Faced with constantly growing cyber threats, cooperation between players in the cyber ecosystem (whether state administrations, public authorities, large companies or start-ups) is more essential than ever to strengthen our economic sovereignty within Europe. Chair of the Syntec Federation and Deputy CEO of Sopra Steria, Laurent Giovachini, gives an overview of public-private cooperation in cyberdefense.
In your opinion, what role should cybersecurity play in today’s economy?
Laurent Giovachini: It’s a matter of survival because cybersecurity allows you to control your data and your digital destiny. To make decisions and act freely, private and public companies must be independent, including in the digital sector. That’s why cybersecurity is an essential foundation for economic and digital sovereignty, and the only way we’ll create a European answer to the GAFAM and BATX, provided we choose sectors (industry of the future, Business to Government, etc.) where there are still new opportunities.
In just a few years, cybersecurity has completely changed its image. It was previously synonymous with a constraint that had to be complied with. But because it responds to the challenges of protecting personal data and defending against cyberattacks, it is now seen as holding strategic value. From now on, the intrinsic quality of a software or a digital service is nothing without the confidence brought by cybersecurity. The current crisis has further reinforced the importance of this notion of trust
Jean-Luc Gibernon
Head of Cybersecurity at Sopra Steria, Cyber Campus Administrator, and VP of the Cyber Excellence Center
What is the status of European cybersecurity sovereignty?
L.G.: Companies operating in the knowledge industry need a European market; however, this sector is still siloed so we must break down the barriers. Certifications for assessments, audits and software sales are still national, with different standards from one country to another. There are sometimes very good reasons, but these regulations are holding back business developments across the entire European market. Our competitors in the United States and China can access much larger markets. Their products are going global faster – 80% of our protection tools are of non-European origin. If we can remove these barriers, world-class European leaders can emerge faster.
Why such a delay in European cyber governance?
L.G.: In cyber, there are many issues around intelligence, cryptology, and defense. Culturally, international cooperation is not always easy, whether the full 27 member states or even on a smaller scale. For cloud or other digital sectors, there are several EU-wide “Important Projects of Common European Interest” (IPCEIs). But in cyber, initiatives are mainly national. We haven’t yet achieved an Airbus of cybersecurity.
How can European sovereignty and French sovereignty coexist?
L.G.: The two levels of sovereignty complement each other. The European Union is the right level to structure the market or create common standards. But for industrial cyber projects, we’ll probably only achieve cooperation between three or four countries. “National” and “European” aren’t mutually exclusive, but rather a question of variables, depending on the interests and maturity of the countries, such as what you see with the GAIA-X European cloud initiative.
What is the role of the Cyber Campus, which opened in La Défense on 15 February, in this cooperation strategy?
L.G.: The Cyber Campus will serve as a showcase for the French ecosystem. Nearly 120 companies are full members and part of the governance. The Tour Eria located in the heart of La Défense allows all players to exhibit their ideas, products, and projects. It is unique in the way it also hosts the companies benefiting from cybersecurity solutions: around thirty OVIs (operators of vital importance) and OESs (operators of essential services) are also on site collaborating with cyber partners. It’s a bit like the banking-insurance sector, which set up a working group to define requirements and case studies for service providers to work with. Another very important aspect of the Cyber Campus is information sharing on evolving threats. The French government, public authorities such as ANSSI, large companies, start-ups, academic researchers, and users are all gathered in one place to cooperate. Eventually, the Cyber Campus will be able to accommodate more than 1,200 people.
What tools facilitate cooperation between companies or with government services?
L.G.: At Medef, for example, we have developed a network of correspondents across French regions in collaboration with ANSSI and the General Directorate for Enterprise in Bercy to raise companies’ awareness of cyberattacks. At Numeum, the cyber commission also acts on the public interest. With video formats adapted to young audiences, we communicate about using social networks, choosing passwords, and watching out for fake news and misinformation.
The Syntec Federation and the Numeum union
The Syntec Federation is a trade association based in France that brings together 80,000 companies and one million employees working in engineering, consulting, professional training, and digital technology, with this latter sector represented by Numeum. The organization supports the interests of major French groups (or foreign groups established in France), medium-sized companies, and start-ups covering all digital sectors. It works with all cyber players and hosts a dedicated commission.
The Numeum cybersecurity commission
This is where companies in the sector meet to carry out projects of common interest, and where members come to understand the cyber ecosystem, which is complex at both a French and European level. There are also opportunities for collaboration with other companies, for example to apply for joint European and consortium projects.