Cyber security Seminar-National Defence College, 09 May, 2016
Cyber security Seminar-National Defence College, 09 May, 2016
Speech of HE the Ambassador of France
Cybersecurity is such a big issue because our world is going all interconnected. Our global population is now 7,7 Bn people. Half of them, 3,7 Bn people, use internet. Out of them, 2,2 Bn use social networks, and out of these 2,2 Bn, more than 1,9 Bn are internet active on their smartphones.
Facebook, the most popular network, has 1,55 Bn users’ and this figure is increasing.
Any invention is subject to the best and the worse uses one can do of it.
Our new dematerialized world has become a threat for the security of our institutions and people at all levels.
One characteristic of this new world is that it has no border. And even if you want to pose borders, you can’t because you will menace your sustainability.
Just an example from what we have observed locally, when the Government tried to shut down internet and the social networks. Cutting internet means breaking down the economy. Regarding social networks, it’s just a matter of VPN to bypass the cut.
It took some time for the world to understand this evolution, develop awareness and to elaborate responses to face this new threat.
But the problem is that :
First, awareness remains low,
Second, responses to protect our privacy, finance and knowledge are not enough.
In fact, we now have to deal with a new generation of transnational criminals.
Security breaches or vulnerabilities are all exploited by cyber criminals.
The problem is that we are not all experts ; we all consider that problems mainly occur to others and that we will escape the threat. We are convinced that our lucky star will protect us.
But as we are all part of the system, I mean individuals and collective entities, be they public institutions or private companies, we are all exposed to the threat.
This is what happened everyday :
Panama Papers happened because the Mossack Fonseca seems to have forgotten to activate a security protocol to secure its mails. As a consequence, the server was hacked and hackers managed to steal some 2,6 Terra of database, among them 4,8 M of mail and 2,2 M of pdf files.
Bangladesh bank was victim of such an attack and what we understand from a previous speaker and what we can read is that the bank had no firewall ; that basic commutators were used to interconnect with the SWIFT systems ; and that it became easy for the hackers to install a malware inside the bank computer systems.
We all have examples. As for myself, I remember that last year my husband called me to ask me : have you bought a house in the United Kingdom ? Our account was empty because some people managed to persuade our bank that we were talking with them and wanted urgently to transfer money in order to buy a house in UK. We got our money back, but for some hours, we felt very bad.
Considering these few examples we can observe that they happened to be possible because of human negligence :
Someone in Mossack Fonseca forgot to activate a security protocol ;
As for Bangladesh Bank, it seems to be more complicated but what is sure is that the criminal operation was stopped because one of the hackers made a mistake in the word foundation, which drew the attention of the operators ;
As for my case, the banking agent was a new one, she didn’t respond to my mails when I emailed her that I would like to inform her about us, and therefore, she created the conditions for being unable to recognize that who was talking to her was neither I nor my husband.
But cyber threat has to be taken very seriously, all the more as cyber criminals are not in direct contact with their victims. We can suppose that it is easier to kill when you don’t see your victims.
Science fiction films show situation when a defence system is handed over by pirates and these pirates provoke a global war. This threat has to be considered as a reality, because we all know that human vulnerability is also a reality. Cyber security is very close to cyber defense.
We must remember what happened to Estonia in 2006. Estonia is one of the most internet friendly countries in the world. Estonia faced a global breakdown in 2006, with a huge cyber-attack on all websites of the country, some of them facing more than 5 M connections attempt per second 9th of May, 2006.
Estonia faces a global collapse of its systems. Considering the geopolitical situation at that time, some experts concluded that it was an attack from Russia as Estonia wanted to join the European Union.
We can also refer, as it is public information, to the attack the Iranian authorities faced some years ago, which led to the destruction of a thousand of their enriched uranium extractors by a virus called STUTNEXT. According to an article in the New York Times 5th of June, “Confront and Conceal, Obama’s Secret war, this attack was initiated by the United states.
Another example is the major attack targeting some Middle East countries in 2011-2012. The attack was the consequence of a malware called FLAME. FLAME’s mission was to steal the database and erase them. Nobody knows who was behind this attack.
The analysis of my country is that this issue is now addressed at an international level and is a priority of our global society, but the level of international cooperation is still too low.
At an international level we have three conceptions of the cyber issue :
So called liberal countries consider that internet is a free space and that its freedom must be preserved.
Other countries like Russia and China are in favour of huge restrictions being imposed to Internet space in order to increase defence and security of the information systems.
The third group is composed of countries like France, in favour of cyberspace governance and some regulatory rules, but which disapprove restrictions in the use of cyberspace.
Many institutions have started working on this issue : UN, International telecommunications Union, NATO, EU etc.
But clearly it will take time before our global world manage to issue a common approach to this issue, for three reasons :
Confidence is missing among the concerned actors.
It seems that we can’t consider that we have some allied countries or partners in the cyberspace, because the perceptions of what must be this space are too different.
And the states consider that their need to protect their sovereignty can’t open the door to cooperation regarding their strategy to protect themselves in the cyberspace.
Nevertheless, we will have no choice but to find out a way to cooperate on this issue as we need to address it together, because we are all under its threat, as it is even not a trans-border issue, but a no-border issue./.