Security

En garde! 'Cyber-war has begun' – and France will hack first, its defence sec declares

Parly-vous cyber-security? No plan to surrender, military bug bounty coming


FIC2019 France’s defence secretary Florence Parly today declared: “Cyber war has begun.”

And she said the Euro nation's military will use its “cyber arms as all other traditional weapons… to respond and attack,” as well as setting up a military bug bounty program.

Parly made her pledges during a speech to the Forum International de Cybersecurite (FIC) in the northern French town of Lille. Her speech was on a topic that most Western countries shy away from addressing directly in public.

“The cyber weapon is not only for our enemies,” said France’s defence secretary this afternoon, speaking through a translator. “No. It’s also, in France, a tool to defend ourselves. To respond and attack.”

Her remarks will be seen as moving the debate about offensive cyber capabilities – not just so-called “active defence” but using infosec techniques as another weapon in the arsenal of state-on-state warfare – to a new level. Coming from a prominent NATO member and EU country, it could set the tone for future discussion of nation states' offensive cyber doctrines.

As well as having “published the main lines of that [offensive] doctrine” of the use of cyber weapons last week, Parly called for “more co-operation and partnerships and convergence with our European allies because if a threat is over the heads of all of us, that’s the cyber threat and it has no border.”

"Today I would like to make a proposition to our defence industrialists," she continued. "Let’s unite our strengths to protect, from the cyber threat, our supply chain."

Parly also revealed that France’s Ministry of Defence (MoD) has established no less than a military bug bounty program, saying: “When I talk about trust it goes very far. A partnership has been done between [France’s military] cyber command and the startups. That is called Yes We Hack. I announce it.

South Korea reckons mystery hackers cracked open advanced weapons servers

READ MORE

"At the end of February we are going to announce the first bug bounty of the MoD. Ethical hackers were recruited in the cyber operational research [department] and they’re going to track down the faults of our systems. If they find some they will be rewarded for it.”

Britain, which prides itself on its defensive hacking capabilities, as well as taking a much more muted line about its offensive cyber capabilites, tends to shy away from talking about its own hacking plans openly. That said, the UK's abilities in the area have been quietly acknowledged by officials.

France’s new approach to its industrial supply chain will raise some eyebrows on the far side of the English Channel as well. Parly said she “intends to engage” with SMEs to further develop France’s cyber defences, adding: “we need to create links between the MoD and our defence industrialists, between ministry and SMEs, and we need to work for a [EU] of cyber defence.”

In contrast, Britain’s Ministry of Defence spends a relatively small £80m a year on funding good ideas from SMEs, with the vague hope that the better ones will be adopted by the ministry for frontline use. While cyber forms a part of the Defence Innovation Initiative, France appears to have gone all in with a dedicated push to develop offensive cyber capabilities in full partnership with its private sector.

This is a sharp contrast to the UK, where large defence contractors (“primes” in the lingo) are the ones snapping up contracts for major military cyber work. Whether, in the post-Brexit world, the UK will change tack and adopt elements of the French approach remains to be seen. ®

Send us news
33 Comments
Get our Security newsletter

Keep Reading

China-linked hacking gang ‘APT10’ named as probable actor behind extended attacks on Japanese companies

Campaign even targeted branch offices inside China and sought secrets of automotive and engineering companies

VMware reveals critical hypervisor bugs found at Chinese white hat hacking comp. One lets guests run code on hosts

ESXi, Cloud Foundation, and desktop hypervisor users should get patching

Soft press keys for locked-down devs: Three new models of old school 60-key Happy Hacking 'board out next month

Good news if you're a fan of Topre switches

Happy Hacking Professional Hybrid mechanical keyboard: Weird, powerful, comfortable ... and did we mention weird?

Review Once you're over the learning curve, it's a cross-platform all-rounder

Chinese hacking competition cracks Chrome, ESXi, Windows 10, iOS 14, Galaxy 20, Qemu, and more

VMware warns of incoming security fix after attackers get root on host

Stuck inside with time on your hands? The US govt would like to remind you it's paying $5m for Nork hacking scalps

US-Cert issues new report on misdeeds of North Korean groups

Good: US boasts it collared two in Chinese hacking bust. Bad: They aren't the actual hackers, rest are safe in China

Ugly: And it's all about video game robberies at this stage

Doctor, doctor, got some sad news, there's been a bad case of hacking you: UK govt investigates email fail

Former trade minister Dr. Liam Fox named as source of leaked trade docs

Want to stay under the radar for a decade or more? This Chinese hacking crew did it... by aiming for Linux servers

BlackBerry says Winnti-derived group is playing it quiet with rootkit attacks

Putin to Trump: Let's collude to stop election hacking

Russia wants no-hack pact, CERTs and nuclear agencies to conduct regular chit-chats

Tech Resources

Navigating the New Era of Cloud Computing

Hear from Steve Sibley, VP of Offering Management for IBM Power Systems about how IBM Power Systems can enable hybrid cloud environments that support “build once, deploy anywhere” options.

Simplifying Hybrid Cloud Flash Storage

According to industry analysts, a critical element for secure hybrid multicloud environments is the storage infrastructure.

IBM and Nvidia® Solutions Power Insights with the New AI

IBM is well-positioned to help organizations incorporate high-performance solutions for AI into the enterprise landscape.

The Ransomware Hunt that Unearthed a Historic Banking Trojan

The Sophos Managed Threat Response (MTR) team provides customers with swift, human-led responses to the nastiest threats and most sophisticated adversaries.