The risk of a flood in the Ile-de-France region really is the one risk that dominates all others. All the professionals who tackle the subject are literally stunned by the potential consequences of such an event.
Let’s summarise. Paris lies on a plain. Upstream is a 200km-wide area of gently sloping funnel-shaped terrain. The Seine flows through the city in a channel one hundred metres wide, sometimes less. In the Val-de-Marne area that could become a lake lies critical infrastructure (waterworks, etc.). In the Hauts-de-Seine, the Seine meanders through an economic area of unparalleled importance. The scenario is slow, very slow. In the event of a flood, the Seine’s flow will increase tenfold.
Talking schematically, we can identify four areas (the exact outlines of which are unpredictable). The first would be submerged by water, with everything cut off and inaccessible. The second, much larger area would be dry to walk on but would lose its utility networks (energy, telecommunications, heating, etc.). In the third area, further away, the networks would be able to operate but there would be knock-on effects, blocked transport and general disorder. In the fourth, even further afield, everything would look normal except… the things we depend upon – our customers and suppliers, logistics, staff, family….
A flood is likely to happen during the coldest period of the year, or in the spring. Rising water levels (around 50 to 80cm per day, maybe more) are flooding docks and bankside roads. Forecasts (2 days, no more) are on the increase. The media will do their job as the water rises.
No one can predict the maximum water height we will experience. What’s worse, no one can predict how we will handle all this. To shed more light on the phenomenon, let’s establish two scenarios. In the first, ‘best-case’ scenario, faced with higher water levels (compared with events in recent months), we behave perfectly, in an ideal manner… In the second, ‘worst-case’ scenario, faced with the same hypothetical flood, we enter into a general scramble, at all levels…
Best-case scenario: The water rises… The public authority crisis units, impeccably coordinated and transparent, placed outside the sensitive areas, inform local people and businesses, giving them a simplified and realistic reading of the situation, forecasts and practical consequences. The maps are up to date, and smartphone applications, developed by Vital Infrastructure Operators, work. Thus, feeling that there is a pilot on the plane, the various layers of society calmly make their arrangements. The construction of protective structures and barriers (at 400+ strategic points: underground stations, car parks, etc..) is seen as a sign of confidence in the management of the operations. The individual families affected calmly send their children to stay with family members in the region. They are enrolled in local schools thanks to the national education system’s Plan B. As planned and announced, electricity is suddenly cut over a large area along the course of the Marne and Seine rivers. In the meantime, the local authorities have managed the schools, hospitals, nurseries, infrastructure, etc. Companies, who have realised that the crisis will last for several months at least, have moved their critical activities outside the area. Information technology has been adapted, staff are able to work remotely, everyone has succeeded in organising themselves calmly so that they can live comfortably and work effectively for around 2 months. The water, which continues to rise, leads to the closure of stations and bridges. From Le Havre to Troyes, France is cut in two, with impassable rivers, but the logistical impacts have been anticipated thanks to effective dual communication (individuals and businesses). The coordinated response of foreign rescue and support teams allows the impacts to be limited. …. Companies have planned for everything and initiate and implement their Plan B without leaving anything to chance. As for IT, CIOs have succeeded in reconfiguring their systems (teleworking, help desk, maintaining ISS at its nominal level) without problems, while protecting their own infrastructures. When the water goes back down, around ten days later, we discover that the protections have held despite the pressure of the water: no leaks, no oversights, no malevolence – the infrastructures have been spared. No problem maintaining law and order either – no looting, no pollution, no health impact…. The barriers are taken down; the technical checks are conducted swiftly… no damage, no collapse or subsidence. The house of Grand Paris is reconnected without a glitch; services resume (water, urban heating, waste collection, etc.), inviting people and businesses to resume their activities as before the flood. The building safety inspections are carried out in record time. Business as usual: the tourist season is maintained, the private and corporate real estate market is intact, we are ready for a second flood, confidence is high, the stock market goes up…
Worst-case scenario: the rising water is not anticipated well enough, poorly announced and poorly communicated. Caught unprepared, local people and businesses become stressed or even panic at the sight of the spectacular protective structures being put up. Individuals attempt to leave the area when the stations and some roads are already closed. General chaos sets in. Companies try to return to their sites in order to get together everything required to work remotely for a long time. Utility networks (energy, telecommunications, etc.) fail almost without warning. Wherever the energy is still working, there is a lack of staff, trucks are blocked… Cottoning on to the fact that this will last for months, companies begin to extract materials and equipment, and there is a mass exodus from the area as the partial destruction of infrastructure is announced: the protective barriers did not resist the onslaught, Parisian basements are flooded. The pumping will take months; no rehabilitation timeframe is announced.
Employees are sent away from the centre of town for ‘some time’. With children in the provinces, families are torn apart for months. Disputes take hold, including in companies. The BCP teams attempt to salvage anything essential; IT muddles through somehow. Part of the IS is suspended; fail-soft operation has to be activated, sometimes giving up on security. Many key members of staff are absent and unreachable. It is announced that it will take several years to repair stations, tunnels, the underground system and various infrastructure. Some roadways have collapsed, hundreds of buildings have cracked or caved in, certain weakened bridges will remain closed.
The tourist season is lost; the companies that have survived establish themselves far away from the affected areas. IT departments, head offices, industrial infrastructure – anything that cannot be moved in two days has definitively left the area. An unprecedented crash hits the real estate market. The value of apartments, houses and office blocks in the area is in free fall while the credits roll. The insurance sector is put to the test, the technical provisions are impacted and, despite the reinsurance and solidarity mechanisms, a financial shock occurs. With the departure of thousands of workers and children, a kind of disorganisation spreads through the area. The metropolises around Paris are overloaded: Lille, Le Mans, etc. see their business activities increase significantly. Confidence will take years to return, as we await the next flood. The business community and investors are perplexed…
We will have neither of these two scenarios. Specialists in this matter broadly concur that the difference between those two scenarios is fully dependent upon the performance of all public and private stakeholders. What will happen is fundamentally up to us, unless we consider ourselves unconcerned by the risk of a major flood in Paris.
There is therefore a real risk of the Paris economic plate being destabilised if we are victims of a double phenomenon: a major flood and its mismanagement. This risk concerns a very large area. The direct impacts will stretch from the city centre to the outskirts of the Parisian region. The indirect impacts will go far beyond this for all companies that work with this zone or have logistics operations going through the area. Companies that believe they will not be affected because are located outside of the flood zone are mistaken: this concerns all businesses, including in neighbouring countries.
It is, therefore, essential for us to understand that the risk of a major flood in Paris really is something that could escape our control if we are not careful. ‘We’ refers to the various stakeholders in the operation: from the government level at the top to trade associations revolving around ‘continuity’ subjects, local authorities, consular chambers, the Medef, CGPME, UPA, trade unions, Vital Infrastructure Operators, large, medium and small companies, experts, employees, citizens, journalists, etc. All of us.
While the real consequences of mismanaging a major crisis are 90% related to the functioning of the zone’s economy, the information allowing companies to prepare themselves still remains massively unavailable or poorly targeted. A quick look at our British and American friends reveals the extent of the difference: websites (up to date), available maps, little or no jargon, regulations acting as an incentive (i.e. binding) – everything is done to inform, engage and empower the economic fabric. An effective, all-smartphone strategy allows every executive to know the risks, situate themselves, have check lists and send alerts… via simple applications provided free of charge (State, network operators, etc.).
Here in France, we have to be diligent investigators to lay our hands upon an up-to-date map and means of prevention and alert. What’s more, we have to conduct guesswork based on the maps alone, with red meaning flood alert for ‘Vigicrue’ whereas we have to look for blue (not red) on the BRGM map… There is no clear website for businesses; no one really knows whether we will be effectively informed of network cuts in the area, or indeed the restarting of these same networks.
Deprived of this essential information, ‘business continuity’ managers in companies are required to guess everything and put in place an effective backup strategy within two to three days. An impossible task.
We can therefore, without compromising ourselves, venture to make some recommendations in the form of a wish list: provision of all plans, maps and basic information, presented in French (and not administrative jargon), intelligible for company leaders, with declassification of all necessary elements; simple and effective smartphone applications, designed to maintain the economy; dual communications organised and coordinated for the attention of both local people and companies (whose priorities are totally different); estimates of cuts and re-commissioning of networks and infrastructures, the publication of which would be made compulsory, unless one considers vital infrastructure to be anything other than vital…
The cost of these common-sense measures would be trivial. The day a flood occurs, companies will not need assistance, but rather information. The level of what is at stake amounts to around 80 billion Euros.
![The risk of a major flood in the the Ile-de-France region is also a challenge in terms of Information Systems Security [by Vincent Balouet, maitrisedesrisques.com]](https://incyber.org///wp-content/uploads/2021/08/default-image.jpg)
8 min
The risk of a major flood in the the Ile-de-France region is also a challenge in terms of Information Systems Security [by Vincent Balouet, maitrisedesrisques.com]
Operational security -
May 12, 2015
- Operational security
- Cyber industrial safety
- Security and Stability in Cyberspace
- Cybercrime
- Cyber risks
- Antifraud action
- Digital identity & KYC
- Digital Sovereignty
- Digital transition
Operational security
29 May 2023
Communicating effectively in the aftermath of a cybercrisis
A cyberattack has paralysed your company’s servers. The IT teams have identified the breach and disconnected the affected networks. However, the hackers have already demanded a substantial ...
26 April 2023
Canada: no cybersecurity innovation zone in Gatineau
Private investment was insufficient, says Quebec’s Minister of Economy, Innovation and Energy
24 April 2023
[FIC 2023] CRQ: how to financially quantify cybersecurity risks
At a 2023 FIC workshop, C-Risk presented the Factor Analysis Information Risk (FAIR) standard. Here is an overview of this method of quantifying cybersecurity risks and the benefits for companies.
12 April 2023
How to tell If your cybersecurity strategy is outdated
A cybersecurity strategy is an essential framework that tells people how to stay safe from cyberattacks and what to do if they occur. Unfortunately, many enterprises still follow un-updated ...
27 February 2023
The State of Burnout, a growing concern in the cybersecurity industry
There are a few top priorities the cybersecurity industry is focusing on in 2023. Some examples are closing the skills gap, increasing diversity, equity and inclusion, and overcoming ongoing labour ...
20 February 2023
How to raise employees’ awareness of cybersecurity issues and why
The number of cyberattacks is increasing but, in many businesses, there is still a persistent feeling that it only happens to others. Is this a dangerous state of denial, a misunderstanding of ...
Cyber industrial safety
16 May 2023
Future developments for industrial cybersecurity
A recent ABI Research report addresses likely developments in securing ICS
28 April 2023
Canada: Russian cybercriminals allegedly accessed the natural gas network
The information is among the classified U.S. intelligence documents that were recently leaked
26 April 2023
CISA warns of flaws in ICS and SCADA software
Some of these flaws are critical, two have already been exploited, and all are unpatched
06 March 2023
Indian Railways updates their SCADA cybersecurity
Indian Railways is fixing vulnerabilities in its electric train traction power distribution system
14 February 2023
Scottish Water’s £50m cyber security tender
Scotland’s public water operator, considered critical infrastructure, is seeking a cyber partner for three years
20 January 2023
Everchanging cyberthreats in the energy sector
APT-type attacks, widely covered hacktivist acts, cybercriminal ransomware… Businesses in the energy sector must grasp the extent of the challenges they face.
Security and Stability in Cyberspace
05 June 2023
Questions raised concerning the cyber component of the Military Programming Law
Although essential, the handful of measures included in the French Military Programming Law (LPM), designed to strengthen the capacity of the French National Cybersecurity Agency (ANSSI) to detect ...
16 May 2023
Russia pursues its phishing campaign in Ukraine
Google’s TAG takes stock of pro-Russian cyberattacks on Ukrainian territory, particularly against healthcare industry
12 May 2023
The failure of the “Cyber Pearl Harbor” in Ukraine
Despite the predictions of many experts, cyberattacks have not played a major, decisive role in how operations have been conducted. However, one year after Russia’s invasion of Ukraine, cyber ...
28 April 2023
Ukraine war: American intelligence is the victim of a major leak
Classified documents have been circulating on social media. They detail the situation of the Ukrainian army, the contours of its future offensive, and many details of Western support to Kyiv
26 April 2023
The European Union is going to set up a “cyber shield”
Made up of five to six SoCs, it should enable faster detection of cyberattacks
26 April 2023
NoName057(16) hits Canada with DDoS attacks
The pro-Russian hacktivists have targeted the sites of critical targets: ports, banks, energy or technology companies, as well as Prime Minister Justin Trudeau
Cybercrime
09 May 2023
[FIC 2023]: Are ransomware gangs just like any other business?
In recent months, many ransomwares as a service (RaaS) groups have disappeared or scaled back their operations. Their revenues are also lower due to the downturn in cryptocurrencies, their increased ...
28 April 2023
Moritz Körner: “the Pegasus affair is a fully fledged Watergate scandal”
While setting up instruments to fight cybercrime and protect personal data, the European Union itself is the victim of a massive digital spying affair. However, member States and the Commission show ...
28 April 2023
Western Digital suffers massive leak of sensitive data
Attackers threaten to release 10TB of critical information if a large ransom is not paid
28 April 2023
Moritz Körner on the child sexual abuse EU proposal: “Making a huge Chinese-like surveillance State is not the way we should go”
The very same European Union that became famous for its high privacy protection level with GDPR sparks controversy with its plan to set up a massive surveillance programme. Moritz Körner, member of ...
26 April 2023
Killnet launches cybercrime school
Russian DDoS attacker wants to share his expertise with cybercriminal trainees
06 March 2023
The FBI’s computer network hit by a cyberattack
The Federal Bureau of Investigation stated that the incident, linked to a child pornography investigation, was isolated and under control
Cyber risks
16 May 2023
Meta issues warning on malware disguised as Generative AI
Cybercriminals are also riding the ChatGPT wave
16 May 2023
A new info stealer targeting macOS devices
Cyble identifies AMOS, an info stealer that specializes in Macs and specifically targets crypto wallets
16 May 2023
Rorschach, aka BabLock: swift, stealthy and sophisticated ransomware
Checkpoint and Group-IB issue warning on new ransomware that simply encrypts data without stealing it
28 April 2023
A phishing email uses a legitimate YouTube address
The attackers hijacked a rarely used feature of the platform to send malicious links
18 April 2023
Cyber Innovation Panorama
The information presented in this panorama was collected from the 81 companies that applied for the award. The award is organized in partnership with Eviden (ex-Atos) and with the support of ...
16 April 2023
[FIC 2023] Usernames and passwords at the heart of cyber threats
Now more than ever, hackers’ activities revolve around usernames and passwords. If companies fail to remedy this vulnerability as a priority, their activities could be crippled. This is the key ...
Antifraud action
16 May 2023
Stolen credit cards: Try2Check shutdown
US authorities seized the servers of the illegal service, which specializes in checking the validity of stolen bank cards, and placed a 10 million dollars bounty on its founder
05 May 2023
[FIC 2023] 4 key issues for surviving in the Wild West of domain names
A company’s domain name is one of the primary components of its digital identity and online presence. Paradoxically, it is still one of the most confusing areas to manage due to changing rules, ...
28 April 2023
International police operation brings down Genesis Market
This forum was very popular with cybercriminals as it allowed them to buy and sell bots
08 March 2023
Personal data of 10 million JD Sports customers leaked
Group warns of fraud and phishing risks following this breach
08 March 2023
Africa: Digital identity fraud on the rise
Report on KYC in Africa reveals 28% rise in fraud by 2022
08 March 2023
Fake ChatGPT desktop client spreads a Trojan horse
Cybercriminals take advantage of OpenAI chatbot’s popularity to siphon off login credentials
Digital identity & KYC
16 May 2023
DocuSign launches AI-assisted ID verification
Named “ID Verification for EU Qualified”, compliant with European Union and United Kingdom regulatory requirements, this solution also relies on human approval
26 April 2023
United States: Senate Passes Digital Identity Bill
A Senate committee has validated the Improving Digital Identity Act, which is intended to enable the deployment of a “trusted and interoperable” identity verification solution
08 March 2023
Africa: Digital identity fraud on the rise
Report on KYC in Africa reveals 28% rise in fraud by 2022
08 March 2023
Brussels finalizes European digital identity framework
Adopted by the Committee on Industry, Research and Energy, the text will be submitted to the European Parliament in mid-March 2023
14 February 2023
Canada: a digital identity card for Newfoundland and Labrador
The province’s Minister of Digital Government wants to reduce the amount of information required to prove one’s age or identity
06 January 2023
Digital identity as a national security priority in Morocco
When detailing his priorities for 2023, the Director General of the Moroccan National Security made a point of focusing on digital technology
Digital Sovereignty
31 May 2023
In the face of cybersecurity threats, Europe is getting organised, says Thierry Breton
At FIC 2023, the European Commissioner for the Internal Market spoke at a plenary session. He detailed all the measures taken since he took up his role three years ago.
16 May 2023
European Union officializes Cyber Solidarity Act
The European Commission presented regulations detailing the terms of this European “cyber shield”, made up of SOCs
04 May 2023
Web3: a unique geopolitical and strategic occasion for the EU?
While the Internet’s third generation marks the end of Europe’s “servitude”, its legal, regulatory and cybersecurity risks and obstacles require concerted operational ...
20 April 2023
[FIC 2023] Cloud : Is Europe Falling Behind?
To successfully transform in the face of its competitors, the EU must come together, build a shared ecosystem and shore up its resilience and regulations. But above all, it must believe in its ...
17 April 2023
[FIC 2023] An obstacle course for Europe’s sovereign Cloud
Despite formidable progress, the European Cloud seems to be struggling in the face of American Big Tech’s overwhelming dominance. The analysis by regulators and cloud and cybersecurity ...
01 March 2023
Cloud services certification: a hard road to harmonisation
In a fragmented market dominated by American service providers, ENISA is trying to establish a common certification scheme called the European Cybersecurity Certification Scheme for Cloud Services ...
Digital transition
25 May 2023
[FIC 2023] Trust in Digital Technology: “We Can’t Believe What We See Anymore”
Social networks, AI, big data: digital technology has upended social structures and undermined what holds them together: trust. How can we redefine it? To answer this question at an FIC plenary ...
16 May 2023
France and Singapore launch AI lab for cyber defense
Headed by the French Ministry of Defense and Singaporean Ministry of Defense, it is part of the SAFARI agreement signed by the two countries in 1997
16 May 2023
European Union publishes list of “very large online platforms” subject to DSA
Starting from August 25, 2023, 19 tech giants will have to comply with significant regulatory requirements concerning data, problematic content and advertising
16 May 2023
The Virtual Global Taskforce worries about Meta’s default encryption
The international organization against online CSAM worries that the default encryption on Facebook and Instagram is hindering their investigations
16 May 2023
No cybersecurity without soldiers
No battle anywhere has ever been won without soldiers. The fantasy of wars won by drones, remotely controlled with a joystick in one hand and a telephone in the other, just doesn’t stand up ...
15 May 2023
Egypt’s cyberpower ambitions
President Abdel Fattah el-Sisi wants to make his country the region’s next major digital technology hub. As part of his ambitious “Egypt Vision 2030” development plan, the country ...