Given the importance of the cybercrime issue, the Ministry of the Interior published a second report dedicated to cyber threats in May 2018. It is a comprehensive, in-depth overview of the cybercrime and the responses developed by the Ministry. This report includes three parts:
- Strategic Issues Related to Cyber Threats
- Uses, phenomena and perception of the threat
- The actions taken by the Ministry of the Interior to manage cyberthreats.
The first part of the report identifies strategic issues related to cybercrime from social, economic and, legal perspectives. On social level it deals with the use of the Internet for terrorist purposes (crowdsourcing of terrorist activities), the development of information and communication technologies such as discussion forums and crypto – currencies, illicit traffic on Darknets (deep web) through increased use of encryption and anonymization tools. The economic level concerns the development of the cybersecurity market as well as economic counter-interference. For example, cyber-attacks motivated by greed, sabotage, espionage or economic interference have startling financial and reputational implications for organizations.
In the section on the legal issues related to cyber threats, the report includes information on the following developments: the evolution of French legislation, the impact of the directives (NIS Directive) and European regulations (GDPR),the CJEU jurisprudence in fight against cyber threats (judgment of 21 December 2016), the work of the Council of Europe, the United Nations General Assembly and the G7 Group, as well as international cooperation, considering the international dimension of cybercrime.
In the second part of the report concerning uses and threat perception, three factors were mentioned, namely: vulnerability, social engineering and malware. Theses are three main vectors of attacks such as targeted attack and deep attacks, misappropriation and theft of data, denial of service (DoS), disfigurement and telephone attacks.
The Internet with its penetration rate of 87% in France and 54% worldwide was identified as the main mean (especially through smartphones, tablets, Internet connected objects and smart spaces) used for terrorism, scams, extortion, bank card fraud, online criminal markets, attacks on minors, counterfeit works of the mind and ultimately undermining democracy. The study based on data collected by the national police shows a global increase in Internet offences by30% compared to 2016; more than 60% of these offenses are online frauds.
In the third part of the report concerning the actions of the Ministry of the Interior, three main actions were considered: prevention and protection, investigation, and innovation. Prevention actions include targeting general public, promoting awareness in the economic world, increasing territorial economic intelligence and protecting the Ministry’s information systems. The protection can be ensured by using cyber insurance to mitigate risk. Cyber insurance become common in France, regardless the fact that the intangible assets cannot be insured yet in a standardized way.
The report includes investigation procedures that go beyond current practice of acknowledging the victims of cybercrime. It is proposed to implement specialized investigation services for cybercrime as well as training and cooperation in the domain of cyber security.
Six main areas of innovation action were identified in the report:
- Research and development (analytical & forensics tools as well as academic research project)
- Public-private partnership
- Digital transformation: better reporting,
- Cyber communication (Neo PN / GN project, Digital Brigade of the Gendarmerie, establishing network of regional cyber threats
- Crisis Communication: Population Alert and Information System (SAIP) and Emergency Management of Social Media (MSGU)), a better understanding of mass phenomena (Thésée Project, Perceval Project),
- Remediation through platforms – assistance to victims of cyber-maliciousness, digital identity.
In the era of the digital economy and the digital transformation, cybersecurity is a crucial issue for consumers (including minors) who adopted online purchasing and usage, for the private sector (banking and financial sector, as well as the healthcare sector) and for the public sector. The strategy of fighting against cyber threats must be everyone’s business. It is therefore necessary to expand collective power to prevent and fight against terrorism.