PC Inpact week published an interview last interesting Pailloux Patrick, CEO of ANSSI. Interesting because it allows, in my view, to illustrate how one can perceive the role of cybersecurity in developed nations, particularly France and Europe but also in the U.S. who are iron lance. To illustrate but also to try to understand the workings visible, less visible or invisible, to come and connect to inform, transmit and sometimes debate.
Since its inception, this blog tries to put a modest issues that are dear to my heart as well as the right questions (you can always dream, right?). All this so surely imperfect, fragmented but enthusiastic (if not passionate). What makes me react strangely, without any fatigue (almost:), is noted in some media (institutions but also on the blogosphere) processing part (and sometimes biased) about the new responsibilities assigned to ANSSI ( the decree of February 11, 2011 ). In the light of a previous post , I could have called it " ANSSI: 1 - Media: 0 " but it is feared qu'ANSSI Stuxnet and can be replaced indefinitely. This is no longer the game but the systematism with a certain arrogance which I try to keep my ego (or disproportionate, or degraded).
That said in a playful tone, become again serious moments: some media proclaim and declaim in recent weeks that would become the ANSSI Cyber Command ( should be ambitious but not worth crossing that one is interested), a sort of agency to shock the French in the fight against cyber-threats.
Yet I think that it is (very) long way to go and Patrick Pailloux I do not say anything when he says:
Yet I think that it is (very) long way to go and Patrick Pailloux I do not say anything when he says:
- this decree allows above all provide a legal basis therefore saving time (2-3 hours) in terms of legal authority identified with respect to any "orders" of disconnection that ISP may receive from the French authorities in case of cyber attack majeure;
- ANSSI have a role in crisis management , neither more nor less, and I love the metaphor about the fire management was, at best it will coordinate the few available means and attempt to limit a possible attack;
- for the rest, we must not forget that the agency first an advisory role and support towards the government (or companies) and devotes a significant portion of its business through certification of products and security solutions .
must therefore right to keep and consider that the allocation state of cybersecurity to ANSSI could be a temporary solution until:
- Either the field of cyberspace becomes an axis Medium-term strategic (hence the policy underlying foresight and anticipation ... I have a dream ) and the agency could be allocated adequate resources accordingly, the role of "Nation's leading Cybersecurity "in the European Union could be one of the consequences - a reasonable and interesting
- Let it retains its "small" powers and participate in a complementary or integrated into a future Nato or European authority (ENISA? Faced with NATO, the "game" seems a foregone conclusion. ..);
- Finally, the third way: a new agency is created , dedicated to cybersecurity and integrating, why not, the CERT with strong interfaces to the military (the DRM thus has a role to play) but also to large enterprises.
In fact the latter course looks furiously to that taken by the United States, relatively speaking: a central authority with the means to monitor the threat in cyberspace (with its Common Operational Picture , I'll come back another time) in permanent contact with all state entities employed by the cyber security and all the security department of the largest companies.
