Grand Est : a dynamic, structured ecosystem

With a solid network of industrial, academic and economic partners, the Grand Est region’s cybersecurity ecosystem is exemplary in France. It works to support and protect companies against the dangers they face.

With around a hundred companies offering cybersecurity solutions and services, of which 30% are local players, the Grand Est region boasts a dynamic economic fabric. At the heart of this dynamic is Grand E-Nov+, the innovation and international prospecting agency for the Grand Est region, created at the initiative and with the support of the Grand Est Region and the Grand Est Chamber of Commerce and Industry. 90 employees, including consultants, doctors and engineers, ensure a presence throughout the region (seven offices in all).

“A regional cybersecurity plan has been in place since March 2023. It structures this sector in the region around different building blocks—awareness/prevention, support for businesses and local authorities in improving their knowledge of cybersecurity, and crisis management and response to cyberattacks — with the support of Grand Est Cybersécurité, our regional CSIRT,” says Jean-Charles Renaudin, Head of Cybersecurity & CSIRT activities at Grand E-Nov+.

CSIRT is the region’s computer security incident response team whose objective is to provide free assistance to local organizations. It received more than 200 requests in less than a year. “The aim is to set up a center that can support all victims who either lack skills or need help. We can put them in touch with 18 referenced service providers for incident response: how to stop the attack, resolve it and, if necessary, help restore an information system,” says Jean-Charles Renaudin.

A regional Cyber Campus in the making

The region has also been rolling out cybersecurity diagnostics for the past year and a half, for the benefit of small and medium businesses, local authorities and associations in the Grand Est region. Twenty-five cybersecurity service providers are referenced to help set it up. “160 applications have been approved to date. This cybersecurity diagnosis is based on a set of specifications that include ten man-days for beneficiaries, spread over a period of four to six months. The region covers 50% of the cost of the service. The diagnostic’s goal is to help companies assess the current state-of-affairs for their maturity in cybersecurity and identify vulnerabilities to be corrected,” says Jean-Charles Renaudin.

Another flagship project is the creation of a regional Cyber Campus, a local version of the national campus. “The construction of the Cyber Campus was approved by the regional assembly at the end of January 2024. A call for expressions of interest was then sent out. We want to create a polycentric regional Cyber Campus, i.e., with a central governance body at the regional level and local excellence clusters around our major cities, to better respond to the territory’s specificities and structure cybersecurity around the national Cyber Campus’s four pillars,” says Jean-Charles Renaudin. The Cyber Campus’s four pillars are operations (responding to attacks), user awareness and training cybersecurity experts, innovation (with the aim of giving priority to sovereign innovation) and ecosystem leadership (to help raise its profile).

The Loria laboratory: the cornerstone of research in the Grand Est region

Another key player in the Grand Est region’s cybersecurity ecosystem is the Loria laboratory. The “Lorraine Laboratory for Research in Computer Science and its Applications” is a Joint Research Unit (UMR 7503) shared by several institutions, including the CNRS, University of Lorraine and Inria. Since it was founded in 1997, its mission has revolved around fundamental and applied research in computer science.

Cybersecurity is at the heart of Loria’s activities, with 40 to 50 researchers specializing in this field, with topics such as the verification of security protocols, cryptography and cryptoanalysis, malware analysis, networks of the future (5G, 6G, etc.), and security by design. “It’s important to note that there are also two research platforms within Loria: a platform for security testing using a combination of connected objects and 5G, and the High Security Laboratory (HSL), which allows us to carry out various processes on future programs,” says Jean-Yves Marion, Director of the Loria laboratory.

The high-security laboratory is housed in a closed environment with an isolated Internet network and access protected by biometric recognition. It provides a reliable technological and regulatory environment for sensitive tests and operations. It features a virtual telescope that can detect malicious code and signs of attack, allowing for probe experiments on the Internet. A sealed “test tube” network is also present for sensitive experiments, such as malicious code analysis, without the risk of contaminating the entire network. Finally, a “red” room not connected to the network facilitates the handling of highly sensitive information and data. This room can be used to store equipment or materials for confidential study as part of industrial partnerships.

Start-up spin-offs

Several start-ups have spun off from the Loria research laboratory in recent years. One example is Cyber-Detect, which develops, produces and markets cybersecurity solutions based on “morphological analysis” to detect and study malicious code and targeted attacks, in particular.

Another such company is Cibi, a start-up that searches for vulnerabilities in a network of connected objects that could be exploited. “A single vulnerability is not going to be useful. But if you put several together, you can create a working attack pathway,” says Jean-Yves Marion.

Finally, a partnership agreement on cybersecurity was signed in 2020 between the Saarbrücken-based research institute CISPA (Helmholtz Center for Information Security) and the University of Lorraine. This partnership aims to strengthen collaboration in cybersecurity research and transfer know-how and innovation between France and Germany. It relies on CISPA and Loria’s expertise.