Skip to main content
SpringerLink
Log in

The Determinants of a National Cyber-Strategy

  • Chapter
  • First Online:
Cybersecurity in France

Part of the book series: SpringerBriefs in Cybersecurity ((BRIEFSCYBER))

  • 983 Accesses

Abstract

This chapter introduces the overarching framework in which each nation is developing its own cyber-security policy, and the unique position adopted by France in this landscape.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 16.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

     Baumard (1994).

  2. 2.

    See: Baumard (2010).

  3. 3.

    Fallière et al. (2011).

  4. 4.

    Farwell and Rohozinski (2011), and Lindsay (2013).

  5. 5.

    Farwell and Rohozinski (2011), and Lindsay (2013).

  6. 6.

    Kushner (2013).

  7. 7.

    Julien Gracq, Le Rivage des Syrtes, Corti, 1951.

  8. 8.

    Talbot Jensen (2010).

  9. 9.

    Fleck (2012).

  10. 10.

    «Comment Le Drian crée une cyber-armée française», Challenges, 13/12/2016. http://www.challenges.fr/entreprise/defense/comment-le-drian-cree-une-cyber-armee-francaise_442784.

  11. 11.

    Talbot Jensen (2010)

  12. 12.

    Van Eeten al. (2011).

  13. 13.

    Kenneth (2010).

  14. 14.

    Kenneth (2010).

  15. 15.

    Fleck (2012).

  16. 16.

    Alperovitch (2016).

  17. 17.

    Sun et al. (2015).

  18. 18.

    The hashes were 05298a48e4ca6d9778b32259c8ae74527be33815; 176e92e7cfc0e57be83e-901c36ba17b255ba0b1b; 30e4decd68808cb607c2aba4aa69fb5fdb598c64.

  19. 19.

    D. Alperovitch, ibid.

  20. 20.

    Early US governmental attributions were specifically pointing the GRU, the intelligence wing of the Russian Army. Cf. Shaun Walker, “US Expulsions put spotlight on Russia’s GRU Intelligence Agency”, The Guardian, December 30, 2016. However, a definitive attribution concerning either GRU of FSB was never established.

  21. 21.

    “Grizzly Steppe: Russian Malicious Cyber Activity”, NCCIC – FBI Joint Analysis Report, N° JAR-16-20296, December 29, 2016 https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf.

  22. 22.

    NCCIC-FBI joint report analysis, op. cit., p. 2.

  23. 23.

    Franceschi-Bicchierai (2015).

  24. 24.

    D. Alperovitch, ibid.

  25. 25.

    Maunder (2016).

  26. 26.

    M. Maunder, op. cit.

  27. 27.

    “Creator of NSA’s Global Surveillance System Calls B.S. on Russian Hacking Report”, Washington Blog, December 30, 2016 http://www.washingtonsblog.com/2016/12/creator-nsas-global-surveillance-system-calls-b-s-russian-hacking-report.html.

  28. 28.

    Schmitt (2014).

  29. 29.

    Schmitt (2013).

  30. 30.

    M.N. Schmitt, op. cit, p. 277.

  31. 31.

    The renewed Doctrine of Information Security, enacted by Russian President Vladimir Putin on December 5, 2016, reinforced this perspective. In the renewed doctrine, information security is defined as follows: “the state of security of the person, society and the state from internal and external information threats, which provide realization of constitutional rights and freedoms of man and citizen, decent quality and standard of living citizens, sovereignty, territorial integrity and sustainable socio-economic development of the Russian Federation, and the defense State security”.

  32. 32.

    Bart and Pieters (2009).

  33. 33.

    This statement underlines the versatility of coding. A harmless set of instructions can carry a high degree of malevolence if place in another context, or another level of privilege. There are, of course, instructions that are per se harmful.

  34. 34.

    For instance, Edward Snowden claimed that he did not steal any credentials, did not break any code, and did not temper any security protection when he gathered information from his employer. He used the access that was granted to him.

  35. 35.

    Even if taking into account the superior redundancy of open networks. For additional reading on cyber-resilience, see: Keys et al. (2016).

  36. 36.

    cf. USTR Special 301 Report on Protection of American Intellectual Property Rights Across the World, Office of the United States Trade Representative, April 2016 https://ustr.gov/sites/de-fault/files/USTR-2016-Special-301-Report.pdf.

  37. 37.

    Gilles Sengès, Xavier Niel : L’homme Free, édition Michel de Maule, 2012.

  38. 38.

    http://www.senat.fr/rap/r11-681/r11-68117.html.

  39. 39.

    «La multiplication des acteurs publics, dont les missions se chevauchent et dont les textes fondateurs sont peu précis, donne une impression générale de confusion et d’éparpillement des moyens et des hommes. Dans cette nébuleuse, l’acteur public dédié, le SGDN et plus précisément la DCSSI, souffre d’un manque d’autorité et parfois de crédibilité auprès des publics concernés. Ces deux facteurs, l’éparpillement des moyens et le manque d’autorité du SGDN, nuisent à l’efficacité de l’Etat dans la définition et la mise en œuvre de la politique globale de sécurité des systèmes d'information» (extract of the Lasbordes Report, 2006).

  40. 40.

    Chairman of the Working Group: Jean-Marc Suchier. Members: Cédric Blancher (deceased), Airbus; Jean-Louis Bruguière; Yves Deswarte (deceased), LAAS-CNRS; Jean-Michel Duccoroy, Ministry of the Interior; David Hotte, BPCE; F. Bernard Huyghe, Univ. Paris IV; Sophie de Lastours, Historian, ARCSI; Hélène Martini, Ecole des commissaires de police; Stanislas de Maupeou, THALES; Ludovic Mé, Supélec; Jean-Pierre Pochon, Honorary Dir. of Nat. Pol.

  41. 41.

    CSFRS National Strategy Report, Paris: CNRS Editions, 2012.

  42. 42.

    National Agency for the Security of Information Systems.

  43. 43.

    http://cnnumerique.fr/missions/.

  44. 44.

    https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000023928752&-dateTexte=&categorieLien=id.

  45. 45.

    http://archives.entreprises.gouv.fr/2012/www.industrie.gouv.fr/tic/france-numerique2020/2011_plan_france_numerique2020.pdf.

  46. 46.

    Bockel Report, 2012.

  47. 47.

    Initial project of the Law on April 16, 2015: http://www.assemblee-nationale.fr/14/ta-pdf/2697-p.pdf.

  48. 48.

    https://www.nytimes.com/2015/04/01/opinion/the-french-surveillance-state.html?_r=0 In its article L. 821-7, magistrates, members of the parliament, lawyers and journalists are excluded from the scope of the Law.

  49. 49.

    https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000030931899-&fastPos=1&fastReqId=1051131699&categorieLien=id&oldAction=rechTexte.

  50. 50.

    https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000032921910&fastPos-=1&fastReqId=1562450731&categorieLien=id&oldAction=rechTexte.

  51. 51.

    Dans une mesure strictement nécessaire aux besoins de l'analyse technique et à l'exclusion de toute utilisation pour la surveillance des personnes concernées, les renseignements collectés qui contiennent des éléments de cyberattaque ou qui sont chiffrés, ainsi que les renseignements déchiffrés associés à ces derniers, peuvent être conservés au-delà des durées mentionnées au présent I”.

  52. 52.

    https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000031940885&-dateTexte=&categorieLien=id.

  53. 53.

    For a complete list: https://www.ssi.gouv.fr/administration/qualifications/prestataires-de-services-de-confiance-qualifies/prestataires-daudit-de-la-securite-des-systemes-dinformation-passi-qualifies/.

  54. 54.

    For more on “Club Theory”, see: Sandler and Tschirhart (1997).

  55. 55.

    National Digital Strategy Report, 2016, Publication of the French Government, Unclassified—Public, p. 17.

  56. 56.

    In particular, the M. Hattaway, C. Demchak, J. Kerben, J. McArdle and F. Spidalieri’s report, “France Cyber Readiness at a Glance”, September 2016, Potomac Institute for Policy Studies. The report suffered from a lack of access to reliable and high ranked sources. However, lowering external perceptions has always been at the core of French national strategic policies, which are grounded into a cultural benevolence towards ill-informed publications.

  57. 57.

    We accordingly positioned in our comparative study of national doctrines both editions of France national cybersecurity strategies from 2008 (initial Livre Blanc de la Défense) and 2016 (Stratégie digitale nationale). As we will later see, in next Sect. 4.1, the French national doctrine shifted from a very defensive and technocratic defensive doctrine, to a more societal, dynamic and offensive cyber-doctrine.

References

Download references

Author information

Authors and Affiliations

  1. Conservatoire National des Arts et Métiers, Paris, France

    Philippe Baumard

  2. School of Economic Warfare—ESLSCA, Paris, France

    Philippe Baumard

Authors
  1. Philippe Baumard
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Philippe Baumard .

Rights and permissions

Reprints and permissions

Copyright information

© 2017 The Author(s)

About this chapter

Cite this chapter

Baumard, P. (2017). The Determinants of a National Cyber-Strategy. In: Cybersecurity in France. SpringerBriefs in Cybersecurity. Springer, Cham. https://doi.org/10.1007/978-3-319-54308-6_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-54308-6_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-54306-2

  • Online ISBN: 978-3-319-54308-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation