Olivier de Mazières is the Prefect and Ministerial Delegate for Partnerships, Strategies and Security Industries (DPSIS). Created in September 2020, the DPSIS coordinates the various French public security entities to develop cooperation, especially in terms of cybersecurity, between national agencies such as ANSSI and the private sector. Prefect Olivier de Mazières presents the extent of cyber threats facing France and the State’s response to their acceleration.
On the business side, the most common risk is ransomware. For individuals, it is phishing for bank data and hacking payment methods. But the worst threats are the hybrid “cyber” - “physical” attacks.
Prefect Olivier de Mazières
Prefect and Ministerial Delegate for Partnerships, Strategies and Security Industries (DPSIS)
Cyberattacks are on the rise in France and Europe, with crime more coordinated and sophisticated. How do you analyze the different types of cyber threats?
Olivier de Mazières: Cyber is a subset of the digital sector. When a hacker takes over a digital service, launches a denial-of-service attack, or compromises a database, this is cyber. I see four main categories of threats. Attacks that target the public (phishing for example), attacks of an economic nature (such as ransomware), State-to-State attacks (with geopolitical motivations which lie within the scope of services such as the DGSI)
and a new category that has emerged in recent years: manipulation of information and fake news. In practice, we must consider the increasingly hybrid nature of cyber threats. Today, attacks often fall into several categories: an economically motivated attack carried out with the help of State resources, for example.
Is there a certain type of cybercriminal?
O.de.M: There are several types. State organizations that seek to destabilize another country, cybercriminals who are seeking financial gain, “hacktivists” who are defending an ideology through more or less violent actions
and challengers who are seeking performance and satisfaction. All are becoming more sophisticated and coordinated in their actions.
What cyber threats do you fear the most?
O.de.M: On the business side, the most common risk is ransomware. For individuals, it is phishing for bank data and hacking payment methods. But the worst threats are the hybrid “cyber” - “physical” attacks. These begin in cyberspace, but they have serious consequences in the physical world: shutting down a hospital or paralyzing a water or electricity distribution network for example.
Let’s take the transport network. We’re looking at automated systems in cars, planes, and trains. When cybercriminals hack these daily activities, the consequences are potentially massive. So, we must build security and resilience into these systems right from their design. Attackers are extremely opportunistic, and they target a system’s weakest point.
During the pandemic, attacks on hospitals increase. Are these key opportunities for cybercriminals?
O.de.M: Indeed, hospital IT systems were particularly vulnerable and targeted during the pandemic for cyberattacks. Certain circumstances increase exposure, whether it’s a democratic election or a major international event like the Olympic Games.
In 2024, the Paris Olympics will be a chance for cybercriminals around the world to hack security systems and interrupt the broadcast of events, stop competitions, or disrupt on-site security. Today, the war in Ukraine is also a vector for accelerating cyber risks.
How can you protect against rapidly changing threats?
O.de.M: The focus must be on the situations where there’s the most exposure. Threats are agile and mutate quickly, so security systems cannot lag behind those of cybercriminals. Today, caution alone is no longer enough. It is essential to leverage the appropriate means at all levels so that there is no divide between the well protected and the more exposed.
That’s why we work in coordination with players such as Orange Cyberdefense and the entire cyber ecosystem. The challenge is not to rest on your achievements – you have to constantly initiate new responses as cybersecurity must remain a constant process.
How is the State organized to protect against cybercriminals?
O.de.M: The State aims to provide an end-to-end response. First, there are operators of vital importance and operators of essential services. These are monitored closely by ANSSI and the DGSI because they are fundamental for the smooth running of the country. But today, cyber risks don’t only affect major national companies. At the other end of the spectrum, the public interest group Action contre la Cybermalveillance (ACYMA) raises awareness and offers training courses and support to a wide audience.
It has introduced the ExpertCyber certification to identify legitimate partners that can help cyber victims. Between these two ends of the scale, there are medium-sized organizations (local authorities, public sector establishments, hospitals, companies etc.) who don’t always have the resources to defend themselves on their own. It takes a major coordination effort to protect them, particularly at the local level through intermediaries such as Prefects and internal security forces.
At the EU level, what initiatives are in place to deal with cyber threats?
O.de.M: European democracies are targets when they embody a certain socio-economic model, and several initiatives are in place to adapt our responses on a European scale. With the Digital Services Act (DSA) for example, the EU obliges digital service providers to act on the request of a State regardless of the country where the data is hosted. It also has rules for reporting any non-compliant content and creates points of contact to facilitate the work of security forces so that response can be faster and more direct. The EU also specifies that cyber protection respects individual freedoms. Unlike other states, the EU ensures transparency in the cybersecurity method that is being employed, and ensures citizens know what data is held about them and how they can access it.
This respect for individual freedoms is supported by the European Data Protection Board (CEPD), the European equivalent of CNIL. On a practical level, ANSSI also carried out an exercise in January 2022 in cooperation with its European counterparts from the Cyber Crisis Management Cooperation Network (CyCLONe). This life-size simulation aimed to test the response capabilities of Member States during an international cyber crisis. The feedback from this exercise will help tighten systems and advance a range of cybersecurity topics. This is one of the objectives that France will pursue during its presidency of the European Union.