Cyber Campus: anticipating the evolution of cyber attacks to be able to counter them

0
Cyber Campus: anticipating the evolution of cyber attacks to be able to counter them
Photo : Campus Cyber

In early February, Bruno Lemaire inaugurated the “Cyber Campus,” housed in 26,000 square meters of a tower in La Défense. Initiated in 2019 by Emmanuel Macron, it brings together representatives of cybersecurity companies, government departments, research institutes such as Inria and specialized schools. One of its working groups has just published a booklet that can be downloaded from the Campus Cyber website entitled: “HORIZON CYBER 2030, Perspectives and Challenges, Anticipating Threat Developments”.

In order to respond to the cybersecurity threat, the Cyber Campus advocates the sharing of resources. It has launched working groups to collectively investigate different themes.

The Anticipation working group, coordinated by Gérôme Billois (Wavestone) and Mathieu Cousin (AXA), brought together three workshops with a total of more than 60 participants from the Campus (suppliers, research, institutions and beneficiaries) who explored existing solutions or solutions to be invented to protect themselves from cyber attacks.

The interactive booklet he presents is a short synthesis of possible futures and associated priorities and challenges. It identifies four possible scenarios: ultra-connectivity, ultra-compartmentalization, ultra-green and ultra-regulation.

An ultra-connected society

In this scenario, in 2025, the development of digital technology has greatly accelerated, and parallel economies have been created. People move from real life to virtual life in one or more metavers. There is no longer a border between personal life, professional life, digital life and real life. Digital identity allows to trace the actions of people, their objects and private data are increasingly used for commercial purposes. China and the USA share the monopoly of new technologies, which can lead to political tensions.

Consequences: attacks are more important. They can target consumer applications as well as stores, factories, use bots, spread malware, spread fake news…

An ultra-compartmentalized society

In 2025, the hacking, thefts and data cross-checking carried out by governments with the help of private companies are revealed: the populations are revolting and demand that the use of digital technology be controlled.

Digital borders are created and closed, strategic supply chains are nationalized, the Internet is partitioned. To ensure national defense, processors, the cloud, and cryptology solutions are favored.

Consequences: the number of sovereign platforms is increasing, which leads to a de facto increase in the number of cyber-attackers specialized on certain targets, especially critical infrastructures. The compartmentalization of ecosystems simplifies target detection for attackers, but in return reduces the risk of collateral damage.

However, because states and cybercriminals are in close proximity, the latter have better offensive capabilities and enjoy impunity and protection. The attacks are then more pernicious: the States themselves can launch more and more ransomware attacks for money or to destabilize other countries. Digital attacks” are multiplying: trapping of software, components… Digital espionage is also on the rise. Submarine cables and satellites are being destroyed, and critical supply chains are under attack.

An ultra-green society

In this third scenario, in 2025, natural and sanitary disasters are more and more numerous, which leads to unprecedented migration waves. Governmental institutions and large groups must give priority to environmental issues under popular pressure. New technologies are decried for their environmental impact.

A new social category, the “unconnected” is emerging: it fights digital practices and their carbon impact.

Consequences: citizens are demanding energy savings, including in the digital sector. Businesses are closing down or radically changing the way they operate, with significant costs. Solutions with a low impact on climate change are prioritized. Individual pollution quotas, including for the digital sector (number of e-mails, amount of stored data) are being set up by the authorities.

Cyber attackers take advantage of this conflictual climate to monetize their services and will not hesitate to carry out sometimes violent and very destabilizing acts of hacktivism, destroying systems that would be too energy consuming (digital currency & cryptoactive, data centers…). Environmental ideologies will be instrumentalized for the benefit of cyberattacks (ransomware, extortion…). Attacks will be more destructive, especially when they concern the moral and physical reputation of people or non-local supply chains.

An ultra-regulated society

In this last scenario, in 2025, attacks and scandals following the use of personal data are multiplying and there is no longer any trust in digital technology.

The general public demands more transparency, control and autonomy over the management of their data. Governments, who want to preserve the economic development linked to the digital transformation, are implementing regulations and intensifying controls.

Consequences: There are too many regulatory bodies, the rules to be respected are not clear, especially in Europe. Some services are closing, others are becoming fee-based. The big international groups are the only ones who have the capacity to comply, but most of them cannot do it for all countries and receive fines.

As the number of cyber extortions explodes, so do the number of amateur cybercriminals. Cyber attackers threaten their victims with reporting them to regulators for non-compliance, the latter prefer not to file a complaint. They pretend to be regulatory authorities and false fines are legion.

The anticipation group writes:

“It is obvious that the future of our society in 10 years will not be exactly similar to one of the identified scenarios, but it will probably be a more or less strong combination of the four”

On the other hand, these scenarios have helped identify the challenges that organizations will face in the coming years and establish five priorities:

  • All digital systems must be secure;
  • Everyone must have control over their digital lives and data;
  • Instill large-scale resilience through automation and AI;
  • End impunity for cybercriminals;
  • Increasing the attractiveness of the industry.

These priorities are the subject of the second chapter of this interactive booklet that can be downloaded from Campus Cyber.

Translated from Campus Cyber : anticiper l’évolution des cyberattaques pour être en mesure de les contrer