Regulating the digital space: an effort for all?

“Will distrust prevail?” was the polemical opening question of that exchange organised by the International Cybersecurity Forum. However, the list of pitfalls to overcome in the field fully justifies this concern: cybercrime on the rise (a quadrupling of attacks by ransomware between 2019 and 2020 has been recorded by ANSSI), structuring platforms beyond the reach of the European arm, data that needs to be better controlled… The difficulties tend to accumulate and call for everyone to work together.

Cybersecurity, from the gendarmerie to companies

It is precisely in a field as sovereign as the fight against cybercrime that collective commitment is paramount. Thus, the plan to strengthen cybersecurity presented by Aurélien Palix, deputy director in charge of networks and digital uses at the General Directorate of Companies, is intended to encourage cooperation, in particular with the creation of a Cyber campus open to a plurality of stakeholders—among which the Gendarmerie—and whose tasks will include training the personnel and build capacity in digital skills.

This necessary synergy is supported by Jean-Claude Laroche, President of CIGREF’s Cybersecurity Circle, for whom the response to Internet crime must be “systemic”. This response should include both an increase in police and judicial resources dedicated to this task, and an effort by the “users of major digital solutions”, i.e. the members of CIGREF, who should provide “security budgets that are substantial and commensurate with the stakes.”

The state as a driving force for the private sector

This financial issue is also at the heart of the plan to strengthen cybersecurity, whose financial structure is an illustration of the compulsory partnership between the public and private spheres—the former bringing €720m to the table, the latter €319m. A significant part of this budget will not be allocated to direct investments, since €176m will go to supporting the adoption of cyber solutions, and €148m to strengthening the links between the sector’s stakeholders.

These two objectives stem from a simple observation: the state’s manna is not a ‘bottomless pit’, as Aurélien Palix reminded us, and will not be enough to meet the scale of the task. To the immediate funding intended for the development of innovative and sovereign solutions, the state wishes to add initiatives able to foster cooperation to build competitive global productions that will then benefit from a strong demand coming from a French cybersecurity-aware audience.

Lobbying at the service of political action

If money is the sinews of war, then information is its guide. Civil society also has a supporting role to play. As Danielle Jacobs, director of the Beltug association, pointed out: “We cannot expect the European Commission to know everything about the market. In fact, we believe is our task. “We are here to exert more influence on the European Commission,” added CIGREF President Bernard Duverneuil.

The posture adopted by the associations—upstream of the politicians—would enable to raise the latter’s awareness of essential issues for the sector. And the task at hand is impressive: from compliance with European security requirements on the part of software producers, to their compliance with the General Data Protection Regulation (GDPR), and to improvements in competition law, there are still many obstacles to overcome to establish trust and stability conducive to economic development.

Europe, the critical size

And the European level is particularly targeted because it is the only one that will enable the countries of the Old Continent to avoid ending up as a digital “colony” of the United States and China, in the words of Joachim Reichel, a board member of Voice. Thus, although the major digital platforms were mentioned several times, it was the need for their regulation that dominated the debates. This movement has been firmly initiated by the European Union, which intends to impose a firmer framework on these oligopolies through two regulations presented on 15 December: the Digital Markets Act and the Digital Services Act.

This approach must also be proactive to safeguard European sovereignty in key areas. The cloud, “the place for innovation and the development of tomorrow’s products,” as Jean-Claude Laroche explains, is one of these sensitive sectors benefiting from European action through the GAIA-X project. Supported by the stakeholders, the company’s ambition is to secure the user’s data, who will be able to keep control of it and benefit from portability, allowing them to change supplier without hindrance. An example of European added value for a model that will eventually be exported?