5
In an interview given to echoes, Guillaume Poupard looks back on his eight years at the head of Anssi. Despite growing threats, the future does not necessarily look bleak according to him, the current awareness at European level being a good omen.
© Getty — Monika Skolimowska
At the head of the National Information Systems Security Agency (Anssi), the French cybersecurity policeman, since 2014, Guillaume Poupard is preparing to leave his post. Faced with a cyber threat that has increased considerably since taking office, he sees his mandate come to an end with the war in Ukraine, which has highlighted the importance of the cyber component. In an interview given to echoesGuillaume Poupard, who specifies that he “candidate for functions in the world of the public”looks back on his eight years as boss of Anssi, as well as on the challenges faced by the sector.
While online attacks have multiplied in recent years, it is above all those which represent a growing danger to the sovereignty of States which have been in the sights of Anssi. “We are fighting against particularly advanced long-term espionage campaigns, which are difficult to detect. Opposite, these are States with colossal means. That does not mean that we must minimize the threat of cybercriminal groups or the scams of the online daily but 80% of Anssi’s work is against state espionage. These are invisible attacks, but if the same means were used to destroy infrastructure, it would be truly catastrophic. We cannot imagine that the threat will decrease because it is the geopolitical world in which we live”explains Guillaume Poupard to the economic daily.
With NIS 2, we change gear.
In his eyes, one of the keystones to guarding against attacks is based on mutual aid on a European scale. “We need Europe to be strong at the cyber level. Certainly, all European states are raising their security levels and cooperating. But there is still a need to build solidarity in the event that a member state calls for help. Everything the world is already at 200% and no one can send a team to another country”he explains, then the European cyber incident notification system “does not work”, according to Juhan Lepassaar, the executive director of the European Agency for Network and Information Security (Enisa).
While the threats are intensifying over the months, Guillaume Poupard believes that the strengthening of the European legislative arsenal constitutes an important turning point in the cyber strategy of the European Union. Indeed, a provisional agreement on the update of the NIS directive was reached on May 12 between the European Council and the European Commission. This directive on the security of networks and information systems (NIS or NIS, for Network & Information Security) was introduced in 2016 in order to strengthen cooperation between Member States.
Its new version should make it possible to plug the holes in the racket. “With NIS 2, we are changing gears. We are taking up the idea of the regulatory approach that works, but we are becoming much more ambitious in terms of the number of regulated players”indicates Guillaume Poupard in the columns of echoes. “Regulation will also concern more SMEs, whereas until now the framework applied mainly to large groups. The European approach is interesting because when rules apply to the entire European market, this avoids the temptation to sacrificing security to make low cost. Everyone is equal, it’s virtuous for those who want to provide security to their customers”he adds.
Kaspersky, an antivirus that divides
Inevitably, a few weeks before his departure from Anssi, his boss could not evade the conflict between Ukraine and Russia. Despite the anxiety-provoking climate, he wants to be reassuring about the cyber impact of this war on France. “Since the Russian invasion of Ukraine, I have not observed any major change in the nature or scale of the threat. Cybercrime has remained at a high level, which obviously cannot be satisfied. As before, more and more state-sponsored attacks are being spotted. But, surprisingly, there have not been more alleged Russian attacks against our interests. Worse was expected “he assures.
Still in the context of the war in Ukraine, Guillaume Poupard also clarifies his position vis-à-vis the Russian publisher Kaspersky, of which Anssi called to be wary at the start of the military conflict. “As for Kaspersky, I find it crazy to seem to discover today that the company is of Russian origin. Those who, before the Russian invasion in Ukraine, had not done the risk analysis are not serious people. We cannot rule out the scenario in which the Russian state would use Kaspersky antivirus to spy on or destroy information systems, but it is not an imminent threat”, he tempers. Before adding: “Kaspersky’s anti-viruses are good. Above all, Kaspersky’s specialists are excellent sources. When Kaspersky finds things of American or Israeli origin, we don’t forbid ourselves to look. That’s probably why that they will disappear. They are disturbing.”