France (FR)

The French government launched its national cyber security strategy in 2015, French National Digital Security Strategy (EN), aimed at establishing the means to protect its fundamental interests on the internet, to guard national information and defend critical infrastructure from cyber-attack. The government recognises that this will depend on having sufficient scientific, technical and industrial capabilities.

The strategy covers 13 of the 15 strategic goals in the ENISA self-assessment classification. These strategic goals are: national cyber contingency plans; cybersecurity exercises; baseline security requirements; incident reporting mechanisms; citizen awareness; training and educational programmes; incident response capability; cybercrime; international cooperation; R&D; critical information infrastructure protection; institutionalised form of cooperation between public agencies; Balance security with privacy.

The French Internet Resilience Observatory, established in 2011, aims at identifying and measuring relevant and representative indicators of resilience, and to making results public.

In February 2021, the French government unveiled plans to bolster France's defences, boosting police and judicial cooperation, earmarking around 500 million euros to help companies and public authorities improve their cyber defences and funding research and development. A new cybersecurity centre will open in Paris in late 2021. Owned by 60 entities operating in cybersecurity, it will host 1,500 researchers and people working for private companies or the government. 

 

EDUCATION AND RESEARCH IN NATIONAL STRATEGY

Education on Cybersecurity

The measures for education fall under strategic objective 3: Raising awareness, initial training, continuing education

  • Launching an ambitious programme aimed at raising awareness of all French people about cyber risks in the digital age. This entails launching a call for a show of interest in the creation of educational content for the general public. Operations led by the national police will make it possible to raise awareness of risks and give advice to 300, 000 6th year students to protect their Internet browsing. The visibiliy of the "Digital Education for All" will be further reinforced. Advertising campaigns will 
  • Raising children’s awareness of digital security and responsible cyberspace behaviours as of school age.
  • Integrating cybersecurity awareness into all higher and continuing education programmes as part of a joint effort between the Ministry of National Education, Higher Education and Research, with the assistance of the University Presidents’ Conference, the Grandes Ecoles Conference and competent authorities aimed at encouraging the establishment of cybersecurity awareness in all higher educatoin programmes from the 2016 academic year. 
  • Coordinating an awareness programme for professional categories on cybersecurity issues in relation to their societal responsibilities. Steps on the educational contents being developed should take place in close collaboration with the teaching community, in the framework of the CyberEdu project.
  • Adapting a part of the training and education offer to an international public, e.g. providing programmes in English in view of growing demand from partners. 
  • Defining short, medium and long-term initial training needs in collaboration with stakeholders from public administraton and the private sector. Professional trade unions will also be called upon to develop and implement continuing education programmes adapted to the needs of employees and businesses. 
Research on Cybersecurity

The measures for research and development fall under objective 4: The environment of digital technology businesses, industry policy, export and internationalisation

The overarching goal is to develop an environment favourable to research and innovation and will make digital security a factor in competitiveness, including the promotion of digital products and services. Metrics include: ergonomics, trust and security adapted to uses and cyber-threats for citizens, businesses and public administrations. 
Developing and accentuating the national and European offer of security products and services:

  • Developing the national fabric of businesses that develop cybersecurity products and services (set up in 2012).
  • Launching the New Industrial France Cybersecurity Plan (2013), issuing requests for proposals aimed at creating an offer for trustworthy equipment to detect cyber-attacks, essentially for operators of vital importance and secured mobile products for all businesses. 
  • Qualifying and monitoring cybersecurity products and services and supporting the development of new security products for changing usage patterns. Supporting also the enhancement and uptake of these offers through pubic contracting with the right levels of security. 
  • Disseminating the results of research and development funded for high-level security equipment to raise the level of security for businesses and citizens. 
  • Supporting and promoting French scientific, technological and industrial competences in cybersecurity while encouraging a bigger leadership role by the EU. 
Higher Education Courses on Cybersecurity
  • Université Grenoble Alpes – Master Degree in Cyber Security Year established: 2002. Student intake: 40. European Credit Transfer System (ECTS): 60. Focus: System security, network security, component security, SW security. Accredited by the French Ministry of Education. 
  • Télécom SudParis – Master Degree in Systems and Network Security (VAP SSR). Year established: 2004. Student intake: 24. European Credit Transfer System (ECTS): 60. Focus: Internship. System security, network security, component security, SW security. Accredited by ANSSI, the officially recognised agency responsible for implementing the national cybersecurity strategy, policy and roadmap in France. 

Public-Private Partnership

CapDigital brings together players in the digital economy and sustainable development to work collectively on visions, prototypes, technologies and services. With 1000+ members from 6 fields, the association supports innovation, acceleration, digital transformation and ecological transition, including services from its R&D team. 

In 2016, ANSSI was elected for 3 years at the Board of Directors of ECSO (European CyberSecurity Organisation), the European association created in June 2016 as part of the launch of the Public Private Partnership for European cybersecurity (cPPP). 12 areas of activities has been identified as Vital Importance Operators (OIV) by a national decree in 2006, including Space and Research, Health, Water management, Food, Energy, Electronic Communications, Transport, Finance, Industry, Institutional and Military activities.

IT/Cybersecurity Clusters

Aerospace Valley is a world-class cluster for the aerospace sector, serving its three strategic sectors of aeronautics, space and drones in the Occitanie-Pyrenees-Mediterranean and New Aquitaine regions. Ranked in the top three of global competitiveness clusters, it supports cooperative R&D projects as well as companies in the sector. 

Minalogic is a competitive cluster for digital technologies in the Auvergne-Rhone-Alps region supporting growth, innovation and the formation of new partnerships.

SCS is a world-class cluster for digital security, microelectronics, IoT, big data and AI. 

Systematic is connects its 800+ members from software, digital and industry, boosting digital projects through collaborative innovation, SME development, networking and business sourcing across energy, telecoms, healthcare, transport, information systems, factory of the future, digital city, and security. 

Latest Update & Disclaimer

January 2021. 

The information contained here is based on desk research carried out by CYBERWISER.eu, including the ENISA interactive maps on national strategies and educational courses. 

 

 

CYBERSECURITY RESPONSE TEAMS: GDPR and NIS Directive: Compliance and Notification

National Computer Security Information Response Team (CSIRT)/Computer Emergency Response Team (CERT)

Notification obligations in the event of a cyber-attack/data breach
NIS Directive (operators of essential services and digital service providers): actual, adverse and significant impact on the continuity of essential services. Actual, adverse and substantial impact on the provision of enumerated digital services.
GDPR (any organisation dealing with the data of EU citizens): accidental or unlawful destruction, loss, altercation, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

National contacts

CERT-FR (https://www.cert.ssi.gouv.fr/)  Officialy recognised national CIRT

CERT-DEVOTEAM -  Commercial CSIRT

Cert-IST - dedicated to the Industry, Services and Tertiary (IST). It was created in late 1998 by four partners:
Alcatel, CNES, ELF (Total) and France Telecom (Orange);


CERT-LEXSI - (Expertise Laboratory in Information Security) is a French Commercial CSIRT;


CERT-RENATER - dedicated to community members of RENATER (National Network for Telecommunications Technology, Education and Research);

  • Team Email: certsvp@renater.fr 
  • Telephone: + 33 1 53 94 20 44 
  • Fax: + 33 1 53 94 20 31


CERT-SocieteGenerale -  the Societe Generale Group, for its internal services and clients;


CERT-XMCO - French Commercial CSIRT;

  • Team Email: info@xmco.fr 
  • Telephone: +33 (0)1 47 34 68 61


CERT-SOLUCOM - a French Commercial CSIRT;

CERT Bank of France - the internal CSIRT of the Bank of France;


CERT Capgemini Sogeti - a French Commercial CSIRT;


CERT UBIK - a French Commercial CSIRT;


CERT Caisse des Dépôts (CERT-CDCFR) - the Caisse des Dépôts Group, for its internal services and clients;


OSIRIS CERT - the University of Strasbourg CSIRT.

Guidance and Updates

ANSSI regularly reports best practices and recommendations to different stakeholders.

In 2013 the guide 40 essential measures for a healthy network was released. It sets out 40 essential IT measures to safeguard the security of information system and explains how to implement them.

In 2014 ANSSI released a document called Managing Cyber Security for Industrial Control System which aimed at elaborating concrete and practical proposals to improve the cybersecurity of critical infrastructures.

As a result two document were produced:

- Classification Method and Key Measures describes a classification method for industrial control systems and the key measures to improve their cyber security. This document contains the cyber security classes for Industrial Control Systems, Control measures and a number of classification methods.

- Detailed Measures contains a detailed list of vulnerabilities, and describes Organisational and technical security measures, mapping and event logs.

Languages French, English
Latest Update & Disclaimer

January 2021.

The information contained here is the result of desk research carried out by CYBERWISER.eu.

 

Contact us for more info

 

France (FR) | CYBERWISER.eu

CYBERWISER.eu Cyber Range & Capacity Building in Cybersecurity

Error

The website encountered an unexpected error. Please try again later.