The dreaded “big night” of Vincent Strubel, the boss of the Anssi
“We must prepare for the big night, when entire sections of our society will be attacked simultaneously.”For his first intervention at the Information Systems Security Conference in Monaco, one of the flagship events in the sector, Vincent Strubel focused on the rise of computer threats. A dramatization of the classic issues of the bosses of the Anssi. She has the merit of being effective in this exercise of opening the Assizes, a speech that gives the best to the sector.
Triple challenge
Because for Vincent Strubel, who arrived at the helm of the cyber-firefighter of the state last January, the bar is still very high when it comes to cybersecurity. And to point out a triple challenge. First of all, it is a question of managing to pull up a multitude of actors who do not have the same means. Secondly, we must prepare for the worst – the big night mentioned – by setting up “escalation mechanisms”. It is a question of being able to respond collectively to a massive attack that would exceed the capabilities of the Anssi. Finally, thirdly, it is necessary to manage to do all this by avoiding having your nose in the handlebars and by keeping strong expertise.
The main instrument of the Anssi to face these threats is the future transposition of the European directive NIS-2. But its outlines, several months before the arrival of the bill in the spring, are still uncertain. There will thus be between ten times and thirty times more actors regulated by the Anssi, historically an administration dedicated to the cybersecurity of the information technology of the State. “The fact that we can’t give figures is an indication,” slips Vincent Strubel. “I made euphemism in living language 1,” he will say later.
Redundancy rather than the hole in the racket
An example of the joint mapping work to be carried out? Last winter, the cyber-firefighter of the state had set about identifying the sensitive actors of electricity and gas who were not yet in its perimeter. “We all do risk analyses as we breathe, but we may not be able to impose them on all structures,” notes the Director General of Anssi about the heterogeneity of the future scope covered.
“We must therefore evolve our service offer”, with simpler, automated tools, and networking, plural, adapted to the targeted structures. Vincent Strubel continues. Sometimes even if several structures do the same thing, one of the criticisms brought to the new regional incident response centers that have just been incubated by his agency. “I am convinced that they bring more opportunities than redundancy,” however, says Vincent Strubel. And to specify prefer redundancy to the hole in the racket. In other words: faced with the expected big evening, it is better not to run out of arms.