Europe has a number of assets it can use to strengthen its digital sovereignty. But security and trust are two crucial aspects needed to truly begin this process.
Digital sovereignty at the heart of events
As 2018 comes to a close, questions of digital sovereignty lie at the heart of today’s technological events. Let’s take a moment to look at the key happenings in recent months. The first big news came in September, when members of the Five Eyes strategic alliance reported that they were in favour of the inclusion of backdoors – hidden access points that allow data to be retrieved – by tech giants (aimed at the GAFA companies, but without naming them explicitly). It caused an outcry, especially in Europe, just before another piece of big news came in October, when the American magazine Bloomberg BusinessWeek revealed its major investigation, the ‘Big Hack’. This story of the Chinese government’s supposed infiltration into the sensitive data of around thirty American companies (including Apple and Amazon) via components included in certain devices shook the United States, despite repeated denials. In response, from November, several Five Eyes members (the United States, Australia and New Zealand) enacted a national defence law to block the use of Chinese products in their administrations. Two Chinese device manufacturers – ZTE and the giant Huawei – were targeted in particular. The Chief Finance Officer of Huawei was even arrested in Canada at the start of December for failing to comply with embargoes. And the climate of suspicion towards Huawei has since spread, with Germany, Japan and the United Kingdom currently considering similar measures and planning to blacklist the Chinese manufacturer.
Could 2018 mark the advent of a climate of international tension?
Digital sovereignty: Europe’s assets
The climate of recent weeks shows that in any case, it is in all our interests to assess the trust we place in the cybersecurity products and services we use, whether they are French, American, Chinese or Israeli. Today more than ever, each country must be capable of independently ensuring the security of its digital assets to protect its economic and strategic interests. And this issue must encourage us to focus more closely on the tools and solutions to put in place to ensure our own interests are protected, both at the national level across all European countries and across the European Union itself. That was the aim of the “Paris Call for Trust and Security in Cyberspace” – of which Stormshield is an official supporter – launched by the French President, Emmanuel Macron, last November.
What’s clear is that at the current time, we have solid assets with which to achieve a strong digital Europe. Firstly, key countries such as France and Germany are renowned on the international stage thanks to the legitimacy of their national agencies, the ANSSI and the BIS. And secondly, the General Data Protection Regulation (GDPR) provides us with a European regulatory framework that is particularly well-suited to improving the security of personal data.
In France, this desire for digital sovereignty can also be seen in the recent decision of the Ministry of the Armed Forces to use the Qwant search engine on its computers instead of the controversy-laden Google. Following the decision, several large local authorities and even the National Assembly have also announced that they will be giving up Google for the French search engine.
The first steps towards true European cooperation
For the moment, it must be recognised that European national agencies still operate in a little too much isolation, and that there is still no European certification for cybersecurity technologies and services. This certification – addressing a significant need – could become a real mark of quality, trust and security. And it could come along quicker than expected – the European Cybersecurity Act was approved on 10 December 2018.
This new step in the creation of a European framework for digital trust is one of a series of efforts that have been made in this direction for quite some time. For example, take the recent NIS (Network and Information Security) directive – the continuation at a European level of France’s Military Planning Act – and the European Commission’s adoption of the Cybersecurity Package, both of which offer a clear direction for the EU: strategic independence. Through the Cybersecurity Act, the European Commission plans to transform its network and information security agency (ENISA) into a major European cybersecurity agency, with its mission being to implement a European certification framework for cybersecurity technologies and services. Its budget – set to double by 2021 – should help it to achieve this.
But among the major challenges awaiting Europe on its path to digital sovereignty, one of the biggest will be the ability to produce true European champions among companies that offer cybersecurity products and services. Ultimately, digital sovereignty also plays out at the financial and business level, and we need to give European stakeholders the resources to compete with their international counterparts. This will involve two major steps: implementing funding capable of supporting the development of companies that have already passed the startup stage, and creating a true European Digital Single Market (DSM). The creation of the European Cybersecurity Industrial, Technology and Research Competence Centre is a step towards this goal. Envisaged as a training body as well as an advisory body, this centre could be an opportunity to bring research stakeholders, industry players and software publishers together to help innovative gems to thrive on a global scale.
These young companies will need a lot of resources behind them – both in terms of business and of marketing – to compete with the American and Israeli giants. After all, it isn’t just a question of offering equivalent or even superior performance, but one of winning users’ trust. To do this, one of the alternatives also lies in creating open source software, as mentioned by the ANSSI during the recent Paris Open Source Summit.
Whether it comes in the form of open source software, certification, or a European agency, Europe’s digital sovereignty can only truly arise out of trust – and ultimately, trust is the most precious intangible asset we have in this age of widespread suspicion.