What is cybersecurity?
Cybersecurity is the development of technologies, processes and controls to protect systems, networks, programmes, devices and data against potential digital attacks, with the aim of ensuring three properties of information, services and IT infrastructure: confidentiality, integrity and availability.
The main purpose of these increasingly innovative and numerous cyber attacks is to retrieve, modify or destroy sensitive information, but also to extort money or interrupt business processes.
Cybersecurity and digital security, what's the difference?
Many people use the two terms interchangeably. While the difference between the two terms may not seem obvious at first glance, it is nonetheless very real.
While cybersecurity generally focuses on protecting the digital infrastructure to prevent hackers from accessing sensitive data on a network, computer or programme, digital security refers to accidental threats, and focuses on mechanisms to protect against them.
Why is cybersecurity a high-stakes area?
Digital technology has transformed the way we live our lives, to the extent that much of our lives, both personal and professional, are spent online. Every day we search, pay bills and make purchases, or exchange personal information in the digital world. Yet, as our digital footprint grows - exponentially - so does the risk of having our personal data compromised by a cyber attack.
These digital attacks can, at an individual level, result in everything from identity theft to extortion attempts to the loss of important data. Organisations of all sizes and status - public and private - are also targets of daily attacks ranging from simple phishing emails to complex and detailed operations orchestrated by criminal gangs.
The risks are also major for states or operators of human and economic importance. According to The hidden costs of cybercrime, a study carried out in 2020 by McAfee and the CSIS (Centre for Strategic and International Studies), based on data collected by Vanson Bourne, the world economy would lose more than a trillion dollars each year.
Every country depends on critical infrastructure such as power plants, hospitals and financial services companies. Attacks on related systems (e.g. the hospital in Dax, in the Landes region of France, whose computer system was literally paralysed by a ransomware attack in early 2021, or the cyberattacks on media outlets (such as TV5 Monde or France Télévisions) or town halls (such as those in Angers or Douai)) could be particularly problematic. Securing this type of organisation is therefore essential for the proper functioning of our society.
Finally, digital security poses a real question of sovereignty for States and the European Union, which must be able to cover the growing needs in cybersecurity and ensure the sovereignty of their infrastructures and applications.
What are the different types of cyber security threats?
In order to put in place effective and appropriate protection mechanisms, it is important to be aware of the threats and attacks that target the hardware, the network, the system or the applications, but also the users themselves. Some examples of common cyber threats are
- Malware
Among the most common cyber security threats, malware is the many forms of harmful software that run when a user downloads it by mistake. This includes viruses, Trojan horses and spyware.
Ransomware is another type of malware, designed to extort money by encrypting access to files or a computer system and demanding payment of a ransom to decrypt and unlock them.
- Distributed denial of service attacks
DDoS (distributed denial of service) attacks flood servers, systems and networks with traffic (messages, connection or packet requests) to slow them down or take them offline, preventing legitimate traffic from using them.
- Advanced persistent threats
Advanced persistent threats (APTs) are prolonged targeted attacks in which an attacker infiltrates a network and remains undetected for long periods of time in order to steal data.
- DNS poisoning attacks
DNS (Domain Name System) poisoning attacks compromise the DNS to redirect traffic to malicious sites.
- Social engineering
This tactic relies on human interaction to induce users to violate security procedures in order to obtain sensitive information that is usually protected. Phishing is a well-known form of social engineering, which involves sending fraudulent emails to users that look like messages from trusted sources, such as government agencies. These attacks are carried out randomly and their main objective is to steal sensitive data, such as credit card or login information. There is now also targeted phishing, known as spear phishing, which involves targeting a specific person rather than a large number of people.
- Man-in-the-middle attacks
Man-in-the-middle (MitM) attacks occur when cybercriminals intercept and modify network traffic flowing between computer systems. The MITM attacker poses as a sender and receiver on the network. In particular, this attack aims to interfere with the exchange of keys that enable the encryption of subsequent exchanges. The goal of the attacker is to replace the exchanged key with a key he knows so that he can defeat the encryption protection for subsequent attacks.
Current concerns... and future ones
The development of new technologies raises questions about their level of security and, consequently, the emergence of new threats and attacks.
This is the case, for example, with the Internet of Things, a real catalyst for intelligent infrastructures such as Industry 4.0 and intelligent transport, but whose revolution is accompanied by security and privacy issues: "Connected objects thus form a fully-fledged computer network, operating in a more 'open', 'dynamic' and 'flexible' way than a 'classic' network, whose architecture, being more 'rigid', is also more resistant to attacks. IoTs have to exchange a lot of data from the environment in order to offer various functionalities to their users, which makes them potentially more vulnerable," explains Jérôme François, an Inria researcher in the Resist team, in an article on the SecureIoT project.
This is also true for blockchain, which is being massively adopted by governments and industries, and the cloud, where the rise of the hybrid workplace and the need to move quickly to digital business models has increased adoption. Securing cloud environments, through the preservation of privacy and security of data in online infrastructures, applications and platforms, is thus a critical step in protecting organisations.
The 5G network, which aspires to be more secure than previous generations of networks, also poses new security issues, particularly because of the multiple applications and devices that will rely on its networks, involving an increasing number of network gateways: televisions, locks, connected heaters, etc. If these devices are not sufficiently protected against cyber attacks, many risks may arise, starting with issues of privacy and personal data breaches. If these devices are not sufficiently protected against cyber-attacks, many risks can arise, starting with issues of privacy and personal injury.
Finally, the quantum computer, which promises to tackle complex problems that are difficult or impossible for a conventional computer, will render current encryption methods obsolete, thus becoming a serious threat to the cybersecurity systems on which virtually every business relies.
More and more methods to advance cybersecurity
In response to the emergence of these security issues, new techniques and tools are being developed to try to ensure data security. Driven by cybersecurity research, they are constantly adapting to new technologies and those that are expected to develop in the coming years.
Cryptography, a real pillar of cybersecurity, aims to provide techniques and tools for securing communications, even in the presence of an adversary, and going beyond simple confidentiality. In particular, it provides tools to protect the integrity and authenticity of messages (e.g. preventing the amount of a financial transaction from being altered), ensure non-repudiation (the sender cannot deny being the author of the message) and anonymity. Cryptography is used in many everyday objects: wifi, Navigo cards, mobile phones, games consoles, payment cards, electronic passports, etc. Cryptanalysis, on the other hand, aims to study attacks against cryptographic mechanisms by "breaking" them in order to verify their robustness.
More recently, post-quantum cryptography aims to secure current data and communications against the threat posed by the arrival of a generation of functional quantum computers, capable of weakening much of the cryptography known today to the point of endangering the protection of personal data. "This is why we need to look for new difficult mathematical problems that do not have this flaw. These new problems, in their final form, would make it possible to counter the risks of attacks made possible by quantum computers," explains Antonin Leroux, a member of the GRACE project-team (shared with the École polytechnique), in an article on the subject. This is what scientists and major security companies are working on today, developing various standards for postquantum cryptography that can be implemented using today's classical computers but will be impervious to attacks by tomorrow's quantum computers. "We don't know when this functional quantum computer will see the light of day, but we must be ready when the time comes," adds Antonin Leroux.
Formal methods are also used in the field of cybersecurity to ensure that a system is secure, through mathematical proofs. They consist of modelling all or part of a computer system and applying verification algorithms: "Such an algorithm takes as input the designed model and a security property to be verified, for example the confidentiality of a message, and returns a yes answer (the property is verified on the model) or no answer (an attack is possible). The search for an attack is exhaustive: if a single attack exists against the property in the model, the algorithm will find it," says Jean-Goubault Larrecq in an article.
Cybersecurity: what role for research?
For more than ten years, France has made cybersecurity one of its national priorities, presenting various support strategies and inviting research and industrial players to work together to develop a more secure digital environment.
As part of the France Relance plan, launched by the government in September 2020, a cybersecurity component with a fund of 136 million euros and steered by the ANSSI was created, with the aim of strengthening the security of administrations, local authorities, health establishments and public bodies while boosting the French industrial ecosystem. At the same time, the government announced the launch of priority research programmes and equipment (PEPR) for cybersecurity, co-piloted by the CNRS, INRIA and the CEA, whose purpose is to finance upstream research and support French scientific excellence.
The French academic forces in the field are mainly represented by the CNRS, the CEA, the ITM research faculty and Inria. At Inria, cybersecurity research is one of the structuring issues, covering nearly 7% of the institute's activity with some thirty teams working on the subject (such as Resist, Cascade, Cosmiq, Caramba, Pesto, Prosecco or Grace), mainly in the fields of cryptology.
The institute also regularly collaborates on projects centred around this theme, on the one hand with other institutes, but also with non-academic forces specialised in cybersecurity such as the ANSSI and the CNIL.