< Back
cyberthreat news

Tags:

ercom Citadel Cryptobox
13 February 2023

Digital sovereignty: A major challenge for your communications and data

The media reminds us almost daily of the extent to which the digital transformation of companies, administrations and society at large has made cyber security a major concern. Individuals and businesses alike are dependent on the digital ecosystem around them.

Digital sovereignty and its challenges

On February 7, 2022, during a conference on the topic of "Building digital sovereignty in Europe", Bruno Le Maire, Minister of the Economy, Finance and Recovery of France, recalled that technological sovereignty determines political sovereignty, and that today's technological awakening in Europe is necessary. On May 20, 2022, Bruno Le Maire has been reappointed Minister of the Economy, currently bearing the title of "Minister of the Economy, Finance, and Industrial and Digital Sovereignty ". This is a clear sign of interest in the matter!

Digital sovereignty is first and foremost a strategic issue, because it allows French companies to increase their autonomy and flourish. These companies can be a smart alternative in cyberspace. If no alternative, technical or functional, is possible, then care must be taken to implement a solution that does not jeopardize our independence.

The main missions of a sovereign power are to ensure the protection of its national territory, defend the sovereignty of the country in its territorial waters and exclusive economic zone, support the operations of various state services in various industries and overseas communities, and carry out bilateral military cooperation with countries in their respective areas of responsibility.

There is even a willingness to select suppliers of security products or services based on the geopolitical context. For example, the war in Ukraine has recently prompted many organizations to change their antivirus solutions. Therefore, the control of cybersecurity technologies and services provided by France and Europe appears to be crucial for our digital sovereignty.

The European model of digital sovereignty must be distinguished from the American model, controlled by private giants, and the Chinese model, controlled by authoritarian states. Between the two, the control of sovereign peoples opens a narrow path.

Three conditions are required to do this:

  • Innovation, by supporting innovative companies and industrial projects;
  • Regulation, avoiding the monopoly of the digital giants, allowing the control of content;
  • Energy sovereignty, vital for technological development.

According to a report prepared by ANSSI, ransomware attacks on public and private organizations have increased by 255%. The report states that some industries are more affected than others: For instance, healthcare, education, technological organizations.

Jean-Noël Barrot, Minister delegated in charge of Digital Transition and Telecommunications, detailed the government's roadmap for cyber security. In addition to the additional 20 million euros allocated to the security of hospitals heavily affected by multiple cyber attacks leading to numerous data leaks, he also announced his willingness to increase support for SOHOs and SMBs. This new funding is in addition to the €1 billion national cyber security plan. The main objective is for all organizations to become aware of cyber risks.

 

The risks of American solutions

We all know Microsoft Teams for its ease of use. However, one of the drawbacks of Teams lies in its encryption process, which is partly controlled by Microsoft. As an American company, it is bound by national laws and therefore by the Patriot Act or the CLOUD Act. During a testimony before the Judicial Committee, Microsoft acknowledged that its European customers' data could be transferred to the United States, without consent or notice to users, under the Patriot Act.

Less known than the Patriot Act, the CLOUD Act allows judicial authorities to access data on servers regardless of their location. It has become possible for the United States to access European servers if the company does business or is headquartered in the United States.

These laws are in direct opposition to the  General Data Protection Regulation. The GDPR requires Europe-wide consumer data protection since 2018. Therefore, it has become essential to communicate on a sovereign and French solution complying with the GDPR.

A sovereign Teams in France

Thales is one of the few French companies with global reach able to offer solutions to meet the digital sovereignty requirements of many countries: cyber protection, data protection, access control, biometrics, etc.

Our Group deploys significant human and financial resources for R&D. With nearly 33,000 engineers and 4 billion euros per year, sovereignty is a very pressing issue. Our research collaborations with academic institutions such as CNRS and CEA allow us to benefit from an entire ecosystem of high-performance suppliers.

The situation we are facing and the capabilities implemented have allowed us to identify a real need for digital sovereignty. That is why we have designed two solutions: Cryptobox and Citadel, entirely developed and hosted in France. These two solutions converge to form the Cybels Hub service. A highly secure collaborative platform offering instant messaging, audio and video conferencing, and file sharing. This service already exists with a Restricted Distribution approval. We are now making it extensively available to whoever want to protect their sensitive data.