Marc Watin-Augouard :
"cyber-security will increase in quantity and quality".

October is European Cyber Security Month. For the past ten years, the institutions of the European Union have been taking advantage of this dedicated period to run awareness-raising campaigns designed to promote and strengthen cybersecurity. Army General (2S) Marc Watin-Augouard, head of the "Digital Sovereignty and Cybersecurity" major at the IHEDN, deciphers current developments in this common space in a deteriorating strategic context.

What is your definition of cyber security?

Cybersecurity is the result of the actions of individuals, businesses and local and regional authorities who apply IT hygiene rules through information systems security. It is also the result of the action of services that fight cybercrime. And finally, there is the action taken by all those involved in cyber defence, which is not simply military in nature, but which makes it possible to protect all the digital infrastructures that are essential to the life of the nation.

What are the cybersecurity issues involved in protecting our national sovereignty?

Sovereignty is at the heart of cybersecurity, so it's only natural that we should have a national strategy. We cannot rely on others to take action on what is essential for us. On the other hand, France's actions must be part of a more sovereign Europe. If I take the image of the Roman tortoise, where each State protects itself and at the same time protects all the other Member States. Europe must be the sum of skills, knowledge and abilities. This is the major challenge for the years to come: how can we ensure that Europe enables all the Member States to improve their skills and be better protected in terms of cybersecurity?

How can Europe contribute to making cyberspace safer at international level?

Europe must reach out to all states that share the same vision of the digital space. Some countries, such as totalitarian states, do not have the same vision as us and do not want to put the citizen at the heart of cybersecurity. With these countries, we cannot talk. On the other hand, with all the others, we can further expand our cooperation to strengthen global cybersecurity.

To what extent does the deterioration in the strategic context threaten the security of cyberspace?

Let's face it: cyber-security, cyber-crime and cyber-attacks are going to increase in quantity and quality. Quite simply because predators have realised that they need to move into the digital space to produce effects with less risk and more results. We know that this trend will continue to accelerate.

What does this mean in practical terms?

It's an increase in attacks on systems and an increase in attacks on an extraordinary system, the most sophisticated data processing system in the world, which is also the least protected: our brains. On the one hand, we are going to see more cyber attacks on businesses, local authorities and hospitals. On the other, we will be the victims of cyber attacks, information manipulation and complete distortions of our thinking. This is one of the major challenges of the years to come: how to build a cyber security system that protects each and every one of us, with us, by us and sometimes in spite of us, because individuals are not always aware of what is at stake.

Are cyber attackers becoming more professional?

Exactly! The evolution of threats is linked to the quality of the perpetrators. In the past, we had isolated "predators" who acted alone. Today, we are faced with a structured, industrialised organisation, with groups sharing the work: those who prepare the attack, those who carry it out, those who recycle the proceeds of the attack and finally those who launder the financial proceeds of the attack. There is therefore a division of competences that makes the fight against cybercrime much more difficult in the sense that it is complicated to trace the thread of a cyberattack. It's a game of leapfrog. A first company is attacked. It is used as an entry point to attack another company and then many more before hitting the main target. This system complicates the investigation. When you decide to start with the victim and work your way up to the perpetrator, you lose track because there are too many intermediaries in the cyber-attack set-up.

Do we have the resources to prevent this deterioration?

To counteract this worsening, we need human resources, talent and skills. Today, we are not training enough talent and skills to meet the challenges. This is an absolutely essential and fundamental point. If, from the earliest age, we don't prepare people for the digital transformation we are going through and which is going to accelerate even further in the years to come, then we can be sure that the future will be very different. Then we can be sure that we will be able to put all the technologies on one side and all the legal rules on the other. What we won't have is the essential human resource.

October is European Cyber Security Month. For the past ten years, the institutions of the European Union have been taking advantage of this dedicated period to run awareness-raising campaigns designed to promote and strengthen cybersecurity. Army General (2S) Marc Watin-Augouard, head of the "Digital Sovereignty and Cybersecurity" major at the IHEDN, deciphers current developments in this common space in a deteriorating strategic context.

What is your definition of cyber security?

Cybersecurity is the result of the actions of individuals, businesses and local and regional authorities who apply IT hygiene rules through information systems security. It is also the result of the action of services that fight cybercrime. And finally, there is the action taken by all those involved in cyber defence, which is not simply military in nature, but which makes it possible to protect all the digital infrastructures that are essential to the life of the nation.

What are the cybersecurity issues involved in protecting our national sovereignty?

Sovereignty is at the heart of cybersecurity, so it's only natural that we should have a national strategy. We cannot rely on others to take action on what is essential for us. On the other hand, France's actions must be part of a more sovereign Europe. If I take the image of the Roman tortoise, where each State protects itself and at the same time protects all the other Member States. Europe must be the sum of skills, knowledge and abilities. This is the major challenge for the years to come: how can we ensure that Europe enables all the Member States to improve their skills and be better protected in terms of cybersecurity?

How can Europe contribute to making cyberspace safer at international level?

Europe must reach out to all states that share the same vision of the digital space. Some countries, such as totalitarian states, do not have the same vision as us and do not want to put the citizen at the heart of cybersecurity. With these countries, we cannot talk. On the other hand, with all the others, we can further expand our cooperation to strengthen global cybersecurity.

To what extent does the deterioration in the strategic context threaten the security of cyberspace?

Let's face it: cyber-security, cyber-crime and cyber-attacks are going to increase in quantity and quality. Quite simply because predators have realised that they need to move into the digital space to produce effects with less risk and more results. We know that this trend will continue to accelerate.

What does this mean in practical terms?

It's an increase in attacks on systems and an increase in attacks on an extraordinary system, the most sophisticated data processing system in the world, which is also the least protected: our brains. On the one hand, we are going to see more cyber attacks on businesses, local authorities and hospitals. On the other, we will be the victims of cyber attacks, information manipulation and complete distortions of our thinking. This is one of the major challenges of the years to come: how to build a cyber security system that protects each and every one of us, with us, by us and sometimes in spite of us, because individuals are not always aware of what is at stake.

Are cyber attackers becoming more professional?

Exactly! The evolution of threats is linked to the quality of the perpetrators. In the past, we had isolated "predators" who acted alone. Today, we are faced with a structured, industrialised organisation, with groups sharing the work: those who prepare the attack, those who carry it out, those who recycle the proceeds of the attack and finally those who launder the financial proceeds of the attack. There is therefore a division of competences that makes the fight against cybercrime much more difficult in the sense that it is complicated to trace the thread of a cyberattack. It's a game of leapfrog. A first company is attacked. It is used as an entry point to attack another company and then many more before hitting the main target. This system complicates the investigation. When you decide to start with the victim and work your way up to the perpetrator, you lose track because there are too many intermediaries in the cyber-attack set-up.

Do we have the resources to prevent this deterioration?

To counteract this worsening, we need human resources, talent and skills. Today, we are not training enough talent and skills to meet the challenges. This is an absolutely essential and fundamental point. If, from the earliest age, we don't prepare people for the digital transformation we are going through and which is going to accelerate even further in the years to come, then we can be sure that the future will be very different. Then we can be sure that we will be able to put all the technologies on one side and all the legal rules on the other. What we won't have is the essential human resource.