“We can only protect what we know well, so the first question of cybersecurity is visibility”, says Jérôme Brognier, head of Amadeus’ regional information security office for Asia and the Pacific. “Safe products are often the least documented. But to improve a system, you have to understand how it works.” For his part, Aurélien Francillon, associate professor in the Networks & Security department of Eurecom, the School of Digital Science Engineers in Sophia Antipolis (Alpes-Maritimes), says.
Both spoke during the “Business Meetings” initiated on December 8th in Arcs-sur-Argens (Var) by the Secure Communication Solutions competitive cluster in Provence-Alpes-Côte d’Azur, which has more than 300 members and four areas covers: microelectronics, internet of things, digital security, big data & artificial intelligence. In their presentations, both were hardly reassuring. From their point of view, cyber attacks will continue to increase and diversify without the means of protection against them being commensurate with the risk.
A threat that generates a new offer
Jérôme Brognier recalled the explosion of attack methods used by increasingly well-organized actors (state groups, “hacktivists”, private companies offering cybercrime services legal in their country of origin, etc.) and with very different motivations (data theft, disruption of critical infrastructure etc.). As a specialist in the travel industry, Amadeus develops solutions for 474 airlines, 132 airports, their service providers, train and shipping companies, hotels, etc.
“Events have multiplied in recent months, such as the Canadian company Sunwing, which grounded 188 aircraft in April after an attack on its ‘Departure Control Systems’ and was only able to get them to take off again in manual mode. All families of actors we work with are represented in the list of incidents.. Supporting statistics from the Microsoft security report, he states that personal and social networks remain the main weaknesses.
“You are the target 71% of the time, hackers choose the easiest”, continues Jérôme Brognier, also pointing to the emergence of increasingly sophisticated methods of corruption. Amadeus has therefore decided to help its customers to protect themselves better. An opportunity arising from an explicit request. “Enterprises are responsible for their perimeter, but one of them approached us for a managed service and told us they trusted us. Knowing what and where to protect in our market, it is important to join forces. We are open to partnering with innovative companies to leverage our respective expertise for our industry.”
A need for trust that must be satisfied…on condition
Aurélien Francillon also calls for putting cards on the table in order to better adapt the fight against cybercrime, especially since he constantly monitors the vulnerabilities in networked systems and objects. “For ten years we have attacked many of them to test them and their security is still insufficient. They are increasingly integrated, cheaper, more complicated and information about their design is less and less available, even for educational tools. This lack of transparency makes it difficult to analyze their security and can lead to suspicion, while there is a real need for trust in this area.“
Another problem is opacity: without the ability to compare and evaluate secure objects, it is difficult to learn how to protect them from vulnerabilities. Not to mention that more security costs. “Who’s willing to pay the price?” asks the teacher.
If the “Cyber Resilience Law” for hardware and software products aims to improve transparency by shifting the responsibility for cyber security throughout the life cycle of these products to their manufacturers, in order to offer their users better protection against possible vulnerabilities ensure the requirement is not without, according to Fabien Aili, President of the SCS Department and Director of Identity Verification, Biometrics and IA of Docaposte. “We need to find the right balance between regulatory framework and innovation so that the former is not an obstacle to the latter. Otherwise, start-ups and companies will prefer to settle in easier countries than France or the European Union.” “
Selected to you