The risk of a flood in the Ile-de-France region really is the one risk that dominates all others. All the professionals who tackle the subject are literally stunned by the potential consequences of such an event.
Let’s summarise. Paris lies on a plain. Upstream is a 200km-wide area of gently sloping funnel-shaped terrain. The Seine flows through the city in a channel one hundred metres wide, sometimes less. In the Val-de-Marne area that could become a lake lies critical infrastructure (waterworks, etc.). In the Hauts-de-Seine, the Seine meanders through an economic area of unparalleled importance. The scenario is slow, very slow. In the event of a flood, the Seine’s flow will increase tenfold.
Talking schematically, we can identify four areas (the exact outlines of which are unpredictable). The first would be submerged by water, with everything cut off and inaccessible. The second, much larger area would be dry to walk on but would lose its utility networks (energy, telecommunications, heating, etc.). In the third area, further away, the networks would be able to operate but there would be knock-on effects, blocked transport and general disorder. In the fourth, even further afield, everything would look normal except… the things we depend upon – our customers and suppliers, logistics, staff, family….
A flood is likely to happen during the coldest period of the year, or in the spring. Rising water levels (around 50 to 80cm per day, maybe more) are flooding docks and bankside roads. Forecasts (2 days, no more) are on the increase. The media will do their job as the water rises.
No one can predict the maximum water height we will experience. What’s worse, no one can predict how we will handle all this. To shed more light on the phenomenon, let’s establish two scenarios. In the first, ‘best-case’ scenario, faced with higher water levels (compared with events in recent months), we behave perfectly, in an ideal manner… In the second, ‘worst-case’ scenario, faced with the same hypothetical flood, we enter into a general scramble, at all levels…
Best-case scenario: The water rises… The public authority crisis units, impeccably coordinated and transparent, placed outside the sensitive areas, inform local people and businesses, giving them a simplified and realistic reading of the situation, forecasts and practical consequences. The maps are up to date, and smartphone applications, developed by Vital Infrastructure Operators, work. Thus, feeling that there is a pilot on the plane, the various layers of society calmly make their arrangements. The construction of protective structures and barriers (at 400+ strategic points: underground stations, car parks, etc..) is seen as a sign of confidence in the management of the operations. The individual families affected calmly send their children to stay with family members in the region. They are enrolled in local schools thanks to the national education system’s Plan B. As planned and announced, electricity is suddenly cut over a large area along the course of the Marne and Seine rivers. In the meantime, the local authorities have managed the schools, hospitals, nurseries, infrastructure, etc. Companies, who have realised that the crisis will last for several months at least, have moved their critical activities outside the area. Information technology has been adapted, staff are able to work remotely, everyone has succeeded in organising themselves calmly so that they can live comfortably and work effectively for around 2 months. The water, which continues to rise, leads to the closure of stations and bridges. From Le Havre to Troyes, France is cut in two, with impassable rivers, but the logistical impacts have been anticipated thanks to effective dual communication (individuals and businesses). The coordinated response of foreign rescue and support teams allows the impacts to be limited. …. Companies have planned for everything and initiate and implement their Plan B without leaving anything to chance. As for IT, CIOs have succeeded in reconfiguring their systems (teleworking, help desk, maintaining ISS at its nominal level) without problems, while protecting their own infrastructures. When the water goes back down, around ten days later, we discover that the protections have held despite the pressure of the water: no leaks, no oversights, no malevolence – the infrastructures have been spared. No problem maintaining law and order either – no looting, no pollution, no health impact…. The barriers are taken down; the technical checks are conducted swiftly… no damage, no collapse or subsidence. The house of Grand Paris is reconnected without a glitch; services resume (water, urban heating, waste collection, etc.), inviting people and businesses to resume their activities as before the flood. The building safety inspections are carried out in record time. Business as usual: the tourist season is maintained, the private and corporate real estate market is intact, we are ready for a second flood, confidence is high, the stock market goes up…
Worst-case scenario: the rising water is not anticipated well enough, poorly announced and poorly communicated. Caught unprepared, local people and businesses become stressed or even panic at the sight of the spectacular protective structures being put up. Individuals attempt to leave the area when the stations and some roads are already closed. General chaos sets in. Companies try to return to their sites in order to get together everything required to work remotely for a long time. Utility networks (energy, telecommunications, etc.) fail almost without warning. Wherever the energy is still working, there is a lack of staff, trucks are blocked… Cottoning on to the fact that this will last for months, companies begin to extract materials and equipment, and there is a mass exodus from the area as the partial destruction of infrastructure is announced: the protective barriers did not resist the onslaught, Parisian basements are flooded. The pumping will take months; no rehabilitation timeframe is announced.
Employees are sent away from the centre of town for ‘some time’. With children in the provinces, families are torn apart for months. Disputes take hold, including in companies. The BCP teams attempt to salvage anything essential; IT muddles through somehow. Part of the IS is suspended; fail-soft operation has to be activated, sometimes giving up on security. Many key members of staff are absent and unreachable. It is announced that it will take several years to repair stations, tunnels, the underground system and various infrastructure. Some roadways have collapsed, hundreds of buildings have cracked or caved in, certain weakened bridges will remain closed.
The tourist season is lost; the companies that have survived establish themselves far away from the affected areas. IT departments, head offices, industrial infrastructure – anything that cannot be moved in two days has definitively left the area. An unprecedented crash hits the real estate market. The value of apartments, houses and office blocks in the area is in free fall while the credits roll. The insurance sector is put to the test, the technical provisions are impacted and, despite the reinsurance and solidarity mechanisms, a financial shock occurs. With the departure of thousands of workers and children, a kind of disorganisation spreads through the area. The metropolises around Paris are overloaded: Lille, Le Mans, etc. see their business activities increase significantly. Confidence will take years to return, as we await the next flood. The business community and investors are perplexed…
We will have neither of these two scenarios. Specialists in this matter broadly concur that the difference between those two scenarios is fully dependent upon the performance of all public and private stakeholders. What will happen is fundamentally up to us, unless we consider ourselves unconcerned by the risk of a major flood in Paris.
There is therefore a real risk of the Paris economic plate being destabilised if we are victims of a double phenomenon: a major flood and its mismanagement. This risk concerns a very large area. The direct impacts will stretch from the city centre to the outskirts of the Parisian region. The indirect impacts will go far beyond this for all companies that work with this zone or have logistics operations going through the area. Companies that believe they will not be affected because are located outside of the flood zone are mistaken: this concerns all businesses, including in neighbouring countries.
It is, therefore, essential for us to understand that the risk of a major flood in Paris really is something that could escape our control if we are not careful. ‘We’ refers to the various stakeholders in the operation: from the government level at the top to trade associations revolving around ‘continuity’ subjects, local authorities, consular chambers, the Medef, CGPME, UPA, trade unions, Vital Infrastructure Operators, large, medium and small companies, experts, employees, citizens, journalists, etc. All of us.
While the real consequences of mismanaging a major crisis are 90% related to the functioning of the zone’s economy, the information allowing companies to prepare themselves still remains massively unavailable or poorly targeted. A quick look at our British and American friends reveals the extent of the difference: websites (up to date), available maps, little or no jargon, regulations acting as an incentive (i.e. binding) – everything is done to inform, engage and empower the economic fabric. An effective, all-smartphone strategy allows every executive to know the risks, situate themselves, have check lists and send alerts… via simple applications provided free of charge (State, network operators, etc.).
Here in France, we have to be diligent investigators to lay our hands upon an up-to-date map and means of prevention and alert. What’s more, we have to conduct guesswork based on the maps alone, with red meaning flood alert for ‘Vigicrue’ whereas we have to look for blue (not red) on the BRGM map… There is no clear website for businesses; no one really knows whether we will be effectively informed of network cuts in the area, or indeed the restarting of these same networks.
Deprived of this essential information, ‘business continuity’ managers in companies are required to guess everything and put in place an effective backup strategy within two to three days. An impossible task.
We can therefore, without compromising ourselves, venture to make some recommendations in the form of a wish list: provision of all plans, maps and basic information, presented in French (and not administrative jargon), intelligible for company leaders, with declassification of all necessary elements; simple and effective smartphone applications, designed to maintain the economy; dual communications organised and coordinated for the attention of both local people and companies (whose priorities are totally different); estimates of cuts and re-commissioning of networks and infrastructures, the publication of which would be made compulsory, unless one considers vital infrastructure to be anything other than vital…
The cost of these common-sense measures would be trivial. The day a flood occurs, companies will not need assistance, but rather information. The level of what is at stake amounts to around 80 billion Euros.
![The risk of a major flood in the the Ile-de-France region is also a challenge in terms of Information Systems Security [by Vincent Balouet, maitrisedesrisques.com]](https://incyber.org///wp-content/uploads/2021/08/default-image.jpg)
8 min
The risk of a major flood in the the Ile-de-France region is also a challenge in terms of Information Systems Security [by Vincent Balouet, maitrisedesrisques.com]
Operational security -
May 12, 2015
- Operational security
- Cyber industrial safety
- Security and Stability in Cyberspace
- Cybercrime
- Cyber risks
- Antifraud action
- Digital identity & KYC
- Digital Sovereignty
- Digital transition
Operational security
13 January 2023
$4.8 million to train cybersecurity experts at the University of Oregon
This National Science Foundation grant is designed to help the US fill its cybersecurity workforce shortage
09 November 2022
Sustainable data destruction: the public sector can do better
Every year, government organizations around the world spend hundreds of millions of dollars on the physical destruction and repurchase of perfectly good IT equipment. Secure data destruction ...
07 November 2022
[EBOOK] Blancco: 3 Guidelines for Communicating (and Implementing) Eco-Friendly IT Asset Disposal Policies
Discover Blancco’s new ebook for Communicating (and Implementing) Eco-Friendly IT Asset Disposal Policies through 3 Guidelines: (1) Embrace Change (Management), (2) Commit to Device ...
12 October 2022
[Interview] Gérald Kugler, HP: “Endpoint devices contribute to enterprise resilience”
In order to provide its equipment with security systems that are independent of any third-party editor, the manufacturer HP has built an ambitious strategy. Gérald Kugler, its Chief Technologist ...
11 October 2022
The CISO as a catalyst for cyber awareness among boards of directors
The attacks that have hit many companies in recent years have made executives and their comex aware of the risks involved and the need to take action. The CISO has played a central role in raising ...
20 September 2022
Tips for Effective Leadership During a Cyberattack
Cyberattacks are almost unavoidable now that everyone relies on the internet daily. While they may not be entirely preventable, you can be prepared in case a cyberattack happens to your ...
Cyber industrial safety
20 January 2023
Everchanging cyberthreats in the energy sector
APT-type attacks, widely covered hacktivist acts, cybercriminal ransomware… Businesses in the energy sector must grasp the extent of the challenges they face.
22 December 2022
Offshore oil and gas: US warns of cyber risk
A report by the Government Accountability Office denounces the obsolescence of software used on many offshore platforms.
08 December 2022
How Europe wants to protect its IT infrastructure in the future
The importance of IT infrastructure is steadily increasing for companies, organizations and entire nations. From the EU’s perspective, a cyber attack on one country can even affect the entire ...
03 November 2022
What are the different cyber threats against solar panels?
DNV provides an update on cyber threats to energy infrastructure, particularly photovoltaic panels
23 September 2022
Israel: pro-Palestine hacktivists hack SCADA/ICS controllers
The GhostSec hacktivist group has claimed it gained control of 55 PLCs at Israeli industrial organisations as part of the “Free Palestine” campaign.
25 July 2022
How can industrial companies ensure the cybersecurity of their supply chain?
Production in industrial companies depends heavily on successful supply chains, as raw materials, materials required for production and usually numerous additional things are necessary to achieve a ...
Security and Stability in Cyberspace
16 January 2023
From Ukraine to Pakistan, a journey to the heart of Internet geopolitics
The Internet is a constrained space, with its own bottlenecks, center and periphery, its land and sea powers. This is one of the conclusions of the colloquium on the geopolitics of Internet routes ...
13 January 2023
US nuclear research labs targeted by Russian cybercriminals
The Cold River group reportedly launched phishing attacks against three research centres in summer 2022, including one specialising in nuclear weaponry
09 January 2023
North Korea: a specialist in cryptocurrency theft
A South Korean intelligence report accuses Pyongyang of stealing $1.2 billion in cryptocurrency since 2017
30 December 2022
The criminal police is entering the Metaverse
In October 2022, the European Criminal Police Agency (Europol) and the International Criminal Police Organization (Interpol) each released their own reports on the Metaverse. Why? They want to enter ...
28 December 2022
Cybersecurity: why Japan is eyeing Europe
Worried about its cybersecurity and being respectful of private data, Japan is urgently seeking the right formula to defend itself. It is looking to Europe, on the verge of creating a “common ...
12 December 2022
Fighting in the Metaverse: a virtual world that is already available to our Army experts
Inform, influence, lure, target, recruit, train. The new virtual, augmented, and hybridized world in the making is generating an ocean of data, which the “earthlings” intend to take ...
Cybercrime
13 January 2023
Free decryption key for MegaCortex
Bitdefender, working with Europol, the Swiss authorities and the No More Ransom project, has made this cyber defence tool available online
22 December 2022
New wiper strikes Russian institutions
Known as “CryWiper”, it’s disguised as ransomware. Its origin is unknown, but its power to cause harm is tremendous.
22 December 2022
Chinese cyber attack on Amnesty International
Secureworks reveals that a spyware spied on the Canadian division of the NGO.
23 November 2022
Canada: Sobeys pharmacies fall victim to a cyberattack
In Canada, the Empire Group, owner of Sobeys pharmacies, suffered a cyber attack that paralyzed the processing of prescriptions.
23 November 2022
LockBit affiliate arrested in Canada
In late October 2022, Europol coordinated the arrest of a Lockbit affiliate in Canada. He is suspected of attacks against critical infrastructure.
03 November 2022
Dutch police trick DeadBolt ransomware gang
By faking ransom payments, the Dutch police and the cybersecurity firm Responders recovered 155 decryption keys from the cybercriminal group DeadBolt
Cyber risks
17 January 2023
The protection of citizens and children on the Internet, a priority issue in 2023
2022 will have seen another explosion in the number of Internet scams. Hackers are becoming more and more professional. They also use all the communication means at their disposal by exploiting our ...
16 January 2023
[OneTrust] The many aspects of GRC platforms (Governance, Risk and Compliance)
Covering a wide variety of risks, what are known as “GRC” solutions allow businesses to deal with conventional and emerging risks that affect them, all the while correcting vulnerabilities and ...
13 January 2023
Cybercriminals are also using ChatGPT
OpenAI’s chat tool is adept at crafting phishing and malware messages
09 January 2023
Israeli spyware targets security cameras
Sold only to state organisations, it can be used to take control of these cameras and even modify recordings
09 January 2023
Five cyber threats to watch out for in 2023
Triple extortion, attacks on multi-factor authentication (MFA) solutions, the extension of phishing to other types of messaging, browser-based attacks, and the widespread use of AI are the cyber ...
06 January 2023
Layer defences for the best ransomware protection
The best cybersecurity defence strategy is one where there are as many barriers as possible. Even if the hacker breaks through one wall, they will encounter more. Layered defences are the optimal ...
Antifraud action
09 January 2023
Digital fraud on the rise worldwide
A LexisNexis report shows that bot attacks have increased by 38% (155% in e-commerce) and human attacks by 32%
09 January 2023
USA: Equifax compensates victims of 2017 data breach
Cybercriminals are taking advantage of this large-scale attack to develop new scams
06 January 2023
Stealers in Google sponsored links
Cybercriminals thwart Google’s vigilance by creating a harmless site, which then redirects to a second site containing malicious software
22 December 2022
Beware of CryptosLabs, the champion of brand spoofing
Group-IB warns against the practices of this dreaded “scam-as-a-service” that has automated tools.
23 November 2022
United States: Complaints after skimming of food aid
In the United States, an association filed a complaint against the State of Massachusetts because of its failure to reimburse food aid funds stolen by skimming.
04 November 2022
U.S. banks are failing to reimburse for instant payment fraud
A U.S. senator’s investigation reveals that major U.S. banks rarely reimburse instant payment service fraud
Digital identity & KYC
06 January 2023
Digital identity as a national security priority in Morocco
When detailing his priorities for 2023, the Director General of the Moroccan National Security made a point of focusing on digital technology
06 January 2023
European Digital Identity Wallet: pilot project awarded
EU Digital Identity Wallet consortium to look at application to travel in 2023
06 January 2023
The EU reaches agreement on the legal framework for its digital identity wallets
Digital ministers adopt a regulation guaranteeing interoperable and secure applications.
07 November 2022
[Case Study] Idemia: The Kingdom of Morocco introduces a national digital ID program
The nation puts into effect its digitalization plan based on new eID cards to reinforce security and convenience for citizens. Discover Idemia’s Case Study on the subject, through the ...
04 November 2022
Digital identity: towards the age of reason?
Digital identity players are gradually getting their act together and the European regulatory framework is becoming more structured. Here is a close-up on a market that is gaining in maturity.
11 October 2022
[Interview] Gregory Kuhlmey, IDEMIA: Biometrics in Digital Identity Wallet
The EU is going all in on its Digital Identity Wallet program. A project that is a source of both hope and worry. Digital Identity Wallet advances, protection privacy, international examples, the ...
Digital Sovereignty
23 January 2023
How the EU wants to protect citizens and businesses from cyberattacks
The EU Commission wants to ensure that future challenges to the security of digital products in the private environment, but also at companies in the EU, are mastered as well as possible. This should ...
14 December 2022
NIS2: New year, new European security rules
The heir to the NIS Directive has been adopted. NIS2 introduces far-reaching changes such as C-level criminal liability to ensure that economic actors take digital assets security seriously. ...
24 November 2022
The European Health Data Space : which answers to which questions?
The draft regulation on the European Health Data Space (EHDS) is proposing a framework for sharing health data in Europe. It is questionable whether the legislation will meet the multiple challenges ...
09 November 2022
The Cloud: how do we renew trust?
Europeans have snapped out of their naivety, and they are now looking for the magic formula to secure their data without foregoing the efficiency of apps backed by American datacenters. France has ...
18 October 2022
What is the Health Data Hub all about?
The Health Data Hub is a public entity responsible for simplifying and standardizing access to health data, while ensuring its control and security. It was created on the recommendation of the ...
18 October 2022
The cybersecurity ecosystem fights for European digital sovereignty
Is sovereignty a mission impossible or the Holy Grail of digital technology? Not so much, says Hexatrust, a group of innovative cloud and cybersecurity companies, who presented its “manifesto ...
Digital transition
09 January 2023
Canada’s health records are woefully insecure
Report slams the authority responsible for managing British Columbia’s health data sharing platform
13 December 2022
Is Africa the next cyber El Dorado?
Countries that are evolving and becoming aware of cyber issues, an Internet market that is soaring, but also geopolitical issues and major gaps to fill: Africa is a cyber market that is both ...
09 December 2022
Cybersecurity, a new challenge for the construction industry
The use of digital tools, from design offices to maintenance teams, means that smart buildings are exposed to cyber risks. What are these new types of threats? What are the solutions offered by ...
06 December 2022
Ethics and compliance for the younger generation
Regulatory compliance projects and the application of major ethical principles are both highly challenging issues for companies. Attracting the younger generation and mastering all the algorithms ...
22 November 2022
Predictive analytics in cybersecurity: myth or reality?
Companies are finally using a technology that predicts data breaches before they happen — predictive analytics. Like a radar, telling you when an enemy is approaching, predictive analytics is used ...
06 November 2022
Bringing trust back to the heart of Artificial Intelligence
For several years now, the companies within the Alliance for Digital Confidence (ACN) have been calling for a French and European vision of Digital Confidence that serves fundamental values and that ...