For a collective and collaborative cybersecurity!

The major health crisis that humanity is currently facing illustrates the imperative need to strengthen cooperation at all levels. In an interdependent world, as in a chain, the security level of the whole corresponds to that of the weakest link. When facing systemic risks – whether related to health or to cyber issues – the only valid response is therefore collective and collaborative. Collective, because each stakeholder is responsible not only for his or her own security but also for the security of every other stakeholder, and therefore for the security of the whole. Collaborative, because cooperation and information sharing are essential to compensate the asymmetry between the « attacker » and the « defender ».

While this approach may seem self-evident in a crisis situation, it faces many limitations: States’ concerns about sovereignty, competition between companies, silo mentality within organisations, lack of awareness among individuals, etc. Like the trust on which it is based, cooperation, and a fortiori coordination, between actors in the same chain cannot be decreed. They must be built in a concrete way thanks to a multitude of actions intended to share, exchange, train, practice, etc..

After a 2020 edition that highlighted the key role played by human beings in cybersecurity, the FIC 2021 will therefore focus on the major challenges of cooperation:

• On the operational level, how can we structure and increase the exchange of information on incidents, threats, vulnerabilities, best practices, tools, etc.? How can we strengthen exchange structures (CERTs, ISACs, etc.) between stakeholders within the same field of activity, between different fields, cybersecurity providers and state agencies?
• On the industrial level, how can we reconcile this growing need for exchanges between actors in the cyber sector with the realities of business and the principle of fair competition between actors? Are there new economic models? Is crowd security an option? How can « campuses » emerge to develop synergies within an ecosystem?
• At the technological level, how can we improve the collective intelligence of networks and information systems to strengthen our detection and response capacities? In the age of IoT and hyperconnectivity, how can we transform each piece of equipment into a cybersecurity « sensor » and « actuator »? How can we stimulate joint R&D programmes to develop interoperable or even integrated security technologies?
• On the strategic level, how can we further strengthen cooperation between States and go beyond existing confidence-building measures and standards of responsible behaviour? For example, should we identify « shared » digital features that would be given a special status? How can we establish a multi-stakeholder governance system involving States and companies?

To address these challenges, the FIC 2021 has set itself some priorities:

1. To be even more open to the entire cyber ecosystem to strengthen feedback and multiply exchanges;
2. To give innovation a central place, particularly in the field of artificial intelligence, thanks to new challenges, ever more technical demonstrations, and a bigger « innovation » space;
3. To strengthen the « business » dimension of the event, so as to create ever more opportunities for our partners and the Europeanindustry of digital trust and security solutions;
4. To propose a more diverse content in terms of formats and subjects, in order to cross-fertilize approaches and create more links between the stakeholders. This is also the role, throughout the year, of CyberNews, the media launched by the FIC team (https://cybernews.info/);
5. To continue the internationalisation of the FIC, as we are more than ever convinced of the need to further strengthen exchanges and cooperation, particularly at the European level.

(by Guillaume Tissier, President of CEIS)