Cyber-security leaders have set out the state of the threat against France and the rest of Europe at yesterday’s FIC 2019 in Lille.
They spoke of the challenges facing the industry, predictions for the coming year and their fears for the cyber-security of individuals and organisations at the ninth annual edition of the conference.
Richard Lizurey, director general of the Gendarmerie Nationale, told the conference that the French national police have developed tools to help citizens and police officers combat cyber-crime but that he wanted to ensure that the transformation was cultural as well as technical.
To that end, the focus of his efforts was on improving the cyber resilience of potential victims such as students by ensuring that they understood the risks of using computer networks and social media. At the same time he is focusing on training all police officers to be able to face the challenges of the digital era – a task he conceded might take 20 years to complete.
Guillaume Poupard, director general at France’s National Agency for Information Systems Security (ANSSI), said he was concerned that every year the cyber- threat becomes ever greater while the challenge of finding the perpetrators also grows. The old borders – be they political, geographical or operational – have broken down while the perpetrators have also realised that their victims are vulnerable through their supply chains.
And attackers are increasingly supported by nation-states, he said. "Today we are extremely worried about those attacks where we don’t understand the motive, but our fear is that it is top level operators preparing for future conflicts," he said. "We have to brace for that."
He told FIC delegates that 2019 would be the culmination of cyber-criminal activity that had been building since 2017 or earlier. "We know that systems are more connected to each other than ever before, and thanks to the internet, the borders between professional and private users of computer systems is very thin," he said.
Leaks of personal data have affected around one in 12 people in Europe and developments in the dark web are very concerning, he said. The challenge in addressing these issues is how to balance the right to privacy with the public’s expectations about online safety and security, he added.
Julian King, EU commissioner for security, told the audience that FIC was an excellent opportunity to address pan-European issues in cyber-security.
Following the adoption of the EU cyber-security strategy in 2017, he and his colleagues had been seeking closer cooperation between the member states to harden their collection security posture.
The General Data Protection Regulation (GDPR) and the NIS directive came into force last year and it is up to member states to move swiftly and effectively to implement them, he said, for the collective security of all member states.
Nicholas Lebas, vice president of all of France organisation Region Hauts-de-France, said that GDPR is a first step in imposing cyber-security on all organisations, but while it is a good first step it will not ultimately be enough given the extent of the growing threat.
He said that everyone should be thinking about ‘digital sovereignty’, the fact that there are no longer any meaningful borders and that international law is an imperfect tool to combat the threat.