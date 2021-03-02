Eric Lambert President of the National Institute for Cybersecurity and Territorial Resilience

The National Institute for Cybersecurity and Territorial Resilience is an associative structure recognized in the general interest, which aims to concretely support communities in their cybersecurity strategy. Why are local communities central to digital security?

Eric Lambert They are at the head of central infrastructures for the life of citizens. Let us take the case of an average agglomeration. It manages the distribution of energy and water. Some also have port or airport infrastructures, bus or tram networks, they sometimes co-manage care structures… And then there is the data.

A municipality manages the civil status, all the information held by social structures, schools, in particular via canteens. It generates data related to the consumption of energy, water, video surveillance, economic and fiscal information on local businesses … The number of data used today on a daily basis by an urban area is phenomenal. These are all subjects on which communities are subject to cyber attacks. We are talking about cybercrime more than attacks organized by States.

Are communities aware of these security issues?

Eric Lambert Two weeks ago, a fortunately small attack allowed a hacker to take control of a Florida city’s water distribution network. It would have been enough for him to add a chemical or biological additive in it to contaminate thousands of inhabitants and create a real tragedy.

In addition to attacks on infrastructure, we have to deal with threats related to ransomware, data theft, disfigurement of websites, damage to reputation, the launching of false rumors… The panel is vast. Faced with these dangers, I know certain cities, but it is also the case of a certain railway transport company, which still work with operating systems dating from MS-DOS or Windows 98, according to the principle: as long as it works, we don’t change. But, of course, their system is vulnerable at all levels. Things will have to evolve in one way or another, in particular because it is the legal responsibility of elected officials that will be engaged.

Does the billion euro cybersecurity plan announced by the government provide local communities with sufficient financial support?

Eric Lambert It would be good to strengthen Anssi (National Agency for the Security of Information Systems), especially since it does an admirable job with barely 600 agents for 30,000 municipalities. The cybersecurity component of the recovery plan does contain new ad hoc financial resources. But without humans to exploit them in the territories, these means will not be of much use. My fear is that the money for this plan will end up in the pockets of consultants, who will propose studies, but very few concrete things will be put in place on the ground.

What do you recommend?

Eric Lambert It would be necessary to start from the ground, needs, resources. We favor the approach of the public service rendered to the territory, rather than a defined standardized policy of Paris which will not work. Hence the importance of developing shared digital infrastructures, such as “clouds”.

Let us take the example of Morbihan Énergies, which will offer local authorities to keep their data in a sovereign, local framework, and to protect them. The sharing, on a human scale, that of the department, seems relevant to us. This scale makes it possible to pool jobs, therefore to create a lasting activity in the territory, but also to develop shared software solutions and to rejuvenate, by making joint purchases, the IT stock which is sometimes completely obsolete.