Inside France’s national security vision
By Nurfilzah Rohaidi
Interview with Michel Cadic, Chief Scientist, Ministry of the Interior.
As French society becomes more connected than ever, there is increased vulnerability towards cyber attacks. It is crucial to strengthen the weakest links in the chain, he tells GovInsider on the sidelines of the recent security conference, Milipol Asia-Pacific 2019.
France has a strategy for tackling national security threats across both the physical and virtual realms. Cadic shares the role that research and innovation will play; current efforts at capacity-building for France’s neighbours; and the importance of learning from others.
Helping SMEs become more secure
The strategy starts with boosting supply chains for crucial national industries - preventing industrial espionage and infiltration into national systems. His ministry is working with companies both big and small to strengthen security, he explains.. “You can have cyber attacks at different levels of the supply chain,” he says. “You have different ways to block the system”.
Big, complex organisations can have many points vulnerable to attack. Airbus, for instance, has around 5,000 suppliers, he points out. Likewise, “hospitals also have suppliers and customers” and an attack could cripple essential services such as the A&E.
To build up these cyber defences, France’s defence secretary Florence Parly announced in January that the country has set up a military bug bounty programme to find gaps in the system, reports The Register. Parly added that she was keen to engage with SMEs to improve security across industrial supply chains.
Help thy neighbour
The second part of his vision looks at international partners, particularly in the European Union. The EU has many common data sharing platforms, such as on digital identity and driving licenses, so good security is crucial.
The EU is creating a common law for cyber threats, Cadic explains. In March, the EU approved the new Cybersecurity Act, first proposed in 2017. The Act creates a supranational body - the EU Agency for Cybersecurity - which will provide international support and share lessons to nations big and small.
Cadic believes that European nations should not see themselves as individual “fortresses”, but look to provide a common level of security across countries. “The idea is to have a certain minimum level of security everywhere,” Cadic explains, and to “build capacity” in the weaker countries.
The EU also wants to raise the level of border security across the continent, so that even the smaller countries can be on a par with richer, more advanced ones, according to Cadic. It is doing this by conducting checks in EU countries to see what help they need, and how to build capabilities. “For example, when faced illegal immigration coming in from the east, the idea was to reinforce; to give European money; to have European border police come in that country,” he says.
Working together on innovation
Shared research is also part of the EU’s approach to security threats. France is part of Horizon 2020 (H2020), a research and innovation programme across the EU for innovation in areas such as aeronautics and artificial intelligence. The programme has nearly €80 billion worth of funding over seven years from 2014 to 2020.
This programme will fund academic research to bring it from the lab bench to real life. “The European Commission has noticed that if you have just long-term research, at the end of a three-year project, you may have a report or a book, but no concrete results,” Cadic notes.
Meanwhile, France’s cybersecurity agency, Agence nationale de la sécurité des systèmes d'information or ANSSI, is part of a new Cybersecurity Competence Network supported by H2020. Last week, several national security agencies across 14 European countries gathered to brainstorm how to use new technologies and techniques.
The network looked at tools such as facial recognition, video analysis and satellite imagery, and discussed how they could boost individual countries’ security, he reveals. “The idea is to enable other countries to raise their level and capacity, both in terms of skilled people and technology capacity,” Cadic explains.
Cadic wants to see greater border security from this programme - not just in France, but across Europe. This helps to “give confidence to other countries that their neighbour applies the same rules as them,” Cadic explains. Immigration has been a recent hot-button political issue across European Nations, particularly as a result of large-scale immigration from the Middle East and Northern Africa over the past five years.
Learning from others
Finally, Cadic believes that security agencies should take a “global point of view” when analysing threats, so they can gather intelligence from a wider variety of sources and also learn from elsewhere in the world. This way, they can better understand the motivations and methods behind terrorist attacks.
Law enforcement agencies and police, in particular, will benefit from platforms that pull information from global sources. “You can have the information but if you are not allowed to use it, if you are not allowed to match that information with another database, you can miss the connections,” he points out.
France is working with Singapore’s Ministry of Home Affairs (MHA) on research and innovation into technology to improve security. It is the only country outside of Europe that France has this agreement with, Cadic says.
This is partly due to the technical capabilities that Singapore has at its borders. Woodlands checkpoint, for instance, sees a steady flow of workers coming in everyday from neighbouring Johor Bahru in peninsular Malaysia. Despite the great volume of human traffic, there is a “really high level” of security and checks, he observes. “It would really be a breakthrough for us to improve and adapt our capacity in France,” he remarks.
Cadic is also impressed by the Human Factors Engineering office at MHA. This unit designs machines, systems, processes and environments that enhance the safety, comfort and productivity of the humans using them. For instance, the Human Factors team recently designed a new uniform for Singapore’s police officers that absorbed sweat better. The new uniforms were launched last year.
Cadic wants to examine France’s innovation processes and “resync” them to improve the country’s ability to face fast-evolving threats. “Law enforcement agencies may not have the same skills and agility to integrate the new technology and to be able to counter attacks,” he notes, particularly as bad actors may become more sophisticated.
As attacks evolve, so will France’s strategies to deal with them. Broadly speaking, the nation has a three pronged approach: closing up gaps in their supply chains; strengthening regional neighbours; and learning from the best in the world - making it all the more challenging for the bad guys to strike.