En garde! 'Cyber-war has begun' – and France will hack first, its defence sec declares

Parly-vous cyber-security? No plan to surrender, military bug bounty coming


FIC2019 France’s defence secretary Florence Parly today declared: “Cyber war has begun.”

And she said the Euro nation's military will use its “cyber arms as all other traditional weapons… to respond and attack,” as well as setting up a military bug bounty program.

Parly made her pledges during a speech to the Forum International de Cybersecurite (FIC) in the northern French town of Lille. Her speech was on a topic that most Western countries shy away from addressing directly in public.

“The cyber weapon is not only for our enemies,” said France’s defence secretary this afternoon, speaking through a translator. “No. It’s also, in France, a tool to defend ourselves. To respond and attack.”

Her remarks will be seen as moving the debate about offensive cyber capabilities – not just so-called “active defence” but using infosec techniques as another weapon in the arsenal of state-on-state warfare – to a new level. Coming from a prominent NATO member and EU country, it could set the tone for future discussion of nation states' offensive cyber doctrines.

As well as having “published the main lines of that [offensive] doctrine” of the use of cyber weapons last week, Parly called for “more co-operation and partnerships and convergence with our European allies because if a threat is over the heads of all of us, that’s the cyber threat and it has no border.”

"Today I would like to make a proposition to our defence industrialists," she continued. "Let’s unite our strengths to protect, from the cyber threat, our supply chain."

Parly also revealed that France’s Ministry of Defence (MoD) has established no less than a military bug bounty program, saying: “When I talk about trust it goes very far. A partnership has been done between [France’s military] cyber command and the startups. That is called Yes We Hack. I announce it.

korea

South Korea reckons mystery hackers cracked open advanced weapons servers

READ MORE

"At the end of February we are going to announce the first bug bounty of the MoD. Ethical hackers were recruited in the cyber operational research [department] and they’re going to track down the faults of our systems. If they find some they will be rewarded for it.”

Britain, which prides itself on its defensive hacking capabilities, as well as taking a much more muted line about its offensive cyber capabilites, tends to shy away from talking about its own hacking plans openly. That said, the UK's abilities in the area have been quietly acknowledged by officials.

France’s new approach to its industrial supply chain will raise some eyebrows on the far side of the English Channel as well. Parly said she “intends to engage” with SMEs to further develop France’s cyber defences, adding: “we need to create links between the MoD and our defence industrialists, between ministry and SMEs, and we need to work for a [EU] of cyber defence.”

In contrast, Britain’s Ministry of Defence spends a relatively small £80m a year on funding good ideas from SMEs, with the vague hope that the better ones will be adopted by the ministry for frontline use. While cyber forms a part of the Defence Innovation Initiative, France appears to have gone all in with a dedicated push to develop offensive cyber capabilities in full partnership with its private sector.

This is a sharp contrast to the UK, where large defence contractors (“primes” in the lingo) are the ones snapping up contracts for major military cyber work. Whether, in the post-Brexit world, the UK will change tack and adopt elements of the French approach remains to be seen. ®

Similar topics

Narrower topics


Other stories you might like

  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading
  • Big Tech loves talking up privacy – while trying to kill privacy legislation
    Study claims Amazon, Apple, Google, Meta, Microsoft work to derail data rules

    Amazon, Apple, Google, Meta, and Microsoft often support privacy in public statements, but behind the scenes they've been working through some common organizations to weaken or kill privacy legislation in US states.

    That's according to a report this week from news non-profit The Markup, which said the corporations hire lobbyists from the same few groups and law firms to defang or drown state privacy bills.

    The report examined 31 states when state legislatures were considering privacy legislation and identified 445 lobbyists and lobbying firms working on behalf of Amazon, Apple, Google, Meta, and Microsoft, along with industry groups like TechNet and the State Privacy and Security Coalition.

    Continue reading
  • SEC probes Musk for not properly disclosing Twitter stake
    Meanwhile, social network's board rejects resignation of one its directors

    America's financial watchdog is investigating whether Elon Musk adequately disclosed his purchase of Twitter shares last month, just as his bid to take over the social media company hangs in the balance. 

    A letter [PDF] from the SEC addressed to the tech billionaire said he "[did] not appear" to have filed the proper form detailing his 9.2 percent stake in Twitter "required 10 days from the date of acquisition," and asked him to provide more information. Musk's shares made him one of Twitter's largest shareholders. The letter is dated April 4, and was shared this week by the regulator.

    Musk quickly moved to try and buy the whole company outright in a deal initially worth over $44 billion. Musk sold a chunk of his shares in Tesla worth $8.4 billion and bagged another $7.14 billion from investors to help finance the $21 billion he promised to put forward for the deal. The remaining $25.5 billion bill was secured via debt financing by Morgan Stanley, Bank of America, Barclays, and others. But the takeover is not going smoothly.

    Continue reading

Biting the hand that feeds IT © 1998–2022