Cyberdefense: a national security challenge

Date : July 30, 2008

On July 8th, 2008, a report called "Cyberdefense: a national security challenge" has been published by M. Roger Romani (member of the Senate and of “Foreign affairs, Defense and Military Forces” commission). This report aims at underlining the France insufficiencies regarding the threats related to information systems.

The present article analyses the key points of this document.

This report starts from the fact that threats targeting information systems have seriously increased that they have become a "national security challenge". This point fully matches the conclusions made by the Cert-IST in its French article "Bilan 2007 des failles et attaques", specifically regarding the two main events of a major scale mentioned in this report: the distributed denial of service attacks (DDoS) against Estonia and the Chinese attacks. We also indicated that attacks had moved to more targeted and more sophisticated attacks. According to M. Romani, potential targets for these attacks are "individuals, organizations, public institutions (more specifically concerned those working on defense or national security, government services, critical operators and companies involved in strategic or sensitive areas)". Last, we also insisted on the attackers’ professionalism, point also noted in the report, which also talks about cyber terrorism threats, and even the participation of countries in the “cyber-warfare” (case of China). Concluding this report, M. Romani forecasts that this threat will necessarily be growing and this for three reasons: the increasing part of information systems and Internet in day to day life, the accessibility and the low cost of the technologies used for the attacks and the difficulties to identify the attackers.

According to M. Romani, France is still insufficiently prepared, and the conclusions made in a previous report released by M. Lasbordes (see the article in the Cert-IST security bulletin of February 2006 - in French) are unfortunately always true. Even if efforts have been made (creation of the COSSI - "Centre Opérationnel de la Sécurité des Systèmes d'Information", modernisation of the RIMBAUD network, inauguration of ISIS "Intranet Sécurisé Interministériel"), France is still behind, in particular compared to its European neighbors. On the international scale, the importance of FIRST (http://www.first.org) and of the EGC (European Government Computer Security Incident Response Teams) structure is emphasized. More recently (Praha conference in 2002), NATO also made of cyber defense a priority. M. Romani is more reserved about the role played by European organizations and the action of the ENISA (European Network and Information Security Agency), created in 2004.

The last part on this report is devoted to the measures that, according to M. Romani, must be taken by France to be able to react on computer attacks as quickly as its neighbors. The protection of information systems is now a priority of the White book on defense and national security. This White book also schedules the creation of an interoffice agency responsible for information system security. The report indicates that capacities, not only defensive (detection and protection) but also offensive (identification and neutralization of attackers), must be developed. Last, the orientations defined in this White book must be associated with very concrete measures, on three directions: putting France on the level of its European partners, enhancing the coordination of the various actors involved in information systems security and developing a partnership with the industrial sector.

As a conclusion, M .Romani insists on the fact that it is very urgent for France to catch up other countries on cyberdefense, in order to face the sophistication and increased expertise level of recent and upcoming attacks. The Cert-IST, which is mentioned in this report as a monitoring and response structure, strongly advises to read this document.
 

For more information
Previous Previous Next Next Print Print