber more visible through various initiatives:

  • Logo SecNumeduSecNumedu and SecNumedu-FC labels reference initial and continuing education courses in cyber security and assure students and hirers of the relevance of their content. These two labels are increasingly successful. In 2020, 29 additional labels were issued.
  • In 2020, ANSSI published the second edition of the Panorama of cyber security careers. This study, carried out in partnership with Syntec Numérique, aims at supporting the various stakeholders (students, companies, trainers, recruiters, and employees) in this forward-looking sector.Find out more about the study (available in French)

In addition, CFSSI is involved in raising the French public’s awareness of cyber issues through the SecNumacadémie MOOC. Since its launch in 2018, 35,000 certificates have been issued.

Logo Cybermoi/sFor several years, ANSSI has been coordinating France’s participation in European Cyber Security Month. Many public and associative stakeholders, and in particular Cybermalveillance.gouv.fr, take part in Cybermoi/s, the French version of this initiative. Every year, the month of October is an opportunity to organise events and activities in order to raise awareness of digital risks. The 2020 edition was marked by the launch of a new website and the release of three interactive comic strips. Visit cybermois.fr (available in French)

Exceptional times call for exceptional measures. To raise the French public’s awareness during the Spring 2020 lockdown, the Cybermoi/s working group launched the #CyberChezMoi operation. Echoing Cybermoi/s, this campaign aimed at reminding people of good cyber security practices to adopt in a remote working situation. The operation was repeated during the second lockdown.

Key figures

  • 64 SecNumedu labels awarded on 31 December 2020
  • 76 SecNumedu-FC labels awarded on 31 December 2020
  • 45,000 visits to the Cybermoi/s website in October