Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

The industry perspective by a CEO (& a Reserve Officer):

advertisement 
1
EMPLOYER SUPPORT SYMPOSIUM, BRNO – 01 AUGUST 2013
EMPLOYER SUPPORT FOR MILITARY RESERVE
The Industry Perspective by a CEO (and a Reserve Officer)
Mr L.-F. Salvador, CEO Sogeti
Your Excellencies, General Officers, Officers,
Distinguished Guests,
Ladies and Gentlemen,
First I want to thank Richard to let me speak in front of you all. Thank you Commander.
How enthusiastic am I to see men and women dedicated to support and reinforcing their
armed forces.
It is also an honor to take the stage in front of you, under the CIOR French Presidency, as a
French industrialist.
More precisely I am the Executive Sponsor for the French Ministry of Defense at
Capgemini.
Sogeti is a wholly owned subsidiary of Capgemini focusing for many years in cyber-security
for companies and administration.
Just like Capgemini or Sogeti, other companies have a strong partnership with armed
forces focusing on technological improvement and innovations. Defense has always been a
pioneer of innovation. Defense still shows the way to a constant search for technological
improvement and availability.
In 1960s, the use of gallium arsenide for the microelectronics in Defense industry allowed
the development of mobile phones in 1980s. The electronic warfare in 1970s was the
starting point of the rise of Internet in 1990s. Photovoltaic technology used in satellites in
1970s gave birth to sustainable energies in 1990s.
1
2
All those innovations came from the military sector, in a process known as long time cycle
innovation alongside great benefits for the civilian world when those technologies are
empowered by the industry. Military demands ask for cutting-edge technologies and
addresses a panel of specific needs such as:
-
Operational pressure (heat, radiations, vibrations…)
-
Search for strategic superiority
-
Heavy costs investment
DEFENSE
CIVILIAN INDUSTRY
Advanced technologies
Well-tried technologies
Breaking technologies
Progressive technologies
Deadly malfunction
Embarrassing malfunction
Unpredictable using conditions
Predictable using conditions
Short production series
Long production series
Reliability concern
Price concern
Source : EADS
One feed the other in a cyclic process. They are complementary forces that drive the
economy in the long run. The benefits often make the appointment. But there is one issue
where those benefits could become deadly if we are not careful enough: cyber.
WHY CYBERDEFENSE?
Our modern world is interconnected more than ever. Sending an email, making a bank
transfer, ordering online or booking your flight directly on your mobile has never been as easy
and fast as today.
About 50 billion devices will be connected to the Internet in 2020, most of them barely
protected, which implies as much potential backdoors for hackers to intrude in our
machineries, our companies, our administrations, our homes and personal lives.
IT and technology are at the heart of our civilizations and organizations.
- The increase of networking and connections enable our organizations to become more
efficient, more productive and better informed.
2
3
- Data and Information Access are key assets for every individual, every company and
every state. Thus, IT and technology have become vital for decision making.
- This allows processes optimization and industrialization such as railway tracks
switching operability, air traffic control, gas and electricity distribution or chlorine
water supply.
However the ever-increasing use of technology goes with the lack of understanding the
consequential stakes, especially amongst the young generations. “We don’t care how it
works, as long as it works”.
We become an easy target and vulnerable. All our strong points turn out to be our
weaknesses.
Initially hacking was considered as a game, a playful hobby for a small group of people.
Then it became a political or ideological tool such as the Anonymous, impacting the public
opinion and manipulating the crowds – as we saw it during the Arab Springs. But as powerful
as they are, they are still in a non-detrimental mindset. Of course we can argue that they are
“haktivists” organizing civil disobedience protestation more than direct or radical actions. But
when it comes about publishing confidential information, they could create some serious
damage jeopardizing human lives (cf. US diplomatic cables leaks published on Wikileaks that
put in danger US governmental agents, known as Cablegate in 2010-11). What is more
disturbing is the criminal use of networks and technologies which happen a million of times
every day. Cyber-espionage is also becoming usual, especially for economical intelligence.
Yet non-existing about cyber terrorism is only a matter of time before it happens.
The borders between all of these actions are fuzzy mostly due to the topology of
cyberspace. Despite the regulation that rules the Internet, a grey area still remains where well
organized people can operate with impunity. Hackers and cyber-spies understood it well. The
cyberspace provides the perfect cover making them very hard to detect. The complexity of
cyber attacks makes them even more confusing. No flags. No uniforms. Your friends dress
like your enemies and your enemies dress like your friends.
So what make cyber attacks so difficult to prevent?
- First of all, there is no smoking gun or warnings. Indeed hackers benefit from the
surprise effect amplifying the fears of the unknown.
3
4
- There is also a time uncertainty especially in espionage operations. A Trojan or a
worm could remain dormant in an IT system for months before being detected and
measuring the amount of information stolen from your system. Each night, thousand
gigabits of technological and strategic data are stolen from thousand of computers of
our Western companies.
- Moreover it is discreet, as the nuclear weapon secrets at its time, the knowledge of
building a cyber weapon still remains in hands of few individuals. For most people,
the lack of understanding in their devices is sadly another key for successful attack.
Yet a cyber attack can cause significant damages at a very large scale, for long
period of time and at low costs. Nowadays it is easier and cheaper to order online a
cyber attack targeted to an individual than buying a gun. Under cost cutting plans and
Defense budget reduction pressures, cyber warfare become an economically
interesting and credible option for any harmful-minded organizations.
- Finally, most of the time a cyber attack is not claimed. Identifying the author remains
highly complex and depends on few characteristics like concordant items of evidence,
the language used, the names of commands and so forth.
I presume that you all have in mind the Stuxnet Incident of June 2010 at nuclear power
plants of Natanz, Iran or even cyber attacks of late 2011 and 2012 such as DuQu, Gauss,
Flame and Shamoon in Middle East.
Cyber warfare is not a fiction, no more than a passing fancy for the private sector. It is a
reality that strikes already throughout the world. A race for innovation is looming. It takes
more than traditional resources to imagine primary response-organizations, to anticipate
and deal with potential crisis and shape a global strategy. In a nutshell, we need parries
for a multiform, scalable and unpredictable threat. A certain number of countries and
organizations are taking this issue quite seriously:
- Such as the NATO initiative Tallinn based of Cooperative Cyber Defense Centre
of Excellence established in the wake of 2007 the attacks on Estonia and the Bronze
Night events. It is a research center, mostly in legal field but no operational oriented.
There are currently 11 countries1 involved within the centre and France joined them
in early July.
1
Estonia, Germany, Italy, Latvia, Lithuania, Poland, Slovakia, Spain, Hungary, USA, Netherlands.
4
5
- Besides France also developed its own national agency for information systems
security: ANSSI since July 2011.
- In 2012, UK set up a Cyber Reserve force to deal with security threats, running by
the Ministry of Defense.
- Even the German Federal Minister of the Interior put in force new organizational,
manpower and technical framework conditions for the development of the Bundesamt
für Sicherheit in der Informationstchnik (BSI) into the central IT security service
provider of the German government.
Other responses are combat oriented by purchasing cyber capacities. In 2010, the USA have
developed the US Cyber Command to centralized command of cyberspace operations,
organized existing cyber resources and synchronizes defense of US military networks.
These examples show the good will and the rise of a new cultural change in the usual
military mindset.
Of course armed forces show great concern about cyber defense because it is their role to
defend their country. But in front of such a threat, what can we do as civilians in our own
level of expertise?
THE FRENCH CYBER RESERVE
It has been 10 months now that I have answered the “call of duty” and I have the great
pleasure to coordinate the French Reserve for Cyber defense, alongside the General
Officer for Cyber defense.
For those of you who don’t know the French Cyber Reserve, we are a group of volunteers
appointed by the Chief of Staff to bring our humble experience to the French cyber defense
deployment.
Reservists are spread in different workshops, working closely with national authorities in
charge of the topic (MINDEF, ANSSI). Our first missions are to promote a spirit of cyber
defense and bring value to national thoughts. These actions are the natural contribution of the
civilian sphere to the military one, in the continuation of the 2008 White Paper and the
Senatorial Rapport of Jean-Marie Bockel.
The idea of a reserve dedicated to this issue comes from the joint cyber defense concept
published in 2011. It encourages the industrial and academic worlds to contribute to the work
of the ANSSI.
5
6
Under the authority of the Rear Admiral Coustillière, members of the Reserve work for the
national resiliency, they join personally and not on the name of their organization. They are
patriots. Workshops take place after or before their respective professional attributions.
They also sign an ethical chart and engage themselves completely to their task.
Each workshop is oriented by a representative, there are 8 of them:
1. The first workshop, which I represent, consists on a network of French key people
(authors, scientists, CEOs…) to relay the Cyber issue to the public opinion.
2. A second workshop is in charge of dealing with representatives and senators out of
the Defense Commission to target a larger scale. It also consists in maintaining a high
level of information towards specialized journalists.
3. A third workshop is interested in education and young professionals. It supposed to
draw a map of schools and jobs in the Cyber security field to deduce where we need to
improve on both sides of diplomas.
4. Another workshop is dedicated to list all studies and books about Cyber security to
avoid redoing what has been already done and to promote synergies, conferences and
events on the topic of Cyber defense.
5. Another workshop focuses on SMBs (small and medium size business). It is logical to
think how we could help SMBs to protect themselves because usually they can’t
afford the means of a larger group. Ergo they are the more vulnerable actors and
primary targets of our economical web. Some of them are highly strategic and we
cannot allow any “weakest link” in that matter.
6. It would be absurd to maintain such a structure like the Reserve without thinking about
what it will become. That is why this task fall in to one particular workshop: a future
operational use or mobilization in potential crisis times.
7. Two new workshops had been added to the Reserve on the legal issues of Cyber
security and to better alert great firms known as Critically Important Operators
such as banks, hospitals, ministries, energies and telecom operators.
Our goal is not to be another think-tank at national scale, but to humbly address questions
of the military authorities, to answer their doubts by giving them comprehensive tools and a
high level of expertise on special issues. Our major role toward the society is to alert the
general public to cyber defense.
6
7
To sum up, the Reserve is an organization at the crossroads of civilian and military
worlds. It is a force dedicated to alert and propose and contribute to reinforce the national
cyber posture. It is a new form of laboratory of patriotic active commitment to support
armed forces and State. This new synergy at the service of the Nation demonstrates the
stake behind what we are trying to do.
As CEO of Sogeti and reservist, I am proud to be a part of it. I can assure you that I have
never seen so much commitment and passion on the behalf of those men and women to work
together.
The urgency of a need to becoming closer with the military is crucial. Cyberspace is one of
those places where the threats are common to civilians and armed forces.
We face a double challenge: given the need to ensuring the defense of our own country
without weighing too much on budgets already stretched. We are facing uneven and
asymmetric enemies that grow stronger day by day.
Those foes are taking advantage of a system onto our entire social and economical model
is running. It is jeopardizing global trust between a firm and its clients, a State and its
citizens. The general public opinion is at risks and we are already at war in cyberspace.
Deploying a national strategy is the first step of this fight. It implies a global mobilization
of an entire chain of actors (civilian and military), and constant diligence, not to suppress
all threats, but to be one step ahead and contain them.
Holding our ground is not sufficient. The complexity of the cyber defense issue calls for a
certain clear-headedness and implies significant efforts in the long run.
Even if both military and civilians are using same spaces, sharing same technologies and
stakes, they are not building on the same values. We often see the private sector as a short
gain system. That is just wrong. I can tell that there are some people in it who are patriots
and yearn to take part in the Defense of their country. These men and women are an
imperious need in support of the armed forces.
We have to recognize that even when it comes to serious and sovereign topics such as
Defense, synergies are welcome. By sharing experience, expertise, ideas and visions for the
future we could keep up this partnership going for the next generations.
7
8
Values and civic-mindedness are still a currency to trust in our world and if we do not
take the best of it, we may create a non-reversible gap between military and civilian worlds.
If you have in mind the field of dual-use technologies we have found a perfect common
ground to walk hand in hand.
I believe every one of us could put a shoulder to the wheel. Starting at national scale is
already a step forward, to build a European strategy would be even better. A European
cooperation between patriotic European industries could be a good start and a prelude for
more mutual assistant between countries. By reporting attacks and sharing knowledge, we
could reinforce our cyber defense at regional level.
Hence, it would be silly not to take advantage of the link between industry and military in
every aspects of our technological improvement, especially in cyber defense. In France, the
main IS security operators, including Sogeti, are taking part in the Council of Trusted and
Security Industries alongside national authorities.
National reserves could be outstanding structures as well in this matter. Given the
commitment of their members and their capacity to generate new ideas, it is a highly
appropriate way to promote the Cyber defense issue. Thus we could march against those
growing cyber threats with confidence.
CONCLUSION
Partnerships between industry and military always proved their efficiency when it comes to
global threat. What I wish for is a mutual trust between the armed forces and civilians
whether they come from industry, university or engineering as long as they are seeking to
serve a common goal. We are here, in the field of dual-use technology that can be used for
both peaceful and military aims. In other words, expensive technologies which would
otherwise only serve military purposes can also be used to benefit civilian commercial
interests. These technologies already exist in nuclear, ballistics, chemistry and biology; cyber
could be the next step forward. We can make Internet a more secure place for everybody
and to do so we must push our way through R&D and innovation in a partnership both
military and civilian.
8
Related documents
apdf nov 4 - 0910 sakada
apdf nov 4 - 0910 sakada
solving national security challenges with information technology by
solving national security challenges with information technology by
Need for New Approaches to Security PowerPoint
Need for New Approaches to Security PowerPoint
Internet SafetyK5
Internet SafetyK5
Cyber-Security Awareness PowerPoint
Cyber-Security Awareness PowerPoint
“Current Cyber Security Landscape” Dr. Josh Pauli Presentation
“Current Cyber Security Landscape” Dr. Josh Pauli Presentation
Download
advertisement