“Rich experiences and many challenges“. Here is how Vincent Strubel, the new director general of the National Information Systems Security Agency (Anssi), describes the year 2023 in the activity report of the cyber organization. On the experience side, he cites the Rugby World Cup in September 2023 which was an opportunity for the agency “to test its operational device” before the big leap with the Olympic and Paralympic Games in Paris. The challenges have been and remain numerous: a particularly tense international context causing an increase in denial of service attacks and for espionage purposes carried out by groups affiliated with the Russian state.
269 security visas issued
At the internal level, Anssi is 634 agents (civilian staff excluding trainees and apprentices) with an average age of 37 years. She benefits froma budget of 29.8 million euros (excluding payroll). She delivered 269 security visas and returned 25,738 automated audit reports as well as delivered 57,823 SecNumAcadémie certificates. She also published 8 technical guides, 15 open source software And 23 scientific articles.
Advertisement
On the operational side, in 2023, the Agency has identified 3703 security events which gave rise to processing by the teams and recorded 1112 incidents for which it confirmed that a malicious actor had successfully carried out actions on the victim's information system. Vincent Strubel was pleased that no hospital had been “paralyzed” following a cyberattack in 2023.
A change of scale
The year 2023 was marked by “a change of scale“, notes the Agency in its report, with the adoption of the 2024-2030 military programming law. This text contains four articles which directly concern it and which give it new means of defense and detection as well as strengthen its capabilities operational.
Also, the NIS 2 directive – which was adopted in 2022 at the European level and which must be transposed into French law – extends its missions and promotes a massive strengthening of the cybersecurity of the economic fabric and administrations within the European Union by increasing the number of regulated entities and sectors. To comply with it, the agency says it has worked actively on its service offering and the qualification scheme for audit and security consulting providers (PACS) which will make it possible to increase capacities to be able to help the new entities concerned. by these rules.
The agency is also pleased with the opening of a new site in Rennes, called ArteFact, an illustration of its growth in the region. “It is also a challenge (…), that of multi-site, with new operating challenges for the teams, which encourage us to pay particular attention to the cohesion and well-being of agents at work.“, we can read in the report.
Advertisement
The deployment of an automated cyber defense system
During 2023, Anssi also deployed innovations to adapt to the threat. In particular, it has put into production an automated cyber defense system. It consists of “block technical elements deemed malicious on the perimeter of the State interministerial network” For “protect beneficiaries of the public sphere“. Since February 27, 2023, it has made it possible to block 60 attacks. 92,000 different markers have been blocked and each month, around a billion requests are processed, details the report.
The agency also took part in the national crisis management system put in place for the Rugby World Cup, a life-size test for the Olympics. Its preparation notably participated in the overhaul of its operational system, tested as part of a cyber training program which began in June 2023. Now, time for preparation for the Olympics with the establishment of broad awareness of risks and crisis management intended for all stakeholders. A self-diagnostic tool for the level of maturity in terms of resilience and “turnkey” crisis management exercise kits were made available to them.
Selected for you