The French government launched its national cyber security strategy in 2015, French National Digital Security Strategy (EN), aimed at establishing the means to protect its fundamental interests on the internet, to guard national information and defend critical infrastructure from cyber-attack. The government recognises that this will depend on having sufficient scientific, technical and industrial capabilities.
The strategy covers 13 of the 15 strategic goals in the ENISA self-assessment classification. These strategic goals are: national cyber contingency plans; cybersecurity exercises; baseline security requirements; incident reporting mechanisms; citizen awareness; training and educational programmes; incident response capability; cybercrime; international cooperation; R&D; critical information infrastructure protection; institutionalised form of cooperation between public agencies; Balance security with privacy.
The French Internet Resilience Observatory, established in 2011, aims at identifying and measuring relevant and representative indicators of resilience, and to making results public.
In February 2021, the French government unveiled plans to bolster France's defences, boosting police and judicial cooperation, earmarking around 500 million euros to help companies and public authorities improve their cyber defences and funding research and development. A new cybersecurity centre will open in Paris in late 2021. Owned by 60 entities operating in cybersecurity, it will host 1,500 researchers and people working for private companies or the government.
EDUCATION AND RESEARCH IN NATIONAL STRATEGY
|Education on Cybersecurity||
The measures for education fall under strategic objective 3: Raising awareness, initial training, continuing education.
|Research on Cybersecurity||
The measures for research and development fall under objective 4: The environment of digital technology businesses, industry policy, export and internationalisation.
The overarching goal is to develop an environment favourable to research and innovation and will make digital security a factor in competitiveness, including the promotion of digital products and services. Metrics include: ergonomics, trust and security adapted to uses and cyber-threats for citizens, businesses and public administrations.
|Higher Education Courses on Cybersecurity||
CapDigital brings together players in the digital economy and sustainable development to work collectively on visions, prototypes, technologies and services. With 1000+ members from 6 fields, the association supports innovation, acceleration, digital transformation and ecological transition, including services from its R&D team.
Aerospace Valley is a world-class cluster for the aerospace sector, serving its three strategic sectors of aeronautics, space and drones in the Occitanie-Pyrenees-Mediterranean and New Aquitaine regions. Ranked in the top three of global competitiveness clusters, it supports cooperative R&D projects as well as companies in the sector.
Minalogic is a competitive cluster for digital technologies in the Auvergne-Rhone-Alps region supporting growth, innovation and the formation of new partnerships.
SCS is a world-class cluster for digital security, microelectronics, IoT, big data and AI.
Systematic is connects its 800+ members from software, digital and industry, boosting digital projects through collaborative innovation, SME development, networking and business sourcing across energy, telecoms, healthcare, transport, information systems, factory of the future, digital city, and security.
|Latest Update & Disclaimer||
The information contained here is based on desk research carried out by CYBERWISER.eu, including the ENISA interactive maps on national strategies and educational courses.
CYBERSECURITY RESPONSE TEAMS: GDPR and NIS Directive: Compliance and Notification
|National Computer Security Information Response Team (CSIRT)/Computer Emergency Response Team (CERT)||
Notification obligations in the event of a cyber-attack/data breach
CERT-DEVOTEAM - Commercial CSIRT
Cert-IST - dedicated to the Industry, Services and Tertiary (IST). It was created in late 1998 by four partners:
CERT Bank of France - the internal CSIRT of the Bank of France;
|Guidance and Updates||
ANSSI regularly reports best practices and recommendations to different stakeholders.
In 2013 the guide 40 essential measures for a healthy network was released. It sets out 40 essential IT measures to safeguard the security of information system and explains how to implement them.
In 2014 ANSSI released a document called Managing Cyber Security for Industrial Control System which aimed at elaborating concrete and practical proposals to improve the cybersecurity of critical infrastructures.
As a result two document were produced:
- Classification Method and Key Measures describes a classification method for industrial control systems and the key measures to improve their cyber security. This document contains the cyber security classes for Industrial Control Systems, Control measures and a number of classification methods.
- Detailed Measures contains a detailed list of vulnerabilities, and describes Organisational and technical security measures, mapping and event logs.
|Latest Update & Disclaimer||
The information contained here is the result of desk research carried out by CYBERWISER.eu.