At the one-day cyber-defence conference: “digital warfare at the heart of operations”, held in Paris on 24th September, French defence minister Jean-Yves Le Drian revealed that French forces had suffered a cyber-attack in Afghanistan “that temporarily perturbed the links between Paris and our drones. Our teams quickly reacted and the attack was countered.” He did not say when this attack happened, although it was clearly at least 18 months ago as the last French combat forces withdrew from Afghanistan in early 2013.
Le Drian added that “incidents occur regularly in the immediate vicinity of our weapons systems, which thankfully are designed to be strongly resilient and with redundancies.” He said industry and support services “take the corrective action necessary,” adding that “securing the digital space is now part of what we call ‘the state of the art’.”
In the presence of his British and Belgian counterparts, respectively Michael Fallon and Steven Vandeput, Le Drian announced that France was prepared to undertake “offensive cyber warfare” and that it had the means to do so. He explained that “for our armed forces, the main stake is now to integrate cyber warfare, to combine it with other forms of combat. This new field has become a full-scale military zone in which we must position our forces, defend our power and exploit all opportunities to beat the enemy.” He added that the “cyber weapon must supply a controlled support to conventional forces. It is a new form of in-depth strike whose effects can be considerable… It is also a form of tactical support for the combatants, for example to perturb anti-air defence systems by foiling or neutralising radar systems.” And he added: “Some have already done so.”
Le Drian has already said in the past that he wanted to create a fourth, cyber, branch to the existing air, land and sea armed forces. More than €1bn are earmarked for cyberdefence in France’s revised 2014-19 military programme law. The funds will allow for the recruitment of more than 1,000 cyber specialists in staff headquarters, the DGA procurement agency and intelligence services.
The defence minister noted that considerable progress in cyberdefence has been accomplished over the past few years by NATO, whose NCIRC (NATO Computer Incident Response Capability) has been up and running since May 2014. It protects NATO’s communications’ systems and networks. In addition the September 2014 NATO summit in Wales adopted a strengthened cyber defence policy for NATO adding it to the list of the Alliance’s collective defence tasks and agreeing that international law also applies to cyber space.
France’s four priorities in the cyber sector for the upcoming months will be firstly to guarantee the protection of the defence networks and systems; secondly to build up the cyberdefence operational chain on the kernel of a unit that has already been created with this objective in mind and which will be fully operational in 2018; thirdly to improve cyber intelligence, and lastly to develop the means to act, one of which was the official opening of the cyber pole of excellence in Brittany that afternoon.