In the light of the French presidency of the European Union, the ecosystem of cybersecurity is mobilizing to make proposals in this area. L 'Anssi, the cybersecurity sector Hexatrust, local authorities including the Hauts-de-France region, have drawn the outlines of the work axes.
At FIC 2021, Guillaume Poupard, general manager of Anssi mentioned the axes of discussionsession on cybersecurity during the French presidency of the EU next January. (Photo credit: JC)
It is almost forgotten that the FIC was originally a European event. From the outset, the European Union supported the creation of the forum, as General Marc Watin-Augouard recalled in his introductory speech on the second day of the FIC. This subject returns to the fore with the French presidency of the European Union from January 1, 2022. A period during which the cybersecurity ecosystem intends to push forward proposals in this regard. domain.
Solidarity and mobilization of the cyber industry
This is the case of AgoraFIC which published a document bringing together 28 recommendations to make cybersecurity the keystone of digital sovereignty. Among them, we find elements on talents and skills by generalizing for examplee digital technology in all diploma courses. Europe must also equip itself with a capacity to respond to major incidents. Guillaume Poupard, Director General of Anssi, explained: “Solidarity is going to be an important point in the French presidency of the EU. What to do when a state asks for help? Today, there is no European answer ".
The industrial aspect has not been forgotten with the strengthening of public and private investment. Some want to go further, such as Jean-Noël de Galzain, president of Hexatrust: "there is an opportunity to create a European Business Act to boost the European cybersecurity market". For this, it will be necessary to remove certain obstacles, such as "the recognition of certifications at EU level", argues the leader. For example, Anssi's SecNumCloud qualification is not yet recognized by other member countries. In this context, it is difficult to claim the creation of asingle market for cybersecurity.
Towards a European certification for the cloud and NIS 2
This certification problem is not trivial and has a resonance on another proposal from the AgoraFIC report, the emergence of the European leader in the European cloud. Guillaume Poupard is categorical: "for high level cloud certifications, only European law should apply". For him, the Cyber Security Act passed in 2018 should lead to the creation of a European certification for high-level clouds. "We are campaigning for the SecNumCloud requirements to be included in this project," said the boss of Anss. And to warn the public authorities: "if the discussions do not succeed on this subject, there is no point in talking about European digital sovereignty. It will be a real marker of the will of the States in this matter ”. Once adopted and implemented, this European certification will replace the national salt certificationson Guillaume Poupard.
Still within the framework of the regulations, the revision of the NIS directive creating in particular the essential service operators (OSE). "The second version will broaden the scope, set new thresholds, designate public administrations," said the CEO of Anssi. He wanted to be reassuring for companies or administrations which will swell the list of OSEs, "if there are 10,000 OSEs in France after NIS 2, it does not matter". He mentions in particular the aid from the recovery plan, "there is a little money and access to skills" to support them.
European cybersecurity a political issue
Xavier Bertrand, president of the Hauts-de-France region and candidate for the 2022 presidential election, also took advantage of the FIC platform to discuss campaign themes, on particle on cybersecurity. At the European level, he wants "a regulation of the market of vulnerabilities", following the case of espionage of mobile terminals of political opponents Pegasus. This proposal is also integrated into the recommendations of the AgoraFIC. He also pleads for the creation of a champion of the European cloud by highlighting the nugget of the North, OVHcloud. the strategic review of cyber defense and the national cybersecurity strategy ”. Some already see it as a call for a second recovery plan for cybersecurity. Thus, Jean-Noël de Galzain believes that "there are a few holes in the racket in the existing plan, we have forgotten VSEs, SMEs, ETIs. It may also be necessary to think by sector of activity ”.