>Article published on Zone Bourse - March 20, 2018
The world of intelligence and defense has long used vulnerabilities of computer systems to its advantage to ensure its security and defense mission. However, today these organizations appear overwhelmed by the proliferation of cyber-weapons, just a click away for many criminal groups. It is now urgent to restore the balance of power by strengthening the defense of cyberspace. The continuity of growth of the real economy and world peace depend on it.
If the world has been living peacefully for more than 70 years, it is, officially, thanks to nuclear deterrence.It is true that various governments and international bodies (UN, NATO) have maintained the equilibrium of forces between the Western and Soviet world during the Cold War, and then, by limiting the proliferation of nuclear weapons.This view of global geopolitics, widely shared, describes however only part of the reality.
All governments have been particularly successful in maintaining peace and relative security through the intensive work of civil and military intelligence services, whose effectiveness has been multiplied by the massive use of electronic intelligence (wiretapping, control of communications, control of computer and electronic systems, etc.).
The development of computer networks, especially the Internet, initially facilitated this task: the various flaws and vulnerabilities have allowed intelligence and security services to penetrate the computer systems and observe their content without the knowledge of their owners.For the general public, electronic intelligence existed.It was however - in principle - targeted and not massive, as democracy requires.
But computer systems and connected objects have proliferated on increasingly interconnected networks.The number of vulnerabilities - mostly unintended consequences of software development or configuration bugs - has steadily increased, and their exploitation has completely escaped government organizations.
Virtually all the computer systems on the planet today are at the mercy of anyone who takes care to find these flaws and exploit them.Hackers or cyber-criminals use it to generate malfunctions known as cyber- attacks.
Everyone has now understood that the global economy as a whole relies on the availability of computer networks and systems: physical systems of the real economy are now managed and controlled from cyberspace and become potential targets.The more a country develops, the more it relies on Information Technology and the more vulnerable it becomes.The deployment of the Internet of Things and artificial intelligence only increases the surface and sophistication of computer attacks.
We can only be grateful to the intelligence and defense communities for allowing us to live in peace for such a long time.However, continuing on a model that considers that flaws and vulnerabilities are useful for purposes of internal security now plays against the mission of defense and security for which intelligence and security services are responsible.
The defense of cyberspace becomes a challenge that humanity may lose.Our civilization could well experience new setbacks if it fails to overcome this difficulty.
Today, mafias, cybercriminals from all horizons and even rogue states are at work, with motivations so diverse that they make their attacks very difficult to anticipate and counter.Defending cyberspace is much harder than attacking it: mounting an attack costs a few thousand euros, defending against it can cost billions worldwide.
Indeed, in cyberspace, the attacker is anywhere and everywhere.This ubiquity, associated with the effect of surprise, plays into their hands.Most of the time, attacks are not even detected.More importantly, hackers can get cyber-weapons ready to use on the Darknet for a few thousand euros,.Hackers no longer need to be great IT specialists to prepare their attacks.
If humanity has managed to avoid the proliferation of nuclear weapons, it has already failed to avoid the proliferation of cyber-weapons.
Among the first targets for the pirates: financial and stock exchange systems, as well as power distribution networks.For criminals, the financial reasons are obvious.Rogue states see it as a means of blackmail and pressure on our governments.Keeping the financial and stock exchange systems and the distribution of energy up and running is of course vital for our economies.
If no decision is made to completely change our methods of cyberspace defense, we may well experiencecyber-chaoswhich could seriously jeopardize our security, our defenses and our economies.Since cyberspace knows no borders, it is necessary that this decision be taken at the international level, ideally at the UN.
Restoring the balance between attack and cyberspace defense is not an option: it is an absolute necessity.And the measures of computer hygiene advocated by the National Agency for the Security of Information Systems (ANSSI) in France, or by the Department of Homeland Security (DHS) in the United States are necessary but not sufficient.
The"General Regulations on Data Protection" (RGPD), the Directive "Network and Information Security"(NIS) in Europe andthe "Cybersecurity National Action Plan" (CNAP) in the United States,designed to raise the awareness of businesses and citizens to cyber security are indispensable but their scope in terms of the defense of cyberspace will remain limited.
If the cybersecurity panorama described so far is bleak, the worst is not certain.
Truly effective and inherently safe defense technologies that restore the balance between attack and defense exist. They were simply frozen because they could interfere with the security and defense actions of the armed forces, the police and the intelligence services. The state, under the influence of the military authorities which preferred at first to reserve them to ensure their missions of defense, did not wish them to be deployed in the civilian domain. The military is well versed in controlling the diffusion of dual technologies (military and civilian use) and this control is desirable and justified.
The SPECTRE and MELTDOWN flaws (see Article in Le Point, January 6, 2018) affected almost all the microprocessors of the world, the gravity of which is unprecedented. The revelation of these flaws compels states to change all the computing infrastructure of the Vital Significance Operators - of which Financial and stock exchange systems are part - taking into account, from the outset, the security of these IT systems as an essential and indispensable dimension.
States and the intelligence community are not discovering the gravity of the current situation now.They have already conducted actions behind the scenes to anticipate the implementation of truly effective solutions.
Microprocessor manufacturers, electronic and computer equipment manufacturers, service companies and, in general, the major players involved in the electronics and IT sectors are ready to deploy advanced computer security technologies very quickly.They are all impatiently waiting for a “Go!” to be given to them by the political and military authorities.
Time is running out:the increased threats and vulnerabilities put us all in front of our responsibilities.The challenges of cybersecurity and cyber defense are so important that they condition the continuity of growth in the real economy and peace at the global level.Our economies are not doomed to fall under the repeated assaults of hackers if the decision to effectively secure cyberspace is taken quickly.
Taking stakes in companies working in the areas of IT security, dependability and more specifically in cyber security and cyber defense, may therefore be highly relevant.
Authors :
Gilles SGRO is co-founder and president of VALIDY NET INC (USA) and VALIDY SAS (France). He has been working in the field of cybersecurity and cyber defense for about twenty years. VALIDY NET INC has a patented breakthrough technology VALIDY TECHNOLOGY intended to protect computer systems and embedded systems against hacking and computer sabotage. He studied physics, computer science and industrial systems and graduated from the ICG in strategic management. He was director of information systems for a multinational company and then co-founder, director and marketing manager for a high-tech company working on massively parallel computer design.
Jean-Christophe CUENOD is co-founder and technical director of VALIDY NET INC (USA) and VALIDY SAS (France). He has been working in the field of cybersecurity and cyber defense for about twenty years. Co-inventor of the patented technology VALIDY TECHNOLOGY, he developed a proof of concept demonstrating its effectiveness in protecting computer systems and embedded systems against hacking and computer sabotage. He is a graduate of Ecole Normale Supérieure in Paris, Doctor in Computer Science. After holding various positions in Research and Development at the National Scientific Research Center (CNRS) in Paris and at the XEROX Palo-Alto Research Center (XEROX PARC) in Palo-Alto, California, he joined DIGITAL EQUIPEMENT CORP (DEC) Research and Development department. where he designed different computer workstations. On his return to France, he worked in massively parallel computer design before co-founding VALIDY SAS and VALIDY NET INC.
www.validy.com
www.validy-net.com
https://www.facebook.com/Validy
@validy
@gillessgro
gilles.sgro@validy-net.com
www.linkedin.com/in/gillessgro
jcc@validy-net.com
linkedin.com/in/jcc01