For the past three years, ANSSI has been providing a collection of guides on cyber crisis management that present the best practices to be put in place to better deal with cyber threats and the crises they may generate. To enable the entire ecosystem to better assess its level of preparedness, these guides have been translated, with the support of the Club des directeurs de sécurité et de sûreté des entreprises (CDSE), into a self-assessment tool – allowing each organisation to more accurately measure its strengths and weaknesses in the field of crisis management and business continuity in the face of cyber threats.

This tool offers a series of 57 questions, divided into 5 themes: governance and interactions between teams involved, processes and tools, crisis communication and external relations, incident detection and response, business continuity and reconstruction. For each question, a series of progressive answers allow a positioning between a novice level (0) and “state of the art”-level (3). It can be used as part of a rapid assessment or as part of a more comprehensive audit, depending on individual needs.

A tool to evaluate and improve

Once the evaluation is completed, the results are presented in the form of a series of indicators, including a synthetic one to monitor its score over time. Other finer results (by theme or by crisis temporality) are also available to identify, in an easy manner, specific improvement areas.

The result also makes it possible to identify the next steps to improve its level of maturity. To accelerate capacity-building activities, a set of tools and documents available in ANSSI’s documentary corpus and within the ecosystem is also offered. This list of tools and documents will be regularly updated, in particular with the new productions of the « Cyber Crisis Management » collection of ANSSI and the « Crisis Management and Training » working group of the Cyber Campus.

The requirements of the SecNumCloud repository prevent customer data from being accessed by a cloud service provider subject to non-European regulations. These requirements combine legal, operational and technical safeguards.

See the video

To discover this joint release, click on the link below.

Joint publication ANSSI / BSI – 2022

It is the fifth joint publication between ANSSI et BSI.

The previous joint publications :  2018 / 2019 / 2020 / 2021

CSIRTs Network

Since its creation in 2017, the Network has demonstrated its ability to cooperate both in anticipation and in response to cyber threats thanks to the strong trust built between the incident response teams. Leading the presidency trio, CERT-FR aims to optimize exchanges between the Network members and encourage regular contributions to the Network activities. A precious moment for each participant, which, after long months of pandemic, offered technical, qualitative and instructive discussions on the recent incidents. The need to improve the maturity level, in terms of capacity and technical abilities, for both the group and its members, has been reasserted as one of the major goals for the Network.

Cyber Crisis Liaison Organisation Network – CyCLONe

With the experience gained after one and a half year of informal existence, CyCLONe, whose missions will soon be enshrined in European law, has addressed all its structuring activities. Among the discussion topics were the definition of cooperation procedures and interactions with the technical and political levels of crisis management. Ahead of the pan-European Cyber Europe 2022 exercise organized by ENISA in June, training objectives to strengthen cooperation in the event of a crisis  were also addressed. Held after over two years of pandemic, it was also a rare opportunity for high level representatives in charge of cyber crisis management in the EU to meet and exchange on the threat landscape and the challenges posed by the current geopolitical context.

NIS Cooperation Group

With the extension of its mandate under NIS2, the Cooperation Group continues to demonstrate its position as a European forum for all cybersecurity issues. Its members have already begun to discuss the future challenges of the transposition of the new directive. More thematic topics were also discussed, such as the Group’s recent work on 5G and Open RAN security.

Thanks to all participants, ENISA, the European Commission for their active participation, and the Cyber Campus for its warm welcome.

The exercise, mobilizing more specifically the CyCLONe network, has allowed to :

• Strengthen the dialogue between the Member States in terms of strategic crisis assessment and management, as a complement to the dialogue at the technical level (CSIRT-Network);
• Discuss common needs in terms of solidarity and mutual assistance between Member States in the event of a major crisis and begin to identify recommendations as to the work to be carried out to develop them.

This sequence is part of a momentum started several years ago to support the development of cyber capabilities in Member States to deal with a crisis of cyber origin as well as voluntary cooperation. First, at the technical level, through the CSIRT-Network, established by the European directive Network Information Security. Secondly, at the operational level, through the work carried out by the Member States in the CyCLONe framework.

What is the CyCLONe network?

CyCLONe (Cyber Crisis Liaison Organisation Network) was created in 2020. It brings together at the operational level the agencies in charge of cyber crisis management of the 27 Member States to meet two challenges. On the one hand, to share national response strategies in case of a cyber crisis. On the other hand, to coordinate the construction of a consolidated analysis of the crisis, for the benefit of political decision makers, both at national and European levels. ANSSI has taken the presidency of the network in January and will run it until June 2022.

For more information on European cybersecurity: ANSSI’s Papiers numériques are available in English.

A major cyber-attack can have a lasting effect on our societies and our economies on a European scale: the EU must be able to prepare facing such a crisis. The European network gathering high level representatives of the twenty-seven authorities in charge of cybercrisis management (CyCLONe) will meet at the end of January, with the support of ENISA and the European Commission, to discuss the challenges induced by a crisis and how to improve cooperation and assistance mechanisms within the EU. This meeting will also explore the role trusted private sector actors, including cybersecurity service providers, could play in supporting and amplifying government capabilities, particularly in the event of a large-scale cyber-attack. It will be part of a broader sequence of exercises played within Council meetings at political level in Brussels aiming to highlight the complementarity of internal (crisis management) and external (response to the attacker) dimensions of the Union’s actions.

ANSSI will also work, in coordination with ENISA and the European Commission, to consolidate the development of national and collective cyber capabilities

• CSIRT (Computer Security Incident Response Team) Network: it has widely demonstrated its ability to react quickly and trigger fruitful cooperation since its creation in 2017. The CERT-FR‘s ambition, co-chairing with the Czech Republic and Sweden for the next eighteen months, will be to reinforce the efficiency of exchanges between the network’s members and continue encouraging a broader participation in the working groups.
• NIS (Network and Information System Security) Cooperation Group: during the first half of 2022, ANSSI will have the opportunity to actively contribute to the preparation and adoption of the new working program for the next two years. These discussions will be of great importance to guide our work on the transposition and implementation of the NIS directive, currently under revision. ANSSI will commit to continue promoting the Group’s activities to durably position it as a central European forum addressing cybersecurity topics.

ANSSI will also seek to reinforce cybersecurity within the EU in a tangible way

The agency will remain mobilized to create a cloud certification that meets the security challenges, and will also continue to promote the certification of cybersecurity products and services in order to create a unified European market.

A presidency of the EU Council only comes every thirteen years: ANSSI is fully seizing this opportunity to promote a sovereign EU in the digital space.

The adoption procedure for the implementation act of the first EUCC (EU Common Criteria) certification scheme is expected to start in the first half of 2022, while the drafting of the second EUCS scheme – for cloud service providers – is already in the final stages.
The third EU5G scheme has just been launched.

ANSSI, the national cybersecurity certification authority

The Cybersecurity Act, adopted in June 2019, gave each member state two years to designate the national cybersecurity certification authority : ANSSI will be the certification authority for France. As such, the agency will be in charge of the authorization and notification of certification bodies, the control and supervision of the European certification schemes implemented, but also, for each scheme that provides for it, the issuance of certificates for the assurance level high.

To learn more

Do you wish to better understand the Cybersecurity Act?
In the latest NoLimitSecu podcast episode, Franck Sadmi – in charge of « Alternative Security Certifications » at ANSSI – highlights the main objectives of the Cybersecurity Act. To learn more about this topic, ENISA created a video on conformity assessment bodies, one of the cornerstones of the Cybersecurity Act.

Would you like to become part of this ecosystem? Reach out to the certification division: certification-eu [at] ssi.gouv.fr.

Ransomware is commonly associated with cybercrime, because it is primarily used for financial gains. The use of ransomware by states or state level actors is of course possible, but has been observed to a much lesser extent. At the beginning, ransomware was widely used against individual users with relatively low ransom demands. Over time, particularly in recent years, ransomware became a major threat to networks of large organisations in so-called Big Game Hunting (BGH) attacks. BGH commonly refers to a ransomware attack that affects a significant part of an organisation’s network. Therefore, the attackers preferably target organisations with reasonable financial solvency in order to maximise their ransom yields. Furthermore, extortion operations are often prepared in advance, in some cases even months before the actual deployment of the ransomware itself.

Since the end of 2019, the extortion attempts in BGH attacks have been amplified by the combination of encryption with other malicious methods. This so-called double extortion model was observed across different ransomware strains and cybercriminal groups. In those cases, the attackers additionally exfiltrated possibly sensitive data of the targeted organisations before starting the encryption in order to threaten the victims with either the public release of the stolen data or the auction/sale of them to undisclosed interested third parties.

In the first half of 2022, France will hold the Presidency of the Council of the EU and will seize this opportunity to strengthen the EU’s sovereignty in the field of cybersecurity by building on the solid foundations established over the past 5 years. Faced with a growing cyber threat, the French action plan focuses on four themes.

First, France wants to make progress in the negotiations on the revision of the NIS Directive and thus promote a high level of cybersecurity among a wider range of actors in line with the evolution of the cyber threat.

Secondly, the French Presidency will be committed to advancing the establishment of a cybersecurity framework for the EU institutions, which is essential for the protection and affirmation of European sovereignty.

Then, France supports the development of a trusted European industrial base. This will involve monitoring the implementation of the European Center for Industrial, Technological and Research Competence in Cybersecurity and a European security certification framework. As a guarantee of trust, European certification offers immense possibilities for security providers and products. Several schemes are already being developed, such as the European Common Criteria, as well as a scheme for the Cloud and one for 5G.

Finally, France would like to initiate discussions on the issue of EU solidarity in the event of a major incident or crisis of cyber origin. The implementation of assistance mechanisms could then be studied, relying on the private ecosystem of European cybersecurity. The capacity building of States and private trust providers as well as the participation in cooperation networks are essential prerequisites to initiate this discussion. In this context, the ANSSI and the Ministry of Europe and Foreign Affairs are studying the opportunity to organize a high-level exercise to establish the link between the CyCLONe network and the political decision-makers of each member state.

« The key is teamwork. European institutions, national cybersecurity agencies and private companies, let’s mobilize to build the European Union’s cybersecurity in the long term » says Guillaume Poupard, director-general of ANSSI.

To review the history of the construction of European sovereignty in cybersecurity and to discover future perspectives, ANSSI publishes today a new issue of its Papiers numériques: European cybersecurity: history of a cultural transformation, available on its website.

Press release – Cooperation and solidarity: cybersecurity is being built at the European Union level