Cybersecurity: better protection requires system transparency

“We can only protect what we know well, so the first issue of cybersecurity is visibility”, says Jérôme Brognier, head of Amadeus’ Regional Information Security Office for Asia and the Pacific. “Secure products are often the least documented. However, to improve a system, you have to understand how it works”, Aurélien Francillon, associate professor in the Networks & Security Department of Eurecom, the school of digital science engineers in Sophia Antipolis (Alpes-Maritimes), says for his part.

Both spoke during the “Business Meetings” initiated on December 8 in Arcs-sur-Argens (Var) by the Secure Communicating Solutions competitiveness cluster in Provence-Alpes-Côte d’Azur, which has more than 300 members and covers four areas: microelectronics, internet of things, digital security, Big Data & artificial intelligence. In their presentations, both were hardly reassuring. In their view, cyberattacks will continue to prosper and diversify, without the means of protecting against them being commensurate with the risk.

A threat generating a new offer

Jérôme Brognier thus recalled the explosion of attack methods coming from increasingly better organized actors (state groups, “hacktivists”, private companies providing legal cybercrime services in their country of origin, etc.) and with very different motivations (data theft, disruption of critical infrastructure, etc.). A specialist in the travel industry, Amadeus develops solutions dedicated to 474 airlines, 132 airports, their service providers, rail and maritime operators, hotels, etc.

“Events have multiplied in recent months, like the Canadian company Sunwing which had to ground 188 aircraft in April after an attack on its ‘Departure Control Systems’ and was only able to get them to take off again in manual mode. All the families of actors we work with are represented in the list of incidents”. Statistics from the Microsoft security report in support, he specifies that personal and social networks continue to remain the main weak point.

“They are the target in 71% of cases, hackers go for the simplest”, continues Jérôme Brognier, also referring to the rise of increasingly sophisticated methods of corruption. Amadeus has therefore decided to help its customers to better protect themselves. An opportunity that arises from an express request. “Companies are responsible for their perimeter, but one of them approached us for a managed service, telling us that it trusted us. We are setting up a cybersecurity offer for diagnosis, prevention and detection of threats, protection and problem solving… To know what and where to protect in our market, it is essential to join forces. We are open to partnerships with innovative companies in order to leverage our respective expertise for our industry.”

A need for trust to be satisfied… on condition

Playing cards on the tables to better adapt the fight against cybercrime, Aurélien Francillon also calls for it, especially since he constantly observes the flaws in connected systems and objects. “For ten years, we have attacked many of them to test them and their security remains insufficient. They are more and more integrated, less and less expensive, more and more complicated and information on their design less and less available, even on educational tools.This lack of transparency complicates the analysis of their safety and can lead to suspicion, whereas in this area there is a real need for trust.

Opacity poses another problem: without the possibility of comparing and evaluating secure objects, it is difficult to learn how to protect them from weaknesses. Not to mention that more security costs. “Who’s willing to pay the price?” asks the teacher.

If the “Cyber-Resilience Act” on hardware and software products aims to improve transparency by placing the responsibility for cybersecurity on their manufacturers throughout the life cycle of these products in order to guarantee their users better protection against possible vulnerabilities, the requirement is not without risk according to Fabien Aili, president of the SCS division and director of identity verification, biometrics and IA of Docaposte. “We will have to find the right balance between the regulatory framework and innovation so that the first is not an obstacle to the second. Otherwise, start-ups and companies will prefer to set up in simpler countries than France. or the European Union.”

Selected for you

How Anssi transformed during the Poupard era

We would love to thank the author of this short article for this incredible web content

Cybersecurity: better protection requires system transparency

Our social media profiles here , as well as other pages related to them here.