Last updated on May 20th, 2019 at 01:38 pm
Accès à la version française
As we enter the “fourth industrial revolution”, the age of the digital transformation, a new emerging “AI-world”, and the “second quantum revolution”, national and international security must adapt. It must do so by anticipating this future world, avoiding surprises related to new – but also old – threats and dangers, while seizing the immense opportunities offered by what is no less than a change of paradigm (For the labels, respectively, Klaus Schwab, World Economic Forum, Helene Lavoix, The Future Artificial Intelligence – Powered World series, The Red (Team) Analysis Society, Jonathan P. Dowling, Gerard J. Milburn, “Quantum Technology: The Second Quantum Revolution”, 13 Jun 2002, arXiv:quant-ph/0206091v1).
The strategy related to cyber space and cyber security varies according to countries – and actors. It is handled in various ways by different types of agencies. After having briefly presented the main French, British and American state actors for cyber security, we shall focus on the French outlook and present the ANSSI, its goals and finally new outreach initiative, Agora 41.
France, the UK and the U.S. – a brief overview
In France, the Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI) – National Agency for Cyber Security, created on 7 July 2009, deals with the security of the cyber world. It is the national authority for all matters related to the defence and security of information systems and, as a result, leads the French National Strategy for Digital Security (2015). Nonetheless, other cyber dimensions remain under other types of state authorities, notably the ministry of Interior and the ministry of Defence, which plans a €1.6 billion budget for 2019-2025 for cyber security, while its cyber defence command, created in 2016, will see an increase in personal (Benjamin Hue, “La France va renforcer son arsenal contre la cybercriminalité“, RTL, 24 January 2018). A new national cyber strategy over five years with a clear overall budget is necessary and could be forthcoming (Ibid.).*
The ANSSI more or less corresponds to the more recent British National Cyber Security Center (NCSC), a part of the GCHQ, opened in October 2016 and officially launched on 14 February 2017, fully participating to the 2017 CyberUK strategy (launch of the NCSC, video and documents; Reuters, “Britain to spend 1.9 billion pounds on boosting cyber defenses“). The overall UK budget for cybersecurity across all ministries (but not including potential budget for cyber-retaliations and attacks) reaches £1.9 billion for 2017-2022 (“Chancellor’s speech at the National Cyber Security Centre opening“, 14 February 2017; Reuters, Ibid.).
Both the ANSSI and the NCSC are heir to the past cryptographic mission of states’ institutions. The ANSSI is the latest child of the Direction Technique des Chiffres (DTC) created in 1943 in Alger (ANSSI History). For its part, the NCSC, through the GCHQ, is indeed grounded in the most famous Bletchley Park, which, notably thanks to Turing, the team of codebreakers and the Bombes machine they created, defeated the German Enigma Machine and thus contributed to the Allies victory during World War 2 . Before that, its ancestry can be traced to the codebreaking efforts at the Admiralty and War Office during World War 1 (e.g. GCHQ, “The story of Signals Intelligence 1914-2014″).
Cybersecurity in the U.S. benefits from a $15 billion federal budget for FY 2019 dwarfing European efforts, but to share among all agencies with a cyber element, from the NASA to the Small Business Administration (John Slye, “The Fy 2019 Budget Increases Cybersecurity Funding By Nearly $600 Million“, Deltek, 28 February 2018).
Nonetheless, and despite the famous National Security Agency/Central Security Service (NSA/CSS), no new agency nor overarching centre handles the new cyber world and its security in the leading way developed in both France and the UK (David H. Petraeus, “The Case for a National Cybersecurity Agency“, Belfer Center, 5 September 2018). The Office of Cybersecurity and Communications of the National Protection and Program Directorate (NPPD) within the Department of Homeland Security (DHS) could be seen as an effort approaching the British and French approach. However, being an Office, it does not have the autonomy, weight and leadership that may be found in Europe. Furthermore, by its very location and by the number of other agencies involved, the OCC/NPPD is very likely to have to devote time, resources and energy to administrative skirmishes and quarrels.
That said, the American cybersecurity budget remains very large indeed. Meanwhile, the U.S. benefits of a “cyber ecosystem”, which is a formidable assets. This ecosystem is created by the Federal cyber budget and the benefiting agencies and offices, the GAFA – and other companies such as Intel, NVIDIA and IBM to quote only a few – the Silicon Valley, patriot and concerned billionaires and world-class universities, as shown by the $ 1 billion MIT initiative “to address the global opportunities and challenges presented by the prevalence of computing and the rise of artificial intelligence (AI),” including a $350 million gift by Stephen A. Schwarzman, CEO of Blackstone (MIT Review, “MIT reshapes itself to shape the future“).
If Eisenhower pointed out the importance of the military–industrial complex to understand American national security (Military-Industrial Complex Speech, Dwight D. Eisenhower, 1961), it could well be that we now must also count with a similar but larger and deeper cyber-IT-whole of government complex. The about to be born “Joint Enterprise Defense Infrastructure (JEDI) program for the Department of Defense could only reinforce this trend (Helene Lavoix, “Artificial Intelligence, Computing Power and Geopolitics (2)“, The Red (Team) Analysis Society, 25 June 2018; Shaun Nichols, “US JEDI military cloud network is so high-tech, bidders will have to submit their proposals by hand, on DVD“, The Register, 27 Sep 2018).
For its part, NATO is working upon getting a new cyber military command center, which should be ready for 2023 (Robin Emmott, “NATO cyber command to be fully operational in 2023“, Reuters, 16 October 2018).
A complete and more detailed outlook would notably need to include China, should we want to provide a better global picture.
The ANSSI, from Strategy to Anticipation and Outreach
As the leader of the French cybersecurity strategy, the ANSSI aims at achieving five main goals (website):
- Defence of the fundamental national interest in cyberspace.
- Promoting cyperspace usage and protect citizens, with a strong response against any type of cybercrime.
- Raising digital security awareness.
- Transforming digital security into a competitive advantage for French economic actors.
- Strengthening international influence [shaping norms, promoting cyber global stability, promoting European autonomy – my summary].
Furthermore, the ANSSI must have a strong strategic foresight and anticipatory activity across all timeframes to be able to provide for the security of the new emerging world, while also dealing with the very concrete threats and risks of the present. Indeed, for example, among many other impacts, quantum computing will completely unsettle the safe transmission of data, while cities and companies abundantly using artificial intelligence in its deep learning component will need to be secured. Quantum communication work, for example, at creating quantum networks, upon which could be built in the future a quantum internet (Edd Gent, “From Quantum Computing to a Quantum Internet—A Roadmap“, SingularityHub, 22 October 2018). Quantum computing, or more largely quantum technologies, and AI, both accelerating and disrupting each other, as we saw (“The Coming Quantum Computing Disruption, Artificial Intelligence and Geopolitics (1)”, 15 October 2018), will create completely new cyber challenges that need to be envisioned and for which states’ agencies, companies, and citizens must be prepared.
The videos below, notably when seen together, may help us imagine what the future and its security could look like (trailer of Person of Interest Season 4 by J.J. Abrahams; NVIDIA GTC China 2017 Keynote Recap, notably the part on smart cities).
Meanwhile, the adverse multi-dimensional impacts of climate change spread and intensify, the consequences on cybersecurity must also be considered.
As underlined by the Sénat,
“One of the axis selected in the strategy of the ANSSI for the 2016-2020 period, “knowledge and anticipation” has as aim to reinforce the capacity to undertake foresight efforts, to anticipate new threats and to favour the emergence of new technologies or new uses which could have an impact in terms of cyber security” (“Projet de loi de finances pour 2018 : Direction de l’action du Gouvernement : Coordination du travail gouvernemental“, 23 Novembre 2017)
In this framework, the ANSSI started an original outreach programme, the Agora 41, where 41 experts were selected and invited to participate in a new experiment at thinking out of the box and across disciplines to support the agency in its mission.
Five themes were selected to serve the achievement of the cyber strategy and its goals, while obeying to the strategic foresight necessity.
- Imagining the Cyber-World and its Security
- Enter the GAFA and the BATX: New rules for a new game on a new board?
- Winning the Talents’ War
- Enabling a Victorious Cyber-Ecosystem for Security
Each member of Agora 41 chose one core theme, while also having the possibility to interact on other issues. This system aims at allowing for more fruitful discussions and maximum feedbacks across questions.
Together these enabling efforts could help shape not only the future cybersecurity but also our very cyber future.
* It is near impossible from outside to precisely evaluate the ANSSI’s budget considering its “limited budgetary autonomy” within the Prime Minister’s Secrétariat général de la défense et de la sécurité nationale – SGDSN (“Projet de loi de finances pour 2018 : Direction de l’action du Gouvernement : Coordination du travail gouvernemental“, 23 Novembre 2017). As pointed out by the Sénat (Solutions Numériques, “ANSSI : un rapport sénatorial préconise d’élargir son autonomie de gestion budgétaire”, 19 April 2018), this partial autonomy may only contribute to obscure vital needs and hinder the ANSSI’s efficiency by denying vital resources, all the more so when its missions are and will be enlarged considering the foreseeable future. Meanwhile the risk of administrative quarrels and hassle is enhanced.
Disclaimer: The author is part of the Agora 41 effort, but remains independent in her thinking, a sine qua non condition for the success of the ANSSI’s outreach initiative. The views expressed in this report represent the views and interpretations of the author, unless otherwise stated. This article does not imply policy, program or regulatory endorsement by the ANSSI.
Featured Image: The Argonne-led “Multiscale Coupled Urban Systems” project aims to help city planners better examine complex systems, understand the relationships between them and predict how changes will affect them. The ultimate goal is to help officials identify the best solutions to benefit urban communities. (Image by Argonne National Laboratory.)