National Strategy for Cybersecurity: the French response to the threat
Published on: 04 03 2021 | Modified on: 15 04 2021
Long considered as a poor relation in terms of digital development budgets, cybersecurity is now becoming a priority at state level. This awareness has been hastened by an upswing in attacks in recent months. The result: the French government has attributed 1 billion euros of investment to accelerate the development of this economic sector in the country and increase protection levels for public institutions.
In the wake of 25 major cyberattacks carried out against French hospitals in 2020, the last two recent major attacks were responsible for prompting the French state to publicise its cybersecurity plan, which had been in preparation for several months, and to create a permanent observatory to monitor security levels in health establishments. At a time when the Covid-19 epidemic is rife, the situation is an alarming one.
But in broader terms, beyond the hospital sector, this cybersecurity plan is intended to provide enhanced protection for citizens, administrations, communities and businesses.
No one has been spared by these increasingly professionally-conducted attacks. Here are a few figures in 2020: 57% of companies report having experienced at least one cyber attack – according to the latest survey published by CESIN –, and the number of computer attacks processed by the France’s National Agency for Information Systems Security (ANSSI) has quadrupled.
This bolstering of digital security, at the behest of the French government, is based on several key goals: the development of innovative sovereign cybersecurity solutions and the strengthening of links between the various players, in order to increase France's international position in this sector and create an "ecosystem" that is better equipped to detect and counter attacks; on-demand support, to assist all the parties concerned in raising the profile of the issue, implementing awareness-raising actions and choosing French solutions; and lastly, training in cybersecurity professions, to promote and develop this sector, which has found it difficult to recruit suitable profiles.
The objectives announced between now and 2025 include achieving a turnover of €25 billion for the sector, doubling the number of jobs (75,000), a 20% increase in patents via research and development actions, and the emergence of three French cybersecurity “unicorns”.
Not forgetting the forthcoming opening of the French Cyber Campus, inspired by the Israeli Cybersecurity Center of Beer-Sheva, which will bring together more than 1,000 experts representing 60 public and private players by the end of the year.
These recent announcements herald a real opportunity for all players in the French cybersecurity industry who – despite their high level of expertise and willingness to innovate – are faced with international competitors with much higher R&D and marketing budgets, and are constrained by a lack of qualified resources. They also provide an opportunity for all French companies, local authorities and administrations to strengthen their security by equipping themselves with trusted French solutions offering tried and tested robustness and audited source code.
Stormshield will, of course, be one of the players with a presence on the new French Cyber Campus, benefiting from this new plan. The plan serves as a clear reminder of the importance of our mission, which goes far beyond protecting computer resources or data: even more importantly, it provides protection for goods, persons and institutions. The recent attacks have demonstrated how IT & OT have become critical elements in economic, social, technical and human terms, requiring protection to the most exacting standards of quality.
But in addition to this French initiative, the entire European Union is also preparing to tackle cybercrime and strengthen its own cyber-resilience, thus ensuring that all citizens, businesses and administrations can benefit fully from reliable, trustworthy digital services and solutions. These certified and qualified French solutions have all the legitimacy they need to comply with the new single certification framework currently being implemented Europe-wide. Stormshield is also a member of the ENISA working group in charge of defining these new certification standards.
As France’s leading cybersecurity player, we welcome these announcements with enthusiasm. Nevertheless, this one-billion-euro cybersecurity plan can only be one step on the road: it will not by itself reverse the effects of the scarcity of resources accumulated by players in this sector. This effort must be accompanied by a collective push to ring-fence investment spending by major public and private clients in favour of Franco-European technologies, thus curbing the indirect funding of players on the other side of the Atlantic that is now forcing the French government to take actionPierre-Yves Hentzen, President of Stormshield