A global strategy for cybersecurity in Europe, competences and investments

By Laure DE LA RAUDIÈRE, Member of the French Parliament and Co- rapporteur of the Assemblée national Study Group report on « Blockchains, a matter of sovereignty »

Companies, administrations, citizens, public services, infrastructures… the whole society is nowaday connected to the Internet.

The boom in connected objets and the increasing use in Artificial Intelligence will reinforce this trend.

No activities will anymore be independent from the Internet!

The digital era is bringing astounding progress and opportunities, but such an almost total dependency carries new risks.

How to protect ourselves against threats such as the theft of data, espionage, manipulation of public opinions, the takeover of infra- structures or the blockading of public services?

In otherwords, how to prevent from a massive disorganisation of our society?

First, we need to educate.

Starting by teaching our kids to use the Internet safely, to identify malicious sites and frauds, to change regularly their passwords or to protect their personal identities on social networks…

Raising awareness of adults is also a priority because cyberattacks to individuals are growing.

Techniques of self-protection must be spread to the general public to promote a citizens’ empowerment in cybersecurity.

Citizens urgently need to adopt safety attitudes. Information and prevention must be promoted to all.

Companies and administrations must also become more aware of the cybersecurity threat, since they are first-choice targets for cyberattackers.

For years, the issue of cybersecurity has been the competence of directorate for Information Services in big companies or big administrations.

But since recent attacks with huge damages such as the WannaCry virus in 2017 the cybersecurity issue is becoming more often a prerogative of Strategic Committees.

Yet, SMEs are vulnerable to these attacks because they have less resources to implement strong means of self- protection.

Greater public support is therefore needed.

Second, it is essential to developp numerous and specific competences.

States must invest in trainings of cybersecurity.

Today, all of them suffer from a huge gap in qualified human resources to adress the issue of « Security by design ».

As an example, France should make greater use of its unique network of « digital schools », in coordination with the Grande école du numerique, the national agency in charge of supporting the development of schools delivering digital trainings.

These schools are spread all over the territory and are flexible enough to implement new trainings efficiently.

The fight against cybercriminality requires recruiting a large number of experts in cyber- security to help all stakeholders to protect themselves.

This is new jobs that should be attractive for the new generations of people who are born in the digital era.

In the field of cyberdefense, the French Minister of the Army has just launched the creation of a « cyberarmy » in January 2019, by recruiting 1000 extra « cybersoldiers » until 2025 and by allocating a budget of 1.6 billions euros to the fight in the cyberspace.

Third, the fight against cybercriminality calls for strong investment efforts, to support innovation in cybeprotection devices and services.

Commission’s proposal for a European Cybersecurity Competence Network and Centre is an important step for the devel- opment of a compettitive European cybersecurity industry.

Not only this is an economic issue in a fast growing market but also an issue of sovereignty to avoid any dependency from third parties in terms of cyberprotection.

The increase and sophistication of cyber-attacks further calls for strong support in research and development.

The blockchains, a subject for which I have been co-rapporteur of a report from the French Parliament, is an interesting technology that could help fight certain types of cyberattacks.

The principle of decentralised and shared management of blockchains and the guarantees it offers integrity, confidentiality, traceability, authenticity of the data could help protecting identities, integrity of data and infrastructures.

More research in this field is nonetheless necessary before talking of a revolution of cybersecurity by the blockchains.

Finally, we must strengthen our cooperation.

All these initiatives would have the effect of a sword cutting through the water without a common strategy and a pooling of resources at the European scale.

Because this threat is global, powerful and dematerialised. Perpetretors of attacks are not always idenitified, but this war takes place obviously in the context of a strong global competition, both from an economic and a diplomatic point of view.

Industrial spying and cases of interference during elections through the manipulation of the public opinion on social networks (ex. during the Brexit campaign) are telling examples.

The resilience of the European states against this challenge represents an issue of sovereignty.

We need to protect our citizens, our companies and our political institutions. But also our values.

Promising initiatives have recently been untertaken by the European Union, such as the Cybersecurity Act, and must be key priorities for the next European Commission.