French Info Systems'National Security Agency (ANSSI) Expert Wolf to EuroFora: EU Rules for Clouds

*Strasbourg/Region Alsace/Angelo Marcopolo/- One among the much needed EU Advances in the Digital World could start f.ex. with a Franco-German initiative to establish some Rules on Strategic Internet "Cloud"-Computing, suggested to "EuroFora" the experienced and hyperactive Senior Official of the French National Security Agency for Information Systems (ANSSI), Philippe Wolf, (See Details Infra), speaking shortly after the latest EU Heads of State/Government Summit in Brussels brought to the Agenda both the Development of Digital Economy, and the necessary building of Trust among Web Users, particularly by guaranteing at least an elementary Personal Data Protection on line, badly lacking Today, as the scandalous example of USA spying over German Chancelor Angie Merkel's phones revealed, (See "EuroFora"s NewsReports from that EU Summit in Brussels: f.ex. ...).

Wolf, personal Counselor of ANSSI's Director General, Patrick Palloux, who responds directly to the Prime Minister, was the Keynote Speaker at the Conclusion of a subsequent "Cyber-Threats" Annual Forum 2013, organized for the Superior Rhine Euro-Region (including France, Germany and Switzerland),  in the prestigious Hemicycle of Strasbourg's Region Alsace's Modern Building, facing EU Parliament's Tower, earlier Today, whose 3rd and last part was dedicated to a Round Table  Discussion on the most Crucial point : How to "React" for the "Protection and Resilience" of information Systems, destinated mainly to Public Administration Officials and Businesses active on Internet, where "EuroFora" had been invited by the Commander of the Gendarmerie for Alsace Region, Colonel Thierry Thomas :
Another French Government's hyperactive Senior Official, who practically organized most of the event, together with the Chamber of Commerce and Industry, as well as the Prefecture, whose Personal role unexpectedly extends from Strasbourg University's EU Programs (comp. f. ex. on the occasion of EU Commission's vice-President, Viviane Reding's recent statements to "EuroFora" at EU Parliament on EU's Public Prosecutor and National Agents "Training" in European Mechanisms for Financial Investigations against Crime : ...), up to the Fight against Cyber-Attacks, where, as he told us, Strasbourg's Gendarmerie Headquarters, strategically located at a beautiful area facing the City's ... "Modern Art" Museum, would play an unexpectedly important role, including into Helping also SMEs to defend themselves while developing projects on line.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   
Introducing to the entire Annual 2013 Event, the experienced Prefect of Alsace Region, Stephane Bouillon, (who has worked in the recent Past as Director of Office for the Minister of Interior in Paris, and former Secretary General of the Presidential Palace Elysée, Claude Gueant : Comp. various earlier Gueant Statements to "EuroFora"), stressed from the outset, that referring also to the Topical example of USA's NSA spying scandal, launched a call to "Protect Internet Users", and particularly Businesses, by "Unmasking" those who might attempt to "Undermine" their activities, and by helping them to Safely use and share the Potential of Digital technologies : A Task where e-Media have to play an important role, he obseved, ensuring that the State is present in order to work together with Businesses and other Social Actors.

In fact, "International Cyber-Crime" presents a New Big "Challenge also to Sovereignity", with more than 2 Billions of Connexions, to which are added, each Year, about 50 Million New Chinese players, etc., transforming the Internet into an Over-Populated area, but often abandoning alone in their Desert those Businesses which fall Victims to Predators"; whose "Aggressions" are progressively moving from Material (f.ex. Computers, etc) towards Immaterial (f.ex. Data, Software, etc) Targets, due to become the main issue in the Future, warned at the Beginning the General  Marc Watin-Augouard, former Army Inspector General, and currently Director of the School for Officers of the National Gendarmerie. Seeking either to seize Richess or to Dominate an area, such Predators have already become worse than the Pirates who attacked  Commercial or Government Ships in the Past, and, since things move much Faster Today, we canNot wait for 4 Centuries, as we did when the International Law of the Sea was build, but, now, we have to Act Fast in order to Build some Rules able to create a New "Public Order" with a "Balanced relation between Freedoms and Security", as he added.

This can only be done at an International Level, but, Today, the Global Community is Divided", and "doesn't have same views", except from Machines and/or Cables, but not on Data Policies, so that all Attempts made until now inside the UNO and/or the International Union of Telecommunications, at nearby Geneva, Failed, as last December 2012 at Dubai. Mainly because the West doesn't want to Monitor Data a priori, in the name of Liberties, while other Countries, as Russia or China, want to be able to Monitor a priori the flux of Data, in the name of National Sovereignity and Security as he said.

=> Therefore, Today it's "at a European Level" that we have to the Need and the Historic "Chance" to be able to Start building such a New Public Order for the Internet, with European Public Order Standards, which will not abandon Children, Aged People, or SM.Businesses alone to some Predators, but agree Together on the Rules to establish, which should be Valid also for the Rest of the World, he advised. And we could then say throughout the World : Either you, agree, togeher with the EU, on some common Principles, or you are dominated by the USA or China alone, since, as the NSA spying Scandal has shown recently, "we can be Allies on Tanks, Ships, Airplanes, Cables etc., but Not on Internet Data !", as he warned.

    In this regard, CoE's "Budapest Convention" of 2001 on CyberCrime, has been ratified by "only 40 States", among which 4 or 5 don't even belong to the CoE, because the Others hesitate, in the name of National Sovereignity, he reminded, evoking a well known issue in Strasbourg's PanEuropean Organisation, with Russia and other Countries'reluctance to admit TransBorder Data Collection by Foreign Countries via the Internet, (Comp. relevant previous "EuroFora"s NewsReport .. ).

    >>> EU is currently at an "Advanced position", particularly since the beginning of this year,, f.ex. with the creation of the European Centre against Cyber-Crime on January 2013, EU's Strategy on CyberSecurity adopted on February, the Strengthening of the European Agency for Security and Information on April, the EU Directive of August 12 , (etc), and this Movement must Continue, he stressed, 2 Years after the Deauville "G-8" Summit, then chaired by France, had started to officially speak about Internet's Freedom and Security Rules, at the initiative of a European Country, (Comp. "EuroFora"relevant NewsReports from Paris and particularlt Deauville's G8 Summit of May 211). Naturally, this European Integration on Web's Rules, could and should extend also on some Industrial Cooperation to fabricate some Material Objects related to the Internet, he added, taking "Rendez-vous in 4 or 5 Years'" Time for some Concluding Results of EU's progress on Digital society...

    + But this needs to be completed also by Parallel moves from Universities, Businesses, Police and Justice, General Watin added, pointing to he rest of the Debates, Structured in 3 Main "Round-Tables" : (1) on "Anticipating" the Cyber-Attacks and their "Intentions", (2) on Facing the "Damages" thus provoked and "Responding" to them, and (3) on "Reacting" by ensuring the "Protection" and the "Resilience" of Administrations, Businesses and Households, according to their Headings, artfuly guided by the experienced and omnipresent in many European events here, René Eckhardt, President of DirCom and a long-time member of Strasbourg's Press Club, who has worked for OberRhein's Cyber-Security Forums for years :

-------------------------------------------------
    Among the various Useful Interventions which followed, by various Experts, on several Specific aspects of these issues, certain particularly Interesting points were raised already from the 1st Round Table on "Anticipating" Cyber-Attacks :

    - Indeed, the Time at the Internet runs too Fast for the Victims to react on the spot, only when they see a Cyber-Attack, because, in fact, it might have already started a more or less long time Before it's discovered and becomes obvious at the surface, and, in addition, its consequences at the Web can be so Massive and/or quasi-Instantneous, their Consequences so Irreversible, that the only Efficient way to have a real Chance to Defend itself is to "Anticipate" it, by detecting possible weaknesses, taking Preventive Measures to strengthen their Protection, and Organizing from beforehand the actions which might be needed in order to face any such Attack whenever it occurs, (f.ex. by gathering and making easily Accessible all relevant Information on the various kinds of Urgent Help to the Victims, what they can do after a possible Cyber-Attack, to whom they should address themselves, who will do what inside a collectivity, which "Plan B" might be set up in case of Destruction of all or part of a Busineses' main Information/Communication Tools, etc., advised in substance the very Practical Colonel Joel Ferry, Deveryware's Counselor on Major Threats against SMEs.

    - This was followed by some very impressive and concrete Examples of particular Cyber-Attacks which can be committed f.ex. through "USB Keys" inserting certain "Spying"Virus inside a Victim's Computer, and/or by usurpating and Divulgating the Ideas, Inventions, and other Intellectual Property of a Business, followed by the corresponding Advice on how to Prevent such sly Traps, by being more Vigilent and Careful, as well as as by Taking certain adequate Measures of Physical and/or Legal Protection, according to useful demonstrations made successively by Ludovic Haye, Expert Responsible for Production at Peugeot-Citroen, and Lawyer Cecile Boutriaux, of Strasbourg's Bar.

    + University Professor, and GRASCO Research Group Director, Chantal Cutajar, anounced that she hopes to have "in 1 Year"'s time the Results of a currently on-going Research that would present a 1st comprehensive Suvey of CybeCrime Victims, which Lacks until now, while a recent Estimation points at almost 65% of Internet Users throughout the World as Victims of one or anoher form of Cyber-Attacks, such as "Identity Theft, Credit Card Fraud, or Virus' transmission", etc, i.e. some 1,5 Millions of Victims each Day, or about "8 Victims per second" !...

    But most Victims don't even reveal, nor register the Damages that they face because of several, more or less important Cyber-Attacks, eiher because they don't hope to find soon and simply enough an efficient Reply, or because they believe that this doesn't worth the Expenses in which they might be obliged by a Judicial Investigation, unless they don't even know what exactly they could do, Cutajar warned, denouncing the fact that, in consequence, we don't yet have a precise overall picture of the real situation facing CyberCrime, (which could be much Bigger  than expected). This current lack of reliable Data, hinders in practice the Development of Anti-CyberCrime Law, Cutajar denounced.

                                                                                                                                                    
    - She was harmoniously accompagnied by her collaborator, Judge Muriam Quemener, Deputy Attorney at the Court of Creteil, who  High-Lighted a still on-going "Typology of Cyber-Victims", and observed, inter alia, that, often, a percieved "Complexity" of Legal procedures, practically Dissuades several Victims from lodging a formal Complaint, (while, certain Cyber-Attacks, such as, f.ex. "Web-Harassment or Web-Bullying" on line, are not always percieved as a specific  Internet Crime by some Victims, who might even Not be Aware that they had been Attacked, f.ex. in case of a "dormant" or "silent" Virus, etc).

    => All this obviously boiled down into practically revealing a Need to Clarify and Simpify Rules and Procedures for the Protection of Victims of Cyber-Attacks, particularly concerning active and/or innovative SMEs, fragile Particular Persons, etc, for whom productive Time is soon much more Important, even Crucial, than Wasting Hours or even Days in some uncertain and/or too Bureaucratic Procedures.... Only more Simplified and Efficient Legal Protection Tools, well and clearly Publicized, could succeed to incite most Victims to openly Denounce to the competent Authorities at least the most important Cyber-Crimes that they are facing, so that the relevant Law can be progressively Developed, (comp. Supra)...

    Because, meanwhile, i.e. without having yet a Clear and comprehensive  Picture of what is really happening about CyberCrime, even Insurers, (an obviously useful complement in practice), currently Hesitate, don't know how ti Quantify the inflicted Damages and Insurance payments, and, therefore, either expect to "Mutualize" the Cost by spreading an eventually "Obligatory" Insurance for all or most Internet Users, (something which could Negatively affect European Digital Economy by adding elsewhere non-existent Costs !), or are simply .. "Waiting" for the situation to be Clarified and better Known, after which, .. they might even Refuse to cover Cyber-Risks, half-joked the President of "Clever Courtage", Dr. Jean-Laurent Santoni...
---------------------------------------

    - For the vice-President of SOGETI, Engineer in Armaments, Stephane Janichewski, there is a Contradiction between the growing Importance of CyberCrimes' "Dangers", as long as "Inter-Connexions multiply", (from Spying, up to Theft, Fraud, Destruction of Data, Escros, etc), which provoke Damages whose Global Costs are estimated up to 500 Billions, and the current "Complexity" due not only to the adopted "Techniques", but also to "Judges", to the "Organisations", and/or to "Economico-Social" factors.

    - However, given the importance of what is really at stake, all this "must Not be Left to Experts !", he advised, pointing at crucial socio-Political "Choices", that have to be made.  But, even from a purely Economic point or view, there is always an "Economic Advantage" to those Businesses which are "Better Managed", because they have taken all due Precautions to protect themselves from Cyber-Attacks, Janichewski concluded.
------------------------

    - In fact,"Technologically, Europe does Not Exist Today, no more, (except from the Cards' Chip, which is due to be replaced sooner or later), and I really hope that this will  soon Change, and that EU will, at last, decide to take Action on Digital Economy", provocativelly pointed out in conclusion, Senior Expert Philippe Wolf, personal Counselor to ANSSI's Director General,

    => In the USA, 'the Forms may have Changed Rapidly, (particularly with a Privatisation which has Diversified structures), but the main Aim remains always the same : World Dominace", he warned, while China (who usually delays Changes) has started, already since 1999, to focus mainly on Technology, he added.

    + Replying to an "EuroFora"'s Question on whether EU's "motor", France and Germany, together with other willing EU Countries, would, at last, find a way to join forces at least now in the Digital Economy, in order to create together something New and Strong for Europe's role in the Digital World, Wolf was initially Careful, simply saying that "Today, nobody could do similar Industrial Voluntaristic Policies, as we did in the Past, given EU's and WTO's evolutions, etc.

    >>> But ANSSI's Top Expert soon changed attitude and started to energetically point at concrete Ideas :

    - What could be really Interesting for the EU to do in Today's Digital World, is if France and Germany took an Initiative to propose forging joint European Standards for Cloud-Computing", he suggested.

    - In fact, there are 2 Differend types of Cloud-Computing : One contains only Data, while another adds Powerful Calculation Capacities for Data-Processing", Wolf distinguissed.

    => - It's mainly on thses second type of "Clouds", that of Powerful Processing calculations, that France and Germany could usefully start to do something really interesting, f.ex. by proposing certain EU Standard Rules, ANSSI's Top Expert suggested in reply to "EuroFora"s question.