A senator is worried about parliamentarians IT security

Jérôme Bascher, the republican Senator of Oise (LR party) expressed his concerns in the report to the Senate No. 82 (2019-2020), on October 22, 2019 : ″Parliamentarians IT security is close to zero

It is primarily a matter of distinguishing between institutional functions and the IT practices of parliamentarians themselves. While the former are relatively well protected, since they benefit from assistance such as that provided by the Anssi (national agency for the security of information systems), the latter are a source of great IT insecurity.

IT insecurity factors related to the workforce

 

1.         Having its own IT equipment

The workforce is a key element in IT security. Each parliamentarian is free to have their own equipment (Huawei or Apple telephone), yetinsecurity can arise from their exchanges and from the means of communication they use. In fact, mobile instant messaging applications that are likely to be used, go through the GAFA. They are hosted by servers of Amazon web service and not by OVH, for example, which could potentially be an efficient French server. This could be countered by the argument that Amazon Web service is also based in France,

 

 

2.         Not enough awareness among senators

While the Parliament benefits from the Trojan horse attacks  detecting systems on institutional sites, the level of IT security among  parliamentarians is still very low.

In 2018, the Senate’s IT security systems intercepted more than 30,000 high-risk contents. Senator Bascher assures that security services  experience at least 2 or 3 cyber attacks per week.

Only wiling senators are aware of the importance of  IT security.  Senator Bascher pointed out : “I’ve never had a virus in my life, because I’m careful,”. Among the risks that public authorities may incur, appears the so called “facing”, that is,the creation of a fake Internet page that could be an apology for terrorism, that French channels Public Sénat and LCP-AN, whose credits are included in public authorities mission, can suffer from. It is a bit reminiscent of the past attack against the channel TV5 Monde a few years ago, which has since had to make considerable investment efforts to pay for its protection.

In addition, an increaseof requests that makethe site inaccessible – hasto be considered,

Cyber attacks against public authorities are now undeniable, as evidenced by the cyber attacks that hit Estonia in 2007, the German Bundestag in 2015 and, to a lesser extent, the Senate, in 2011.

 

Implementation of solutionsto reinforce the parliamentarians IT security

1. The current IT protection system

Senator Bascher points out that, 10% of the IT budget  in France is spentonsecurity.  A program administeredby the Ministry of Defence consisted in recruiting cyber-combatants, however there is a protection  imbalance since the Elysée had its own network, which is not the case for the Parliament.  Senator Bascher  claims that the budget designated to cybersecurity should be increased.

2. A mechanism to be reinforced

The primary objective would be to improve the parliamentarians equipment and make them more aware of IT risks.

According to the Senator, it would also be necessary to reinforce the resources of the Anssi, which is currently the only entity that deals with all the organs of power.

 

Public authorities are therefore at the heart of the strategic and decision-making challenges of Western democracies, as a result of which, they became the main target of IT attacks. This is all the more true in the election period, as demonstrated by the 2016 American presidential election. It’s time to strengthen the parliamentarians IT protection.