The Digital Factory: The Cyber Campus, presented as a “totem place” for cybersecurity in France, celebrated its two years in February. What assessment do you draw from these two years?
Michel Van Den Berghe : The principle of the Cyber Campus is that it is a private and public project. We are accountable to shareholders, made up of 60% private shareholders and 40% the State. Among the private players, we find all the players in our French cybersecurity, but also final players, such as banks or manufacturers. We are in the process of finalizing the figures for 2023, and should reach 22 million euros in turnover, with a profitability of 900,000 euros.
Advertisement
The first year, we were in deficit, renting a tower (the Eria tower, in La Défense) without a tenant. Now the campus is running, profitable, with 98% occupancy. The events work well: we organize one or two events per day. It has become the center of French cybersecurity. From now on, for the next two years of mandate, the goal is to define the reason for existence, and to know what all the players will bring to the cybersecurity ecosystem.
What are the priority missions of the Cyber Campus in the short term? During the InCyber Forum, which was held at the end of March in Lille, Vincent Strubel, director general of the National Information Systems Security Agency (ANSSI), deplored the lack of attractiveness of the sector… What are you planning? do on this ground?
We have a mission, which we are working on with the Ministry of National Education, around attractiveness. It's about knowing how to compensate for the lack of cybersecurity resources and ensure that there are young people who want to do our job. Everyone says you have to be a mathematician, a geek, wear a hoodie… (Laughs).
We created a profession repository, to say that yes, we need ethical hackers, but that there are also plenty of other professions. We ran poster campaigns on the RER and Transilien, aimed at young people. Every Friday, we receive college students with whom we communicate. When we explain our job to them, we create vocations. We also train teachers, and try to feminize the profession, saying that there is room for everyone.
Advertisement
The second project we have is called Cybiah. These are means made available to the campus to create a team, to help increase cyber protection for SMEs in Île-de-France. The idea is that we can help them diagnose the needs they have and support them in implementing simple cybersecurity technologies. The Region provides a “cyber check”, which pays 50% of the expenses incurred to secure itself cyber. Finally, we wish to strengthen the presence, dynamism and promotion of French technologies qualified by ANSSI.
In April 2023, you opened a campus in Lille (Hauts-de-France), then in July in Pessac (Nouvelle-Aquitaine). Do you plan to expand further?
For the creation of territorial campuses, we ask to have at least certain “great pillars”, such as training and attractiveness. Currently, we have two campuses: Hauts-de-France and Nouvelle-Aquitaine. At the end of the year, we will have four or five: the South regions – Provence-Alpes-Côte d'Azur, Occitanie and Grand Est are progressing well. Little by little, we will succeed in having a real network in the territory, to train elsewhere than in Paris. Many companies established in the region will also want to work with other regional players. This is the case for subcontractors, within the framework of the NIS2 regulations. We must therefore be able to train actors and experts in the region.
Before NIS2 compliance, there will be the Olympic Games. How do you anticipate the event?
There is the subject of the Olympics themselves, how to protect the organization itself, with the COJO. For them, these are not their first Games, they know how to protect themselves cyber. What we will have to face are all the infrastructures useful for the Games: the SNCF, the RATP, other industrialists… who will be under pressure. I think that if the attackers want to make a mess, that's where they'll try. All the major clients I meet tell me they are doing nothing other than the Olympics.
As the Games approach, we are seeing a clear increase in cyberattacks. Do you think that there is greater media coverage of these cyberattacks, and that their impact is therefore stronger, or that there is a real increase in the threat?
There are two phenomena. The first, on the pirate's side. Previously, very good hackers attacked companies directly, so they could ransom them directly, or were paid to sabotage, recover information, etc. Regulation, and the obligation for OIVs (organizations of vital importance) to secure themselves, has made things less easy. The number of successful attacks on very large accounts is decreasing sharply. On the other side, moving toward smaller, easier targets, ransomware-as-a-service (RaaS) has arrived. Hackers develop software that can be used by non-technical people. Today you can go to the dark web and buy your attack. The means of doing things are then more relevant.
There is a significant industrialization of ransomware threats. At the same time, more “traditional” state threats continue to progress, and we talk about them less. But they are still very present. These are the attacks that we fear during the Olympics. What is dangerous is sabotage. Today, our digital technology is 98% built on technologies that are no longer European.
In January, you bought SECLAB, a Montpellier-based design office specializing in the design of insulated and partitioned boxes for its clients' computer systems. Why this choice ?
SECLAB was a subsidiary of EDF, created by EDF to be able to provide cybersecurity as part of the protection of extremely sensitive assets, which are nuclear power plants and its command centers. Despite the fact that they did not have salespeople, SECLAB managed to achieve 2 million euros in turnover, and to have references such as SNCFCNES, Bercy and the Ministry of the Armed Forces.
I knew other manufacturers were starting to look, and I met the founder, Xavier Facelina. The project that we have defined together is to make SECLAB a great French company. My new challenge is to create and bring a good level of turnover to a company which has 100% French capital, in which all the technologies are built in France. It's a favorite.
More precisely, what are your ambitions with this acquisition?
We will cover three ambitions. First, businesses or factories were protected because they were not connected. With the arrival of Industry 4.0, they are connecting. But today, 98% of attacks targeting IT now affect the industrial environment. Without being targets, they become victims, because they have been connected without putting in place the necessary cybersecurity means. Our project is to make the means used to protect the nation's most sensitive assets available to these companies. What is located behind our boxes is impassable. For example, there have been many attacks on hospitals, via phishing attacks. By putting our box to separate the healthcare network management network, we will at least be able to treat people.
Then, we will continue to develop boxes for extremely sensitive activities (defense, nuclear, space), to support their digital transformation. Finally, we want to exit the French market and go international. We already have references in India, the United States, Vietnam… because the technology is unique. We will develop the European and international market by relying on major integrators, such as Thales, or in cyber defense.
Selected for you