Faced with cybersecurity challenges, governments, administrative authorities and large groups, but also SME, need to develop a security posture combining prevention, protection, detection and reaction. Traditional measures (audit, certification or implementation of security solutions) are no longer enough: not only has the threat evolved, but new obligations, in particular in the legal domain, as well as new uses, such as recurrent use of social networks by employees, have arisen.
Cybersecurity is inherently a cross-functional issue, at two levels. First between business sectors : an incident impacting a specific sector can have immediate repercussions on all other sectors owing to interdependency of many activities. And secondly within a company : the issue goes way beyond the teams in charge of designing and operating the information system and directly concerns the business units, where business continuity could be jeopardised. Organising joint training, for example in the form of regular crisis exercises, is also essential to raise awareness among the stakeholders concerned but also their capacity to react with consistency and coordination faced with a security incident. That is why the European Commission has committed itself to a programme involving regular exercises. At the national level, France is doing the same with the Piranet exercise. In keeping with the spirit of the 2008 and 2013 white papers on defence and national security, the State is therefore training to be able to confront a major crisis situation affecting information systems that are essential for the functioning of the nation. The objective is to validate management of failures in telecommunication networks and information systems, but also to assess the capacity of the State to take the necessary measures in a situation calling for a quick and strong response.
[box style=’download’] Download this policy paper, written by Hugo Lemarchand, Julien Lepot and Guillaume Tissier, CEIS
Download the french version.[/box]