The French model of cybersecurity and cyberdefense
The French cybersecurity and cyberdefense model was built on the basis of a few founding principles: the strict separation of defense and attack to gain transparency and trust, as well as the implementation of a collective response involving the various ministries, coordinated by a national authority: ANSSI.
On the first principle, the Cyber Defense Strategic Review, presented in February 2017, brings clarity to everyone’s missions and organizes the coordination of the different cyber defense chains: a military chain, represented by the Ministry of the Armed Forces and responsible for developing and managing France’s offensive capabilities; an intelligence chain; a judicial chain ranging from the investigation services of the Ministry of the Interior to the procedures followed by the Ministry of Justice; and finally a protection chain, led by the ANSSI. Since its creation in 2009, ANSSI has contributed to the emergence of a virtuous ecosystem capable of preventing, detecting and, if necessary, reacting to the constant growth and sophistication of computer attacks. Beyond these traditional players, digital security issues are of broader concern to all ministries, which must participate in the development of a collective response to the threat. This is the second principle on which the French model is based.
The French model continues to prove itself and has nothing to envy of the organizations chosen by our close and distant neighbors, some of whom have chosen, for example, not to separate attack and defence (i.e the United Kingdom).
At the heart of this model, ANSSI promotes the emergence of a framework of trust through regulation, the evaluation of security solutions, the prescription of best practices for various levels of expertise, support for the development of state-of-the-art solutions, and support for cybersecurity manufacturers. All these actions aim to remind us that the State cannot act alone. Everyone has a role to play in protecting themselves. In order to support the most sensitive players in their security efforts, France has also opted for regulations to ensure the implementation of a base of trust.