Position of France
Since 2015, France has adopted a National Strategy for Digital Security. This Strategy, designed to support the digital transition of French society, responds to the new challenges arising from changes in digital uses and related threats, with five objectives:
- To ensure national sovereignty;
- To provide a strong response against cyber-malicious acts ;
- To inform the general public;
- To turn digital security into a competitive asset for French companies;
- To strengthen France’s voice internationally.
This strategy was complemented by:
- The presentation of the Offensive Informatics Strategy (LIO) by the Minister of the Armed Forces Florence Parly on 18 January 2019.
- The French International Digital Strategy, officially presented by the ministry of Foreign Affairs in December 2017.
- The Strategic Review of Cyber Defence entrusted by the Prime Minister to the Secretary General for National Defence and Security (SGDSN) and presented publicly in February 2018.
At the technical and operational levels, various actors contribute to the effectiveness of the French cybersecurity system:
- Created in 2009, the National Agency for the Security of Information Systems (ANSSI) is the national authority on cybersecurity. It is responsible for prevention (including normative matters) and response to computer incidents targeting sensitive institutions.
- The Ministry of the Armed Forces has the dual mission of protecting the networks that underpin its action and integrating digital combat at the heart of military operations. In order to consolidate the Ministry’s action in this area, a Commandment for Cyber Defence (COMCYBER), placed under the authority of the Chief of Staff of the Armed Forces, was created at the beginning of 2017.
- The Ministry of the Domestic Affairs is responsible for combating all forms of cybercrime, targeting national institutions and interests, economic actors and public authorities, and individuals.
Within the European Union (EU), France defends an ambitious vision and the concept of "strategic digital autonomy for the EU". The objective of European strategic autonomy is the guarantee of our collective capacity for initiative and action. This objective is divided into three areas: technology, regulation and capacity-building.
Strengthening strategic stability and international security in cyberspace is one of France’s major objectives. France thus plays an active role in promoting a safe, stable and open cyberspace.
France is particularly active within the UN, where the rules of responsible behavior in cyberspace are discussed. In particular, it has participated in the last five UN governmental groups of experts (GGEs) on cybersecurity, whose work has made it possible to anchor cyberspace in the international system established by the United Nations Charter and to guide States in a dynamic of prevention, cooperation and non-proliferation in cyberspace (recognition in 2013 of the applicability of international law, and in particular the United Nations Charter, to cyberspace, consolidation in 2015 of a set of voluntary commitments of good conduct "standards of behavior" for States in cyberspace).
France is also involved in other international forums where cybersecurity issues are addressed, including:
- Within the Atlantic Alliance, France was at the forefront in the adoption by the 28 nations of a Cyberdefence Pledge at the Warsaw Summit in June 2016. The recognition at the summit of cyberspace as an area of operations now commits NATO to defend itself there. In May 2018, France hosted the first conference dedicated to the Cyberdefence Pledge.
- In the G7, where the Ise-Shima group created in 2016 and dedicated to cyber issues led to the adoption in spring 2017 by the G7 Foreign Ministers of an ambitious declaration on standards of responsible behavior for States in cyberspace, which was complemented in 2019 by the Dinard Declaration on the Standards in Cyberspace Initiative;
- At the OSCE which has emerged as a regional reference forum for the definition and implementation of confidence-building measures in cyberspace with the adoption of two sets of confidence-building measures in 2013 and 2016. Their operationalization today is made difficult by Russia’s counter-productive attitude in this forum.
Finally, France now intends to reflect, with its State partners but also with the private sector and civil society, on the specific role and responsibilities of private actors in strengthening the stability and international security of cyberspace.
In addition, the commitment to address cyberspace issues in cooperation with the private sector and civil society was reaffirmed by the "Paris Call for Trust and Security in Cyberspace" of 12 November 2018, which emphasizes a multi-stakeholder approach "to reduce risks to the stability of cyberspace and to build more reliability, capacity and trust".
This high-level declaration in favor of the development of common principles for the securisation of cyberspace has already received the support of 547 supporters, including 65 States, 344 private sector entities and 138 international and civil society organizations.
For more information, you will find below the official text of the Paris Call of 12 November 2018: