Cybersecurity is a collective struggle
As I write these lines, we are under cyberattack. This is the future that we now face: digital technology has brought with it empowerment and progress, but also risk.
We are increasingly vulnerable, and this in turn whets the appetite of pirates and hackers, who target the weak points in our economies and our democracies.
It is clear that this threat must be countered, but, as in the real world, the response is a complex one.
Our republican values are vital for upholding our democratic freedoms; in the same way, cyber-defence is a key priority, and it is pointless to approach it in isolation.
Cybersecurity: a national priority
To ensure the safety of our fellow citizens, both French and European, as well as that of companies, cybersecurity has become one of France’s strategic priorities, and it is my hope that we can remain at the forefront of the fight.
Thanks to the work of the National Information System Security Agency (ANSSI) France has tightened our security standards.
We alert citizens and companies to the cyberthreats they face, and provide a government website, cybermalveillance.gouv.fr, for victims to report cybercrimes.
Concurrently, we are structuring our cybersecurity network to help ensure a successful digital transition and foster trust.
The issue of national digital sovereignty also cannot be ignored. This is why France has decided to customise its use of cloud computing, and has created a hybrid cloud that features different levels of security depending on the importance and sensitivity of the data to be protected.
All of these forward-looking cyber-defence measures are in full complementary with the European ecosystem.
Cyberattacks do not stop at national borders, and neither should the regulations and resources needed to build a secure digital space.
To better protect themselves, the EU and its Member States must draw inspiration from and challenge each other.
Given the threat that the American CLOUD Act represents for our sovereignty, France supports a European initiative to negotiate an agreement between the EU and the US on cross-border access to electronic evidence, as well as the European Commission’s proposed E-evidence Regulation.
In a similar vein, the General Data Protection Regulation (GDPR) and the NIS Directive (Security of Network and Information Systems) have inspired and galvanised us to create a normative framework specifically designed to keep digital infrastructures and stakeholders secure.
Lastly, we support European efforts to build a secure cyberspace via the Cybersecurity Act, which will introduce a permanent mandate for the EU’s cybersecurity agency ENISA and a framework for European Cybersecurity Cer- tificates.
We also support the other provisions in the Commission’s 2017 roadmap, including the establishment of a European Cybersecurity Industrial, Technology and Research Competence Centre and a Network of National Coordination Centres.
The convergence of national and European structures is the foundation of a genuine network of trust, which is inspiring at global level.
But our public and institutional response is only the beginning.
Cybersecurity is a cultural issue
Although the power to punish cyber-criminals remains the purview of governments – France is in favour of banning hack-backs – private-sector stakeholders must proactively protect themselves against cybersecurity threats.
This is the reasoning behind the Paris Call for trust and security in cyberspace, backed by 64 governments, 328 companies and 129 civil society organisations.
Every day, I strive to foster dialogue and cooperation amongst governments, the private sector and civil society, because our security depends on a virtuous cycle of collaboration. Everyone, at every level, is concerned.
In the face of digital technology, we are, in the end, only human. No matter how sophisticated our technical structures and legislation are, the vast majority of breaches are the fault of human error.
We rely on every digital action, each new behaviour we must adopt, such as having a unique password for each service, or setting up two-factor identification, which is critical to warding off cyberattacks.
Cyber hygiene must be as universal as digital uses, and we must raise our level of cyber culture.
We have reached a turning-point. When we type on a keyboard or activate a touch screen, we all have an enormous responsibility to imagine an Internet in which we can collectively place our trust.
The resilience of our digital society will be measured by our digital skills.