France has recently published a white paper on defense, the ‘Livre Blanc’ outlines the priorities planned for the next five years, in the areas of national defense – land, air, maritime and space, as a well as as in the areas of homeland security and . This article covers the main areas addressed by Livre Blanc’s Cybersecurity and Cyber Warfare sections, highlighting specific emphasis and opportunities. Future posts will also cover other aspects of Frances’ national security. Defense-Update reports
The fight against cyber threats has already outlined in the White Paper 2008, addressing the development stage and implementation of response measures. With the increasing scope and persistence of cyber threats, the need for updating and enhancing those measures is evident, protecting critical infrastructure systems and information databases. Securing and protection of information systems are needed to maintain the uninterrupted and healthy state of the French economy and employment.
Overall, France considers implementing information and cyber security, including detection and to identification of perpetrators as measures of national sovereignty, thus, the French legislators are ready to implemented tougher means of cyber surveillance, compared to other European nations such as the UK and Germany. “To achieve this, the government should support scientific skills and technological performance.” The Lievre Blanc stated. As part of the implementation of higher security with government, state and public sector networks, security measures are to be implemented, along with communications channels linking commercial contractors, suppliers and services in the civil sector.
A legislative and regulatory framework will be implemented, setting safety standards addressing security threats, guiding operators to take the necessary measures to detect and treat any incident involving their sensitive computer systems.
This framework will specify the rights and duties of public and private actors, particularly in terms of audits, mapping their information systems, incident reporting and capacity for national security agency Information Systems (ANSSI), and, where appropriate, other services the State to intervene in the event of a serious crisis.
On the operational aspect, communications security and implementation of advanced cryptographic technology will be used to maintain the safety and security of information networks as well as mobile communications systems. To maintain control and security of core networks, France will continue to support the national industry and European performance in this field.
The doctrine of national response to major cyber attack is based on two complementary components:
- Protection of information systems and resources at the national level, maintaining security, safety and resilience of systems and operators of critical services and strategic industrial assets. The French Cyber protection operations are coordinated under the authority of the Prime Minister and based on close co-operation of the State to identify and characterise evolving threats.
- Active response – adjusting actions in face of attacks, adapted according to the nature and extent of attacks – beginning with diplomatic means, legal or police. Action could also escalate to means available to the Ministry of Defence, if national strategic interests were threatened.
Offensive Cyber Operations
Within this national doctrine France considers the offensive computing capacity, coupled an intelligence capacity, to be a significant contributor to cybersecurity. “It contributes to the threat characterization and identification its origin. It also helps to anticipate some of the attacks and configure defenses accordingly. “ the White Paper stated, adding that “offensive computing technology enriches the range of options available to the state.”
The French approach to offensive cyber relates to “various stages and more or less reversible roughly discrete, that can implement by the defender, corresponding with the magnitude and severity of attacks.
Any ambitious cyber defense policy should rely on partnership and trust. The White Book recommends that relations will be explored with France’s key partners, primarily the United Kingdom and Germany. At European level, France supports the establishment of a European policy of strengthening protection against the risk of critical infrastructure and cyber networks electronic communications.
Education and Awareness
Awareness and education are other aspects of cyber security. The security of the whole information society requires that everyone be aware of the risks and threats and adapts accordingly behaviors and practices. It is also important increase the number of trained experts, to ensure that safety IT studies is integrated and with all higher education in computer science.