Confidence: More than Just a Word in the World of Cybersecurity

Back to Press Archive

Expert Opinion – Matthieu Bonenfant – CMO Stormshield

The notion of confidence finds itself at the centre of many current debates in the cybersecurity sector. Its strategic dimension ties it to a wide variety of ongoing issues, and geopolitical tensions, which were clearly visible in 2018, have had significant repercussions in the world of cyberspace. There is certainly no shortage of examples.

In addition to suspicions surrounding the presence of nation states behind major cyberattacks, and the opening of cyber-espionage ‘schools’ in certain countries, 2018 was marked by the announcement of an embargo against certain suppliers following concerns over espionage-related activities, as well as new suspicions regarding the introduction of back doors into foreign technologies. Huawei in particular has experienced the costs associated with this. Such issues raise doubts concerning the reliability and integrity of software products, particularly in terms of cybersecurity solutions. In fact, these solutions are particularly sensitive due to their function as ‘guardians of the temple’: maintaining control over protection systems means direct access to protected resources. The choice of cybersecurity partner has never been such a crucial issue for companies and institutions.

Positions taken by nation states on thorny issues such as back doors and the weakening of encryption mechanisms vary. Russia has already introduced legislation to force publishers to provide authorities with a means of accessing encrypted communications. The member states of the Five Eyes alliance* also wish to impose the implementation of weaknesses in software. The primary, and official, objective is to be able to decipher exchanges that could be tied to terrorist activities, and to share information between the various intelligence services.

Of course, the fight against terrorism is a priority. Yet we can question the appropriateness of creating back doors, which might in fact provide an indirect way of accessing sensitive information belonging to private companies or individuals. All kinds of scenarios then become conceivable: nation-state espionage, access to trade secrets, infringements on civil liberties, and so on. Entirely separate to the war on terror, these developments could seriously undermine the ability of businesses and institutions to protect their information assets.

                                                                                     Matthieu Bonenfant, CMO Stormshield

As has been mentioned, these back doors have not received universal approval. Europe in particular is clearly opposed to their implementation and advocates end-to-end encryption in communications in order to guarantee complete security. In 2017, the Vice-President of the European Commission stressed this position by highlighting the threat posed by the use of back doors that might eventually be exploited by cybercriminals. Weaknesses in protection or encryption systems could well be discovered and exploited for malicious purposes, providing the perfect opportunity for criminal activity.

This demonstrates once again that the notion of digital confidence goes well beyond purely technological and functional considerations, often taking on a highly geopolitical nature. An understanding of the origins of digital technologies, particularly those used to manipulate or protect sensitive data, is central to digital confidence. Businesses must also incorporate this strategic information into their reasoning before entrusting suppliers with the keys to securing their information systems. In this sense, continuous awareness-raising efforts among private and public organisations is required. European publishers, for their part, must be more transparent in terms of their positions and adopt a common posture. We should also welcome the work carried out to support digital confidence on a European level and by various governmental agencies such as ANSSI. The French agency’s system of qualifying security products, for instance, requires a review of source codes to ensure that the protection functions are sufficiently robust and that back doors are not present. We would wager that this initiative will be taken up more broadly within the future European certification framework, for which ENISA has recently been mandated.

* An alliance that brings together the intelligence services of the United States, Australia, New Zealand, the United Kingdom and Canada.


Stormshield

A European leader in digital infrastructure security and a wholly-owned subsidiary of Airbus CyberSecurity, we offer smart, connected solutions in order to anticipate attacks and protect digital infrastructures. Our mission: to ensure the cybersecurity and data protection of organizations, their employees, and their customers. Our expertise is available in three complementary product ranges for seamless security: Protection for industrial and IT networks (Stormshield Network Security), protection for servers and workstations (Stormshield Endpoint Security) protection for data (Stormshield Data Security). As per our Multi-Layer Collaborative Security approach, our product ranges interact with one another to raise the security level of IT, OT, and Cloud environments, regardless of the attack point.
These trusted, cutting-edge solutions are certified at the highest level in Europe (EU RESTRICTED, NATO, ANSSI EAL3+/EAL4+). Present in over 40 countries via our network of distributor partners, we ensure the protection of strategic information for companies of all sizes, public administrations, and defense agencies throughout the world.
For further information please visit: www.stormshield.com/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to Press Archive