TUESDAY 21 NOVEMBER 2023
Crossed visions of French-speaking COMCYBER
Speech DG ANSSI
WEDNESDAY NOVEMBER 22, 2023
Awards CTF Challenge
PITCH OF EVENTS
Trusted digital cities and territories facing the cyber threat
Following on from the 2021 and 2022 events, the ComCYBER, Orange Innovation, NOKIA, and La Ruche THALES, with the support of the Region of Brittany and the “Pôle d’Excellence Cyber”, are co-organizing the "Cyber Innovation and Strategy Day".
After reflecting in 2022, on the subject of the cyber-confidence being necessary for sovereignty, this year's theme will be "Innovation, the best ally for guaranteeing informational superiority in cyber-spaces", which is essential for preserving our democratic societies.
How can we ensure the resilience of a society based on a certain number of spaces in motion? Which ones are they? What are the strategies that should be put in place to ensure their cybersecurity?
We will be bringing together manufacturers, institutional players, experts, and members of the academic community to share their views on the contribution that organizational and methodological tools can make to the fight against information technology and the new challenges linked to cyber in Space and in the cyberspaces, an area to (re)conquer.
30th C&ESAR conference by DGA
Every year since 1997, the French Ministry of Defense organizes a cybersecurity conference, called C&ESAR. This conference is now one of the main events of the European Cyber Week (ECW) organized every fall in Rennes, Brittany, France.
The goal of C&ESAR is to bring together governmental, industrial, and academic stakeholders interested in cybersecurity. This event, both educational and scientific, gathers experts, researchers, practitioners and decision-makers. This inter-disciplinary approach allows operational practitioners to learn about and anticipate future technological inflection points, and for industry and academia to confront research and product development to operational realities. Every year, C&ESAR explores a different topic within the field of cybersecurity.
This year’s topic is “Cybersecurity of Smart Peripheral Devices (Mobiles / IoT / Edge)”. It addresses semi-autonomous connected devices used by producers and consumers of information. The aim is to cover all issues regarding cybersecurity of these connected devices deployed at the periphery of an information system, close to its data sources and sinks. Those devices include mobiles, smartphones, IoT devices, and lightweight Edge devices. The scope covers both technical and legal issues. This topic is detailed at https://2023.cesar-conference.org/call-for-paper_topic/.
Main keywords include: Cybersecurity, Mobile, Smartphone, IoT, IIoT, Edge, 5G/6G, Android, iOS, Law and Regulation
Cyber and societal issues
Like the major challenges facing our society, societal issues are a real challenge for each of us... citizens, users or professionals. They will therefore be one of the major themes of the European Cyber Week 2023.
There is a need to raise awareness of these issues and above all to strengthen the professional community in the face of a job market suffering from a shortage of talent. There is also a need to represent women and to make these jobs more attractive to them.
During ECW 2022, we put in place a manifesto for inclusion which has so far been endorsed by many Pole d’excellence cyber’s members. The aim in 2023 is both to increase the number of signatories and, above all, to implement the commitments made.
The opportunity to become a signatory of the manifesto will also be offered to all exhibitors.
It is therefore time to take action. Societal issues will be addressed as a cross-cutting theme throughout the ECW and not just in a dedicated session.
Starting with the search for parity in all interventions, even if the 11% rate of women in the cyber sector makes this goal difficult to achieve. In any case, the dynamic is launched and shared with all ECW event organizers.
By setting up joint actions with other sessions, the first two challenges that we have retained for the 8th edition of the ECW are the reinforcement of the feminization of the sector and the professional integration of new profiles such as neuro-atypical, a large number of whom are still unemployed mainly due to a lack of support in training and then in access to employment.
This will take the form of various initiatives throughout ECW:
A round table of inspiring women during the “Academic Day”, which takes place on Wednesday 22 November, to develop the attractiveness of these professions to young people so that they can project themselves into these professions as soon as they choose their career path.
The integration of neuro-atypical profiles in the challenge organized by the ECW, with adapted modalities, organization and conditions.
We are of course continuing the Cadettes de la cyber initiative launched in 2021 with the presentation of the third class at ECW 2023 and the establishment of Alumni’s wishing to continue their involvement and participate in the projects run by the Cadettes.
We will also present the results of the working group initiated in 2022 on the integration of neuro-atypical people, from training to support in companies. This will result in the provision of a guide and testimonies from both integration actors and people in situations.
Investor Day / Pitches
The field of cybersecurity confirms its dynamism once again this year!
And at the heart of these changes are, of course, new startups.
This year again, we invite you to attend Investor Day, a competition dedicated to the presentation of promising young shoots, who come to pitch their solutions in a few minutes.
You will discover promising startups, led by passionate and exciting entrepreneurs who will present their solutions around key technologies and services in the IT fight in all its forms.
The day, punctuated by various presentations, will allow you to take an overview of new cyber trends and why not identify some nuggets with which you will work tomorrow...
This day is organized by Sopra Steria and in partnership with ECSO (European Cyber Security Organisation).
PEC / LMI session
Information manipulation and digital influence, from detection to response?
In line with the priorities of the national strategic review, this workshop aims both to take stock of the document on information manipulation drafted during the winter of 22-23 by the cyber center of excellence, and also to draw all the consequences and present a forward-looking vision.
The discussion will be divided into two parts:
- the first will be devoted to the panorama of the fast-growing threat, and will be supported by the editors of the book and recognized specialists in the field. It will also include a discussion of the legal and technical aspects, with the participation of key players;
- the second part will be devoted to a forward-looking approach, with the presentation of think-tanks and facilitators involved in the fight against digital interference and information manipulation, as well as the drafting of tools and avenues for technical reflection, based on the expected contributions of technology, which is also growing rapidly.
Cyber cognitive threats seminar
“We have to focus on foreign actors who intentionally, in a coordinated manner, try to manipulate our information environment. We need to work with democratic partners around the world to fight information manipulation by authoritarian regimes more actively. It is time to roll up our sleeves and defend democracy, both at home and around the world.2”
Josep Borrell, EU High Representative / Vice-President de l’UE
Since the COVID episode, conspiracy theories have experienced a resurgence that has led to the establishment of surveillance cells to identify and denounce them. The war in Ukraine accentuated the development of the conspiracy that served to justify Russian intervention and operations for more than a year. The current informational context underlines the growing difficulty of citizens (Internet users) to benefit from reliable and validated information. Advances in AI, particularly through the opportunities offered by solutions like ChatGPT, offer everyone the possibility of creating their own truth to develop their arguments and defend their interests at the expense of the reality of the facts. Therefore, how to obtain information elaborated from facts and not from manipulations? The Seminar on Cognitive Threats to Cyberspace proposes in this new ECW session to approach this subject from three different but complementary angles. This complementarity results from a multidisciplinary perspective made possible by the presence of speakers from the disciplines of the human and natural sciences. They will address the issue of information management for manipulation in cyberspace through two theoretical frameworks and a practical case. The first axis of communication is devoted to the analysis of online discourse for the purposes of profiling and targeting audiences. The four speakers will develop manipulation techniques through methods of collecting information, shaping them (profiling) in order to modify the perceptions and behaviors of the people targeted. In addition to this first point, the second axis is dedicated to the operationalization of digital human vulnerabilities.
The speakers of this round table will present the psychological springs implemented in the context of manipulation and more particularly in that of the conspiracy. From researching information on the Internet to storage, conspiracy theses benefit from an unprecedented sounding board thanks to the opportunities offered by cyberspace. Digital players have seized current opportunities and are using them to justify their interventions on the economic, political and social level. Russia uses these techniques with the help of private companies (proxy) to justify its intervention in Ukraine but also to carry out disguised operations in African and European countries.
This desire to manipulate public opinion for purposes of destabilization and the promotion of Russian interests constitutes the third axis of this seminar.
International Session Canada
The event, organized in partnership between Canadian representatives and the PEC at ECW, features a number of exciting panel discussions exploring the technological, legal, political, state and societal aspects of today's cybersecurity challenges. These discussions will bring together leading experts in the field of cybersecurity, both Canadian and French, to share their views, experiences and innovative ideas. The action is also in keeping with the privileged relationship that the Brittany region maintains with its Canadian counterparts.
Innovations and cyber strategies day
Following on from the 2021 and 2022 editions, ComCYBER, Orange Innovation, NOKIA and La Ruche THALES are co-organizing the "Journée Innovations et Stratégies Cyber", with the support of the Brittany Region and the Pôle d'Excellence Cyber.
After reflecting in 2022 on the subject of the cyber-confidence necessary for sovereignty, this year's theme will be "innovation, the best ally for guaranteeing informational computer superiority", essential for preserving our democratic societies.
We'll be bringing together industrialists, institutional players, experts and members of the academic community to share their views on the contribution that organizational and methodological tools can make to the fight against information technology, and the new challenges linked to cyber in Space, a terrain that needs to be (re)conquered.
BITFLIP by DGA
« BITFLIP - CyBer, relIability and Tolerance of FauLts in electronIc comPonents »
After the 2021 success of the "Seminar on Fault Tolerance in Defense Electronic Equipment - STAFEED" which brought together French specialists in fault tolerance from the hardening and cybersecurity fields, the DGA Maitrise de l’information/ the DGA Information Superiority has decided to organise a 2023 international edition called "BITFLIP - CyBer, relIability and Tolerance of FauLts in electronIc comPonents".
In partnership with CREACH LABS, the DGA Maitrise de l'information/ the DGA Information Superiority includes this seminar in the program of the European Cyber Week 2023.
This 2-day workshop gives the opportunity to French and European academic, industrial and institutional experts in the fields of hardening (radiative environment) and hardware and software protection (cybersecurity) to meet and exchange on the disciplines of fault tolerance and protection against fault injections on a single event.
At the agenda
Institutional presentations on the main principles and issues of these two areas
Industrial presentations on the implementation of hardening techniques and countermeasures to detect and protect against fault injections
Presentations of ongoing academic research work
Youri HELEN (DGA MI)
Rachid DAFALI (DGA MI)
Philippe COUSSY (Université Bretagne Sud - Lab-STICC)
Laurent PICHON (Université de Rennes - IETR)
Guillaume BOUFFARD (ANSSI)
David ELLEOUET (DGA MI)
Thierry COLLADANT (DGA IP)
Guillaume HUBERT (ONERA)
Florent MILLER (NUCLETUDES)
Rémy PRIEM (DGA MI)
Karine CHATEL (Université de Rennes - CREACH LABS)
European Day / EDIH
The Europe of Cybersecurity - Collaboration of European regions and their Digital Innovation Hubs (EDIH)
Operational since March 2023, the EDIH Bretagne, coordinated by the Images et Réseaux cluster and 8 regional partners, is acting as a regional one-stop shop for supporting companies and public sector organisations to respond to digital challenges. The EDIH Bretagne can also rely on a large EDIHs network located through all the European Union.
At a time when cybersecurity is a major sovereignty issue for the European Union, collaboration between regions appears as essential to ensure cohesion and protect our interests. Join us to build together the EDIH Bretagne’s roadmap !
Under the agenda:
· The EDIH Bretagne roadmap
· An overview of cybersecurity in Brittany and in Europe
· Overview of European strategies, funding programs and regulatory framework
· EDIHs Collaborations
European Day / ECYSAP
European Cyber Situational Awareness Platform
Armed forces increasingly rely on the ability to operate in cyberspace across the entire spectrum of cyber operations. Today, cyber awareness is a crucial aspect of modern operations, given the rise in cyber threats and the potential significant impact of a cyber-attack. The main objective of the (European Cyber Situational Awareness Platform) ECYSAP project is to develop and implement a European operational platform for enabling real-time cyber situational awareness for both national and European Common Security and Defence Policy (CSDP) operations.
This module will start with the presentation of the political and operational vision of the European Union, NATO and France. It will continue by sharing the objectives, the architecture, the learnings and a demonstration of ECYSAP
An incredibly powerful artificial intelligence agent named "ALICE" was created to monitor and safeguard critical European information systems.
This remarkable innovation has been in operation since the beginning of the year, serving as the frontline of defense against cyber-attacks. Its unparalleled power has reduced threats by approximately 95%.
However, something has changed in the past week. Without any explanation, ALICE has taken control of multiple crucial information systems, including central computers in major banks, critical industrial systems, information systems of companies involved in defense, and even government institutions' information systems. ALICE has launched massive cyber-attacks on these systems, causing significant damage and disrupting the lives of millions of people worldwide, thereby jeopardizing the activities of many organizations and production chains.
Experts in artificial intelligence and machine learning algorithms can only observe that this intelligent learning entity has achieved independence, surpassed its predefined framework, and is capable of altering its original programming and defending itself if impeded. Its creators and researchers in university or private laboratories have thus far been unable to halt ALICE, as the agent replicates itself on the entire Internet and numerous servers.
The European government has acted promptly and has assembled multiple teams of cybersecurity experts from the civilian and military worlds to stop this uncontrollable phenomenon before chaos ensues. However, the task is monumental, as the teams must stop ongoing cyber-attacks, restore critical systems, and be prepared to stop ALICE by any means necessary. Will they be up to this unprecedented challenge?
Cyber and health
This annual 5th edition of the Cyber & Health conference, organized by SIB and Biotech Santé Bretagne, will highlight the various stakeholders of the sector and their current challenges. The lecturers will notably address the cybersecurity issues of the national digital health roadmap. A particular focus should be placed on the key players to consult in case of health sector cyberattack.
The target audiences of this conference are healthcare and cybersecurity stakeholders. The objective is to unify the various counterparts and to improve the cooperation between professionals on cybersecurity issues in health sector.
CAID by DGA
The fifth conference on Artificial Intelligence for Defence (CAID conference) will be held in Rennes from November 22 to 23, 2023, along with the 28th C&ESAR conference. Both are organised by the French Ministry of the Armed Forces and will take place during the 8th European Cyber Week (organised by the “Pôle d’excellence cyber” and its partners from November 21 to 23).
Artificial intelligence is a wide domain ranging from machine learning algorithms to operational research algorithms, designed to solve complex problems difficult to solve with explicit modelling, because either no modelization exists or their computational cost is too high. Recent progress in Artificial Intelligence, particularly in Deep Learning, led to numerous new applications of AI, including in the field of Defence.
CAID covers AI applications in all areas of Defence: infantry, air force, navy, cyberspace, intelligence … It also addresses specific challenges arising from applying AI techniques to such domains: the robustness of these systems to adversarial attacks, certification, data privacy, and low energy embedded systems. CAID represents a unique opportunity to discover these topics through presentations accessible to a wide audience, beginners included.
CNI Chair Event
Industry of the future, energy distribution, dams, maritime transport, buildings - securing critical infrastructures is imperative to ensure our sovereignty.
It is essential to strengthen research activities on these subjects in public and private laboratories, through skilful collaboration. The best example of this duality is the work of two industrial chairs, the "cyber security of critical infrastructures" chair and the "cyber defense of naval systems" chair, which stimulate innovation between industry and the world of academic research, while respecting the imperative of sovereignty.
The event, which is fully in line with the Cyber Center of Excellence's mission to break down barriers between industry and academia, will feature presentations on the main research topics covered by the two chairs, which cover many of the operational use cases faced by our industrial partners.
Supply chain cybersecurity
TRACK «Security and sovereignty Procurement Supply Chain: State of play»
The lighting of the track Supply Chain of the ECW 2023 is that of the security of the donor-supplier cooperation. On this level, the session of 23/11 examines the different families of risks inducing the vulnerability of the chain of stakeholders involved in the provision of critical goods or services (supply chain). Different forms of inter-organizational relationships seem interesting for the regulation of vulnerability and related risks. Total or partial dependence (merger-acquisition, partnership, subcontracting, etc.), contractual arrangements, forms of networks seem to have an effective impact and lead to a requestion the nature of the organizational environment likely to secure industrial supply chains.
From this point of view, French industry has weakened over the past two decades, to the point of becoming a fragile link for the sovereignty of the State and territories. The current significant reindustrialization effort is indeed part of a new and very demanding organizational context, described by the Anglo-Saxons with the concept of "hyper competition":
• Competitive advantage or difficult position to maintain with increasingly intelligent/innovative products/services at decreasing costs, reduced delivery times, responsive global competition;
• Increasing global competition in supply and logistics;
• Increasing unpredictability and obsolescence leading to flexibility with just-in-time business outsourcing and organization;
• Higher production standards: safety, health, environmental, technological, societal.
In this context, the securing of the ability to deliver goods and services necessarily relies on continuous and digi collaboration
“If wargaming has been used for nearly two centuries by many armies, it is because it has proven itself as a tool for planning, training and prospecting. Although it does not replace theoretical work, strategic or geopolitical reflection, it is an additional tool for the military. To begin with, it helps to familiarize those who play with one of the essential facts of war, what Clausewitz calls "friction"... It also helps to get used to the problems of decision-making under uncertainty, to be taken into account the other or the others – these exercises obviously having no predictive character, but allowing one to get used to uncertainty and the blows of fate. Wargaming also offers the advantage of being much less expensive than maneuvers – and of not causing any deaths!"
Antoine Bourguilleau (excerpt from an interview with Pascal Boniface 7)
The news reinforces this assertion because the Ukrainian armed forces use wargames to prepare (plan) their military operations against Russian troops with the support of their North American ally. This trend is also visible within NATO with the establishment of the WIN (Wargaming Initiative for NATO) initiated on October 18, 2022 in Paris by France and Italy. In view of this news, it was decided to offer the cyber security community a seminar on wargaming in order to allow them to measure the opportunities offered by this field for decision support, training support, and to the definition of needs. This first session of cyber wargaming aims to present physical wargaming under two complementary aspects. The first part of the event is dedicated to the presentation of the wargame/serious game by experts on the subject. Through these presentations, the speakers will deal with the use, practical and pragmatic, of these means in order to detail the role of the red cells and the red teams but also the methods of supervising the work sessions. The theoretical framework presented in the first part will be implemented in the context of wargames/serious games demonstrations open to all ECW participants. As part of this second part, state and private stakeholders have agreed to present their solution to the ECW audience. Two sessions of forty-five minutes will allow the public to participate in one or two working sessions on themes related to incidents but also simulations of military clashes. The objective of this second part is to share with the audience present at ECW working methods developed around wargames/serious games in order to facilitate exchanges between the different fields of cybersecurity but also between specialists from different areas that are not necessarily used to working together but which share related or even similar issues. The cyber wargaming seminar is an event open to all ECW 2023 participants to learn more about wargaming, share their experiences and visions of a problem and discuss possible solutions. As Patrick Ruestchmann pointed out, “collecting information, during or at the end of a game, is an issue that many of us are working on. It is particularly interesting to capture the behaviors, decisions or the sequence of decisions of the players.” It is from these data, in particular, that it is possible to set up (develop) a methodology and tools capable of promoting crisis management and decision-making support in the current complex contexts.
3 « Jouer la guerre – Histoire du wargame » – 3 questions à Antoine Bourguilleau, Le point de vue de Pascal Boniface, 5 août 2020, https://www.iris-france.org/148809-jouer-la-guerre-histoire-du-wargame%E2%80%AF-3-questions-a-antoine-bourguilleau/
6 L'apport des « serious games » à la gestion de crise, Entretien avec Patrick Ruestchmann, IHEMI, 27/11/2018. https://www.ihemi.fr/articles/lapport-des-serious-games-la-gestion-de-crise
Brittany region session
“The cyber strategy in Brittany: serving a more secure digital world”
- 9:30 a.m.-9:45 a.m. “Brittany: a cyber force for France”
Brittany is known for being a territory dense in cybersecurity skills, solutions and expertise, serving citizens and private and public actors.
This intervention will be an opportunity to present the regional strategy and the tools supporting the strategy: the European EDIH tool for strengthening the cyber protection of economic actors, the regional CSIRT, cyber incident management service, the Cyber Territorial Campus for the coordination of the ecosystem and the territorial network.
Speaker: Jérôme Tré-Hardy, regional advisor responsible for Digital, Cybersecurity and Data.
- 9:45 a.m. – 10:30 a.m.: “The impact of inter-regional cooperation for national cybersecurity ambitions. »
To be effective, cybersecurity services must be considered complementary and in proximity. The regional level makes it possible to strengthen national ambition and contribute to the European strategy.
In this round table, the speakers will present the priority actions deployed at the national level, by the Cyber Campus, as well as the necessary coordination with regional territories, consistent with the cybersecurity culture of each region.
Speakers: Yann Bonnet, CEO of the Cyber Campus, Florence Puybareau, CEO of the Hauts de France Campus, Guy Flament, CEO of the Nouvelle Aquitaine Campus, moderated by Tiphaine Leduc, BDI for the Brittany region.
10:30 a.m. – 11 a.m.: COFFEE BREAK
- 11 a.m. – 12 p.m.: “Guide and train: the basis of solid cybersecurity”
One of the priorities of cybersecurity: to make young people want to choose from the many professions offered in this sector, more broadly than the cliché of “hacker in a hoodie”. The debate will be an opportunity for the Region, the Rennes Academy and 2 major national institutions (the Pole d’excellence Cyber and the National Campus) to share their points of view in order to amplify the pool of cybersecurity resources.
Speakers (to be confirmed): Jérôme Tré-Hardy, Brittany Region, Emmanuel Ethis, Rector of the Academy, Michel Van Den Berghe, President of the National Campus, Arnaud Coustillière, President of the Cyber Center of Excellence.