Cybersecurity VS Cyberattacks: 610 security experts put at the service of the security of organizations in France

A focus on these state computer security specialists who are constantly fighting against cybercrime to certainly maintain protection for users in several sectors, whether public or even private.

Several testimonies refer to their interventions. As cyber-prisoners, these computer security experts have had to intervene on several occasions to help some of the infrastructure threatened by cyberattacks to the best of their ability. "They arrived the day after the disaster. There were about fifteen of them, often very young. They were provided with a room that served as a crisis cell. They clouded the windows. "says Alexis Renard, former deputy technical director of TV5 Monde. The effect takes place on April 8, 2015, the computer system of the French-speaking international channel is stormed by a computer attack that completely takes out control of computer scientists. The channel stops transmitting for a while in 200 countries it covers.

This article will also interest you: Faced with increasing losses related to cyberattacks, companies are intensifying their responses

On screens and websites, jihadist messages appear. Even e-mails are no longer accessible. To limit the damage, experts ask to shut down the internet at the infrastructure level in order to isolate the system. Contacted immediately, the National Information Systems Security Agency and the Ministry of the Interior reacted and automatically dispatched a team to supervise this problem.It took several weeks for these specialists to restore the system efficiently and more on while ensuring that no opening was left.

In practice, the media are not in the category of vital operators, that is, those institutions that have a certain sensitivity to security, whose occurrence of incidents could cause major problems. The companies involved are usually in the health energy or telecom sector. But the special status of TV5 Monde forced the authorities to react.

In 2018, there are approximately 610 officers who would have been used to contain major attacks on 14 major operations, while being involved in nearly 391 less serious incidents. As far as the 2019 report is concerned, nothing has yet been published. But it is clear that the year has been very active for these specialists because, the National Information Systems Security Agency had to react in the 69 security incidents that explained ransomware.

As a reminder, the time that the National Information Systems Security Agency was created in 2009. Its operating budget is 100 million euros. Starting in 2013, the number of officers employed by the Cyber Security Officer doubled. The teams are divided into several clusters of skills, spread all over France. "There is a pool of skills and expertise unique in Europe: for an engineer, working there is a benchmark," says Jean-Jacques Latour, the former director of the Government Centre for Monitoring, Alerting and Responding to Computer Attacks (CERT-FR).

It should be noted that the agency has almost everything. From analysts responsible for identifying threats to crisis management communicators, malware engineers and pure research and development researchers. The different skills are grouped by Groups that can have several specializations.

"Generally in the event of cyber attacks, these specialists are in a situation where physical pension cards on the ground are needed. It would be very difficult for agents to work remotely on a computer system already in the hands of attackers," explains Jean-Jacques Latour, director of the government platform cybermalveillance.gouv.fr

Before the interventions or even during the interventions, the agency began ordering companies not to negotiate with cyber criminals. Because in case of ransomware, what interests them is money. Entering into negotiations is one way to encourage them to continue. The amounts generally requested are fairly reasonable taking into account the targeted organization. "Hackers are good at marketing: the amounts requested are often proportional to the company's turnover, and much less than the cost of the damage. observes Jean Jacques Latour. In the case of Bouygues construction, for example, the ransom that was demanded was up to $10 million. A sum that the group could easily pay. However, there is no guarantee that once the ransom is paid, cyber criminals will unlock the data. Because in a third of cases, they don't. Some even allow themselves to outbid. But on the one hand, the expenses that follow cyberattacks are generally very high in terms of cost. For TV5 Monde, it took almost 20 million euros out of five to completely rehabilitate the system. Examples of this type abound. Jean-Jacques Latour noted: "Between 2018 and 2019, we had three times as many requests from companies and administrations… and that's just the tip of the iceberg. ».

Now access an unlimited number of passwords: