France unveiled plans on Friday to bolster long-neglected defences against cyber attacks, with €1bn ($1.36bn) of investment foreseen to bring the country’s technology up to speed with Nato partners.
Defence Minister Jean-Yves Le Drian presented measures including roll-outs of secure telephones, encryption technology and network surveillance to harden sensitive computer systems now exposed to hacking and espionage.
The spending aims to build up France’s ability to fend off mounting cyber attacks and bolster surveillance after years of neglect. The issue has taken on more urgency in the wake of former NSA contractor Edward Snowden’s disclosures about US cyber surveillance practices.
“This is a priority for the defence ministry because 0f our operational capacity, our ability to conduct operations, can be gravely threatened by cyber threats,” Le Drian said.
“I’m referring to weapons systems, command and control, information and the systems that link them together.”
Most of the money will go towards shoring up security at the defence ministry and its strategic partners, which were targeted by some 800 cyber attacks in 2013 amid unprecedented belt-tightening for the military, according to a presentation the defence ministry posted online.
But funds will also go to building up web monitoring and personal data collection. Parliament passed a law in December empowering the state to request data from telecoms operators and web providers, in some cases without asking a judge, drawing criticism from web and privacy activists.
“France has only woken up to these risks very recently,” said Jean-Francois Bezel, president of the IT consultancy Safaris and a specialist in cyber security.
“The main thing today is to protect companies that are crucial to the state’s functioning, as well as government and banks, and to promote best practices in security.”
France, which spends more money on its military than any other European nation except Britain, has given itself two years to catch up with its allies on cyber defences. Some €400mn of the total €1bn will be used to equip strategic firms with means to protect and encrypt data, detect hacking and monitor internal networks. The ministry document did not specify if it had certain firms in mind.
The military will set up a centre to train personnel in cyber defence near the northwestern city of Rennes, home to the Saint-Cyr officer school, with a research arm to develop France’s first offensive cyber security weapons.
Staff at the military’s CALID cyber defence unit will be increased six-fold, while specialised lawyers will be trained to usher legal complaints through the judicial system, which rarely produces convictions for cyber security-related crimes.
“We are able to identify the source of the attack, but bringing proof in judicial terms is very difficult because conscientious hackers will cover their tracks by bouncing their attacks off servers located around the world,” said Guillaume Poupard, head of information systems security at the defences ministry’s procurement agency.
Of the 800 attacks targeting French interests in 2013, Poupard said most had been attempts to snoop or disable web sites, with none aiming to incapacitate battle-ready units like ships or fighter planes.
“The goal is really to ensure that no attack ever hits the strategic heart of our operations, including attacks that come from very high levels,” he said, without specifying which entity or country might be behind such high-level attacks.
France also aims to boost information-sharing with allies in Nato, which last June launched the first reaction force to deflect cyber attacks targeting the alliance’s computer systems.