Close
  • Français
  • English

2016/02/17Sustainable Security Applied to Cybersecurity [by Charles d’Aumale, founder of Trust & Tech]

The 22 January 2016 edition of Society magazine highlighted French Finance Minister Michel Sapin’s irritation with the proliferation of pre-paid bank cards. Indeed, such a card can be obtained anonymously and loaded with up to 2,500 euros in cash. The 13 November 2015 terrorists understood the value of this and took advantage of it. As a result, some discussions have taken place at the European level to address this subject. But what about the companies that offer such products? Do they have a societal dimension in their product definition?

If the subject focused on issues in sustainable development, then a societal dimension would have been natural for or even expected of these companies. This is quite understandable, as sustainable development is at the crossroads of the environment, social affairs and economic development. This notion can absolutely be applied to security issues. Hence this concept of sustainable security, at the crossroads of security, social affairs and economic development.

Security, social affairs and economics

The notion of security is extremely broad. It is moreover the core business of many French private and public institutions, the main ones being the Ministry of the Interior and the Ministry of Defence. This security concerns people, infrastructure, buildings, information, intellectual property and so on. Much like the environment, it is not confined to our borders. Security responses, whether they confront terrorist threats, cyber attacks or health threats, combine human resources, technical resources, procedures, actions and mindset.

The link to society becomes particularly important when it comes to this issue of mindset. Japanese youth learn from a very young age to get under a table during an earthquake. Israeli youth perform compulsory co-educational military service. French youth have fire drills and CRBN drills, and they learn basic first aid. For their part, companies now have sustainable development managers. All listed companies have a section on the subject in their annual reports. Regarding security, many have a security manager, a CISO and a workplace health and safety committee. Depending on the industry, they put forth their workplace safety efforts, present a summary of their risk analysis and take out insurance for specific threats.

Application to cybersecurity

There are sustainable development funds and Sharia funds. Why not sustainable security or sustainable cybersecurity funds? In November 2015, the credit rating agency Moody’s announced that companies’ cybersecurity standards were starting to be examined by credit analysts. This is a very interesting move that may lead to objective and systematic standards. At the same time, the cyber insurance market is developing. This is a vast and complex subject. This means that financiers are becoming interested in the field, and this is most likely what will get governing bodies to take action.

On a technical level, France has greatly strengthened its systems and the industry is being organised. If the country now has a full cybersecurity offer, it should make use of this offer to achieve success along the lines of Sophos in the United Kingdom. If we are to do this, we must work on demand and the marketing mix. These are obviously business terms, but business is one of the pillars of sustainability.

However, there are still too many managers and individuals who either do not see cybersecurity as an issue or view it as a “technical” issue. This social aspect is fundamental to the sustainability of the process. There are already a few efforts in schools to raise children’s awareness of Internet risks, but these are not yet comprehensive or regular. Safe Harbor was quashed by the Court of Justice of the European Union in October 2015, but no change has been observed by users concerning the use of their personal data by North American social networks. Thousands of websites of local and regional governments and schools were hacked following the January 2015 attacks in France, and no national emergency action plan was rolled out to quickly provide them with recommendations and solutions. Public and private calls for tenders often involve questions on the participants’ sustainable development, but very few questions on commitments in cybersecurity.

Cybersecurity, a collective responsibility

To situate cybersecurity in a sustainable process, the social part must now be strengthened so that it becomes everyone’s responsibility. Hence the concept of sustainable security and the parallel with sustainable development.

We will have succeeded the day our children confront us about our weak passwords as some do when we forget to switch off the light or fail to sort our waste.