May 2008 - n° 708
Speech by Michèle Alliot-Marie, Minister of the Interior and Overseas Territories, presenting her action plan against cybercrime, Nanterre, 14 February 2008.
The second International Forum on Cybercrime (FIC 2008), ‘Together for a safer cyberspace’ was held in Lille on 20 March with EU support. This event campaigns for community policing for the development and protection of cyberspace and its users as part of the EU’s ISEC programme (www.fic2008.com).
The Internet and digital networks pose new challenges to those who have to use them for business, and who have to protect themselves against certain by-products of their criminal use and what we now call cybercrime. Digital networks are the source of new threats to the rights of society; they demand constant updating of our official and judicial responses, police techniques and methods, which must in turn be proportionate to the human and economic prejudice suffered. Information and communication technologies (ICT) seems to present an ideal vector for delinquents to commit multiple criminal acts.
What is cybercrime and what is its scale in financial terms? It covers profitable criminal activities involving use of computers and networks, but estimating its economic impact is not easy, since only a third of its victims lodge complaints. Yet according to an adviser to the US government, ‘. . . last year  profits from cybercrime were some $105 billion, or greater than the profits from the drug trade’.
Electronic social networks, particularly business online networks such as Viaduc or Xing, have changed the way people with common interests link up. Although the keywords here may appear to be ‘communitarisation’, transparency and self-promotion, use of these networks to advertise oneself is not risk-free. Ten major risks are identified and ten precautions to avoid this new way of communicating becoming a security hazard.
Analysis of Internet user groups plays a part today in a number of fields including economic intelligence, cybercrime and sectarian and terrorist activities. This article aims to offer a simple explanation of the issues relating to the analysis of these user groups, together with the methods and techniques employed.
The European Information Systems Security Group is composed of 350 specialists who analyse the most complex aspects of information security. The contributions and the results of its work, the output of interdisciplinary working groups, are made available to both the private and the public sectors.
The explosive growth in wideband Internet access and the significant fall in prices have resulted in a real democratisation of the new information and communication technologies. The Internet offers to our societies the best and the worst, being an ideal medium for all types of incivility, delinquency, even criminal activity. With the increase in intelligent attacks and the dependence of our economies on these technologies, education alone is not enough. New technical solutions make possible security that is active and preventive; it is also more intrusive but respects basic individual liberties. The challenge for our societies is to gently prepare this change in doctrine.
The aim of cryptography is to ensure the confidentiality of communications, and the widespread use of the Internet has led to its increased application. Yet terrorists and other mafias have the same needs as governments and citizens. There is a flourishing legal arsenal in many states, and it is accompanied by techniques used to attack enciphered communications. Most people believe that cryptography provides them with security, but this article shows that this is not so.
The future of our civilisation—which invented the Internet—depends on our ability to understand and master this fantastic tool. Risks such as generalised denial of service or loss of confidentiality could lead to the ruin of our economies and the disruption of our logistic and emergency services. What lessons can we draw from the Société Générale affair, in particular what improvements can be made to our information systems? Measures to reduce internal threats might include identification instead of authentication, ‘black-box’ tracing of communications and amalgamated clearance systems. The time for corrective measures has come: pirates, after all, need only half a second to attack us.
Today, every organisation checks on the identity of its visitors, using procedures that are simple, recognised and almost universal. But how about visitors to information systems? Use of trusted domains and electronic certificates is certainly essential to verify the identity of users and allow them access only to applications they need, without unnecessary risk.
During 2007 the West was the victim of successive waves of cyberattacks. In the balance of power between victims and the supposedly guilty, a logic of ‘blocs’ reminiscent of the Cold War seems to be emerging. Should these attacks be seen as aimed at states’ sovereignty or are they the work of cybercriminals? The answer to that question will indicate the level of reaction called for.
The United States now considers cyberspace to be a battlespace. It has therefore embarked on a number of actions, such as organisation, doctrine, operational concepts and exercises, so that it will in time have an offensive capability. But many challenges remain, including rules of engagement, political acceptability, recruitment of qualified personnel and keeping a lead in IT.
Because the media tend to confuse empathy for victims with the moral legitimacy of wars, the military - in particular the Americans - have had to contend with a less than sympathetic coverage of their deeds by journalists. In an age of mass media, the cult of ‘victimisation’ (such an awful word!) can have dire tactical and even strategic consequences. The indomitable need of moral infallibility that it demands has shaped our vision of war in an ideologically biased way. It is also the sign of a systematic defiance towards all forms of authority, even more so one that wears a uniform, and often against common sense. Information is then likely to become the core stake in a battle that takes over from a purely armed struggle.
The duty of remembrance and the duty of history, beyond their antagonisms, contribute to the civic formation of the citizen. In terms of the development of a critical conscience and of making the individual aware of his responsibilities, they serve to reinforce the national defensive spirit. As remembrance is a part of the construction of a people’s identity, the duty of remembrance signifies a desire for reconciliation that is not penitence. The current ‘remembrance war’ weakens the sense of republican identity, and should be considered as a real threat. Combating this ‘memorial terrorism’ calls for the development of a duty of history for the sake of the duty of defence.
The launching of a cautious French initiative to extend its vital interests to include its close neighbours raises the nuclear weapons issue once again. In Belgium, perception of the deterrence question is diverse, ambiguous and of a wait-and-see nature, hovering between NATO assurances, French testing of the water, the restrained daring of parliamentary resolutions and American uncertainty as the Atlantic Alliance’s 60th anniversary approaches.
A continent largely abandoned by Washington at the end of the Cold War, Africa has since the 9/11 attacks reassumed a special place in the United States’s overall strategic vision. It appears that the numerous US political initiatives on the continent could serve as a blueprint for action in other parts of the world.