Revue Stratégique Cyberdéfense de France (II)

I wrote about the first part of the Cyberdefense Strategy of France last week. Today, I’m going to write about the second part of the strategy. The second part speaks about the cyberdefense responsibility of France. It tells how the government of France is organised to fight against cybercrime and how they want to improve the protection of critical activities such as military activities, health activities or energy activities. In addition, this second part speaks about the international cooperation of France in cybersecurity. We’ll see with more details in next paragraphs.

France is fighting against cyberthreats since 2011 when the government created the first cyberdefence strategy. However, they knew about cyberthreats years before, because they had already been attacked. Therefore, the government created the first white book about defence and security in 2008. This white book, or livre blanc, was actually the first purpose of fighting against cyberthreaths because it was the beginning of the Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI), which is responsible for proposing rules for the protection of state information systems and it reports to SGDSN to assist the Primer Minister in exercising his responsibilities for defence and national security. Since then, a new white book has been written in 2013 with a military program for 2014 – 2019 to reinforce cybersecurity with more money and people.

It’s interesting how the government of France has many departments to fight against cyberthreats. Firstly, they have completely separated the cyberdefence to the active cybersecurity. Secondly, they want to create a Centre de Coordination des Crises Cyber (C4) with three levels: Strategic (C4 STRAT), technique (C4 TECH) and operational (C4 TECHOPS). In addition, I would like to highlight the COMCYBER, which is responsible for cyber-protection and cyberdefence in the Ministry of the Armed Forces. Maybe, there are some more departments for cybersecurity, I don’t know, but I think these departments are required for the protection of the country.

The review of the Cyberdefence Strategy of France speaks also about improving the protection of critical activities such as the protection of the information systems of the State, the protection of important agencies, the protection of fundamental activities, the protection of local authorities and the protection of the democracy. What’s more, this Strategy mentions the Security Directives for the European Union where there is something like a threshold with minimum security measures to apply in all countries of the EU. The aim of the NIS Directive is to improve the weakest link in the information security chain.

This Cyberdefence Strategy is too long but I like. Maybe, it is one of the best Cyber Strategy I’ve read because it is accurate, concise and detailed. I can’t write about all things are included in this Strategy because it would be too many post, thus I recommend reading the whole Strategy.

On va continuer avec le dernier article la semaine prochaine!! On y va !!