The Express. What is the mission of the Cyber Campus?
Michel Van Den Berghe: First, show that we are stronger together. France is one of the best nations in cybersecurity. Here, at La Défense, we bring together 1,000 professionals from the public and private sectors every day. It is unprecedented in Europe. Behind all this, there is a question of sovereignty. The hardware and many software are mostly American. It is up to us to prove that we are capable of protecting our data. Hence the idea of making resources available to French businesses and administrations. The other objective is to offer a flagship location, a totem, to organize events (300 this year), to attract more experts and talents, in order to explain our professions that are intellectually fascinating but which struggle to attract people. There’s this overly entrenched imagery of the geek wrapped up in a hoodie. Last year, 500 teachers from technological and general high schools were sensitized and we expect ten times more this year. We are also working on a cybersecurity series with Alex Berger [le coproducteur du Bureau des Légendes] : “Welcome to Cyberia”. This program has quadrupled the rate of attractiveness of the General Directorate of External Security, French intelligence (DGSE).
In terms of mixing skills, what is your assessment of it one year after its inauguration?
It was a real gamble to bring together researchers from the CNRS (National Center for Scientific Research), Inria (National Institute for Research in Digital Sciences and Technologies), CEA (Commissariat for Atomic Energy and alternatives) as well as professionals from different backgrounds, from sometimes competing companies, in the same place. But it works: today all of our spaces are rented, ie 1,800 workstations. With teleworking and the flow of people going back and forth between the headquarters of their companies and the campus, there are 1,000 of us on site every day. We even have a waiting list, so much so that we plan to extend the site to Paris and the regional centers more quickly than expected. Finally, profitability is there with 25 million euros in turnover for the first year. The campus stands out as a true operational centre. Twelve working groups have been set up, with the first “deliverables” already. I am thinking in particular of the report on the evolution of the threat and the response by 2030. Customers, like banks, requesting cybersecurity solutions, are also present. Sign that the mayonnaise takes: about thirty international delegations including Americans were welcomed. When the eagle is inspired by the rooster, it’s rather flattering…
Michel Van Den Berghe, former boss of Orange Cyberdefense, at the head of the Cyber Campus
© / Campus Cyber
You too were inspired by the development of similar cyber hubs in the United States or even in Israel…
It’s true. But I must also say that we mainly looked at the errors that should not be reproduced. The CyberSpark in Beersheba, Israel, for example, is great, but it’s far from Tel Aviv where the start-ups are. We also decided to have our researchers, our companies and our customers work together in the same place. On the other hand, we can do better in new businesses. It’s the golden age of cyber right now, as attacks are quadrupling. And yet we have no French unicorn in the cyber domain. We have excellent schools, very good researchers. There’s no reason we can’t convert the essay. We have tried to make our contribution to the building with the establishment of a cyber-booster on campus which hosts selected young shoots free of charge and accompanies them with customers. With this, we hope that they will attract funds, preferably French or European, for our sovereignty.
Speaking of sovereignty, what do you think of the cybersecurity contract signed by Station F, the vast start-up campus located in Paris, with the American company F5?
I sincerely regret it. We have enough sovereign solutions in France to avoid entrusting this kind of mission to an American company…
What cyber threats are you most worried about right now?
Ransomware (or ransomware). Big companies are getting better and better at protecting themselves against it, but they can kill small companies when they don’t pay the ransom. We are therefore participating in the implementation of the “cyber shield”, presented last fall by the government. The other victims are the increasingly digitized hospitals. These attacks jeopardize the health of patients. This industry of ransomware also pockets a lot of money: on the dark web, a medical data is worth 50 times more than a bank data since a medical file costs about 350 euros. A complete identity with proof of address – enough to open a bank account – is around fifty euros. Some hacker groups offer their services, software and “after-sales service” after collecting ransoms. It’s incredible. We also follow the development of new technologies such as deepfakes, which are gaining momentum with the rise of artificial intelligence (AI). The “presidential scams” (Editor’s note: where the hacker pretends to be the manager of a company to one of his employees) are increasingly sophisticated. Finally, we closely follow advances in quantum computing. New, more efficient encryption algorithms must already be found, before they are rendered obsolete.
How do we collectively protect ourselves?
First there is what is called the approach secure-by-design. It is a question, from the design of a code, of assiduously testing its robustness, its solidity. And more broadly, not to connect to critical architectures, solutions that are extremely efficient in terms of functionality, but which can be sieves in terms of cybersecurity. There is also the segregation of networks, the fact that messaging or management infrastructures are not directly connected to my factory or, in the case of hospitals, to my healthcare equipment. Then in the background, there is always a lot of awareness to be done. Remind people that digital is not intangible: data is stored in physical places that have flaws. This applies as much to young people as to older people, for whom the digital world is advancing extremely quickly. However, I reject fatalism: if there is obviously a personal hygiene to have on the Web, it is up to us to give good practices, to make the Internet as less tricky as possible.