In a 2021 study titled “Cyber Capabilities and National Power: A Net Assessment,” researchers at the British institute IISS evaluated the cyber strategies of 15 countries around the world. They found that France has solid strategies for cyberspace security, supported by mature institutions and regular budget lines.
“France has shown itself to be highly competent and innovative in cybersecurity, advocating a holistic approach to society. It also prioritizes regulation as a way to address cyber threats, as evidenced by new laws on election interference and critical national infrastructure protection,” states the report.
A strategy that builds up year after year
Since 2015, France has had a National Strategy for Digital Security, in order to respond to the new challenges arising from developments in digital uses and related threats: cybercrime (including for terrorist purposes), propagation of false information or large-scale manipulation, political or economic espionage, attacks on critical infrastructure for sabotage purposes, etc.
This strategy was subsequently fleshed out by France’s International Digital Strategy, presented by the Minister of Europe and Foreign Affairs in December 2017, and then by the Strategic Cyber Defense Review, launched in February 2018. The latter defines a cyber crisis management doctrine, clarifies the objectives of a national cyber defense strategy and confirms the primary responsibility of the State in this area.
The Cyber Campus, a first in Europe
The creation of the Cyber Campus in February 2022 is the first initiative of its kind in Europe. As a showcase for France’s cyber excellence and a lever for digital sovereignty, its aim is to unite and promote the cybersecurity community at both the national and European levels. Its ambition is also to develop synergies between the various players involved (large groups and SMEs, government departments, training organizations, research players and associations).
The launch of the Cyber Campus took place at the same time as the announcement of the national strategy for cybersecurity. With a budget of €1 billion, including €720 million in public funding, the strategy aims to triple the industry’s revenue (from €7.3 billion to €25 billion) and position France in relation to international competition by doubling the number of jobs in the industry (from 37,000 to 75,000), while also creating three French cybersecurity scale-ups.
A strong French position in favor of multilateralism
On the international stage, the IISS study highlights France’s commitment to multilateralism on cybersecurity issues, which has many advantages, but also a number of drawbacks. “France’s offense capabilities are mature but probably lag behind those of the United States and the United Kingdom. Its desire for national autonomy on key cyber capabilities deprives France of the potential gain of a more integrated approach with its main allies, but as a result, the country is less dependent on them,” the IISS study comments.
At the European level, France has always considered it necessary to strengthen operational cooperation between Member States. The objective, in its view, is to have, at the European level, tools for sharing technical information on threats, enabling the anticipation of and rapid response to a cyber attack. The establishment in 2017 of a framework for a joint EU diplomatic response to acts of cyber-malware (“Cyberdiplomatic Toolbox”) is fully in line with this cooperation approach.
One year later, the Paris Appeal for Confidence and Security in Cyberspace was also adopted. Supported by more than 1,200 entities, this text recalls the application of international law and human rights in cyberspace and lists a certain number of fundamental principles – responsible behavior of States, State monopoly of legitimate violence, recognition of the specific responsibilities of private actors – to make cyberspace a safe and trusted environment. Through this text, France has resolutely affirmed its desire to distinguish itself from “the Californian Internet and the Chinese Internet”.
For many years now, France has been pursuing an active cybersecurity policy, inspired by a new multilateralism adapted to the realities of the digital space. With this policy, cybersecurity, still considered a technical issue a few years ago, is now perceived as a public policy, trade policy, and international stability issue.