“I’m not going to give a farewell speech, it’s not my style. On the FIC stage, the director of the French cybersecurity agency refuses to comment on his departure, scheduled for this summer.
Image: FIC.
He nonetheless thanks his teams and partners. The subject is indeed on everyone’s lips at FIC 2022: who will replace the director of the agency?
“Keep the permanent imbalance that makes Anssi work”
In front of the journalists who question him, he assures that “his replacement will go well, there are very competent people to take up the torch” and is pleased to “leave a shop recognized by the authorities”.
Guillaume Poupard is content with an address for his successor: “If I had any advice to give, it would be to maintain the permanent imbalance that has made Anssi work since its inception. If you stop pedaling, it no longer works. »
But the leader does not pour out on his future. At most, it slips near the Echoes having applied several times for positions in the public sector, without specifying which ones.
The balance sheet
On stage, the speech of the director of Anssi had the air of a balance sheet, highlighting in particular the successes of efforts at national, European and regional level. “We have issued more than 300 security visas from Anssi, which is testimony to a real dynamic in the creation of products and services in France. On the national level, we can be proud, ”sums up Guillaume Poupard.
At European level, the French presidency of the European Union at the beginning of 2022 also made it possible to put many essential subjects on the agenda, including the securing of European institutions, solidarity between Member States on issues cybersecurity and the recasting of the NIS directive.
At the regional level, the director of the agency retains the security efforts undertaken thanks to the recovery plan, in particular the launch of regional CSIRTs which are beginning to take shape and the development of security courses. “For the future, moreover, it would be interesting to generalize the principle of safety courses to other areas”, suggests the director.
Raising awareness of cybersecurity among the French population
In parallel with this report, Guillaume Poupard also spoke of the challenges facing the agency, and more generally the French cybersecurity ecosystem.
“The first subject to be implemented is that of a real large-scale awareness of cybersecurity issues. If we could have five minutes of brain time from each French person to pass on a few messages on digital security, that would be ideal. »
The cybermalveillance.gouv.fr platform, launched in 2017, was Anssi’s first attempt to raise awareness.
A “service” cybersecurity
Second angle of attack, the development of “service” cybersecurity in which Anssi would play a greater role.
“On the subject, we have seen the example of the British NCSC, which offers a number of services responding to simple problems, but which complicate the life of attackers. »
In this area, Anssi already has several experiences, such as its Active Directory Security service, or even EBIOS Risk Manager. An offer destined to develop, while leaving its place to the private sector.
“France must be respected”
Third subject discussed, that of the place of France on cyber. “I think we have to be respected, and that will go through the offensive in particular, but also through a strong French voice at the political and geopolitical level. The director of the agency does not hide his desire to collaborate with the organizations responsible in France for carrying out offensive cyber operations, like the intelligence services or Comcyber.
The ambition is reflected in particular by the development of the Rennes platform of Anssi, which aims to bring together the teams of these different organizations. But also by a stronger policy on the attribution of attacks, which is illustrated in particular by the accusations brought by the European Union which attribute the attack on ViaSat to the Russian government.
In this regard, Guillaume Poupard expects the authorities to “go more and more towards public allocation”, without falling into the faults of the Anglo-Saxon world: “The objective is not to do attribution for the sake of attribution, but to get a result. »
Cloud and sovereignty
“Finally, the last subject is that of sovereignty, on which we hear a lot of nonsense, but also many questions”, concludes Guillaume Poupard.
The director nevertheless notes that the recent war in Ukraine has made it possible to put the subject back at the heart of debates within the European Union, and recalls the discussions in progress on the establishment of a European label for secure cloud.