The French approach to cyber

Strategic Review of Cyber defence

The Review pointed out the need for better coordination across the main public stakeholders in case of a cyber security crisis, hence the creation in 2018 of the Coordination Committee for Cyber Security Crisis, chaired by the Secretariat-General for Defence and National Security (SGDSN).  

Organising the French cyber defence capacities around four chains, the document empowers ANSSI as leading the cyber protection of France.

Mindful of the growing impact on the global cyber space of major businesses, the Review called for more responsibility from the private sector in dealing with cyber attacks by not hacking back, and not developing or maintaining ICT products whose design flaws or improper support may result in systemic effect. These efforts towards more responsibility were transposed into formal discussion and even commitments during the December 2018 OECD Global Forum meeting, which is to be followed-up shortly.

Another key achievement stemming from the Review is the significant increase of power given to ANSSI regarding detection of attacks. Pursuant to the 2018 Military Programming Law, Telco carriers in France are now allowed to conduct threat detection on their customers’ network with sensors properly suited to handle ANSSI’s technical signatures. Besides this, ANSSI can implement a local and temporary detection device on the server of a French host’s server in case of serious proven threats likely to compromise information systems of operators of critical infrastructures, operators of essential services or public entities. ARCEP, France’s telecommunications regulatory authority, provides oversight for these two measures.

Last but not least, the Review calls for the European Union (EU)’s digital sovereignty, which is the baseline of ANSSI’s daily commitment in EU works. ANSSI is also very active internationally, in numerous multilateral fora as well as in bilateral cooperation, to promote stability of cyberspace.

To learn more about the Strategic Review of Cyber Defence, a condensed version of the review is available on the SGDSN website.

French National Digital Security Strategy

Prior to  the Strategic Review of Cyber Defence, France had adopted on October 2015 a national strategy for digital security, which is still one of the pillars of the French approach to cyber security. This document reflects one of the obligations of the EU directive concerning measures for a high common level of security of network and information systems.

General Secretariat for Defence and National Security Opens a new window