Using the power of cooperation to defeat cybercrime

Philippe Letellier 

ITEA Vice-Chairman

Pierre Barnabé

Senior Executive Vice-President, Head of Big Data & Cybersecurity

Vasco Gomes

Global CTO for cybersecurity products, senior expert and member of the Scientific Community

Posted on: 9 June 2020

Cybercrime is an ever-growing issue in an expanding and increasingly accessible digital world, where any chink in the armor can be an Achilles’ heel for business operations, anywhere and at any time. As with digital transition matters, Research & Development & Innovation (R&D&I) cooperation should be implemented to block the cyberattacks that threaten our digital society, to act as a kind of guardian angel and offer sage and easy-to-use cybersecurity.

In view of the steady growth of cybercrime and its increasingly real threats and impact, the need to be informed and prepared to deal with the risks that are posed cannot be understated, from disruption in the supply chain to spying and data theft. In fact, whatever security issues you find in the real world can also be found in the digital world.

Phases of cyberprotection

“Cyberprotection can be seen in terms of phases,” says Pierre Barnabé. “The first was denial, at the start of the 2010s when many thought of cybercrime as a problem for others, and then came the second phase – raised awareness – that we are coming to the end of today." This period of ‘alertness’ has seen IT security spending among companies and organizations rise from 2-3% to 7% of budget and it is believed to continue up to 10% by 2023. As organizations become more reliant upon digital ecosystems, their Security Posture takes on added weight.

Now we are entering the third phase, which is dynamic protection and cooperation.”

This new phase is really a turning point because in such a sensitive situation the willingness to cooperate could be undermined by proprietary business interests. This is where the ‘bubble of trust’ is a key and decisive concept. Atos is part of a Charter of Trust in which more than 20 large corporations such as IBM, Siemens, NEC and others confidentially share information on cyberattacks with each other. What this means is that by cooperating, the protective wall is reinforced and the strength of the many reduces the opportunity of the few. Cybercriminal organizations tend to compete rather than work with each other. As Pierre explains, “there’s a lot of information available to cybercriminals on the Dark Web, for example, so by working with your business partners with the bubble of trust, you can close doors, and fill in gaps and cracks that might otherwise be penetrated by the wrong people.”

Cybercrime is big business

Another real risk lies in the chain of subcontractors and suppliers. Take a company like Airbus, which has a seat supplier that purchases upholstery materials from one supplier and screws from another supplier – there could be many layers involved – then if just one supplier is compromised, the implications could be devastating.

As an illustration, in July 2018, Gartner predicted that “by 2022, security ratings will become as important as credit ratings when assessing the risk of business relationships.” To ensure protection all through the supply chain demands a huge effort but, as Pierre emphasizes, “the more we create the bubble of trust and collaborate, the higher we can raise the bar in our cybersecurity.” The revenue of cybercriminals is growing by 15-20% each year, so it’s an attractive business to be in. It has a GDP bigger than that of Saudi Arabia and ‘employs’ some very highly-paid clever people – sharp and agile young minds who are capable of designing highly complex attacks.

In the market of crime, cyber is worth more than all the crime sectors together, including drugs, prostitution and extortion. “And then I come to my fourth phase,” Pierre says, “and that is the legal framework for prosecuting cybercriminals. Although that’s still a few years away, it is something that is worth thinking about today. Can you think of anyone who has yet been imprisoned for cyberextortion?”

One-upmanship

Risks also come in the shape of objects in the Internet of Things world. Currently most are low-level objects that lack the capacity and storage for ‘spying’ or ‘damage’ but in the future more complex objects like robots could become targets for cybercriminals. Whether this is a CPU in a vehicle or a robot in a factory or in the home, the consequences of a ‘bad robot’ could be devastating.

“To take a very recent example in this time of coronavirus,”
adds Vasco Gomes “a robot is being deployed in the parks of Singapore to monitor physical distancing. Just imagine the chaos a very savvy engineer with a grudge could sow if the robot’s security has an Achilles’ heel.” The questions that arise include: are we adopting too fast, is the product mature enough, are we trying to run before we can walk? Or is it a battle of creators? Attack and defence, who has the better design? Can we infuse more AI into the defence mechanisms? And, just as important, who is prepared to collaborate for the greater good?

Tackling the cybersecurity challenges for our customers

To this end, ITEA and Atos, together with Bosch, Airbus and KoçSistem decided to initiate an international virtual workshop on Cybersecurity to try to mutually understand what the most urgent and painful challenges are for customers today. “Not,” as Philippe Letellier, is keen to point out, “by trying to define any kind of strategy from on high, but by sticking to the reality of the actual challenges faced by businesses.” The aim is to gain greater insight into the key challenges and new trends in cybersecurity with regards to architecture, IoT, AI to enhance security, sovereignty or post-quantum crypto regulation.

Stay tuned for our next blogs where we will be presenting the workshop’s main findings.

Share this blog article


About Philippe Letellier

ITEA Vice-Chairman
Philippe Letellier studied engineering at ENSEM Nancy before obtaining a doctorate in computer science from Paris XI Orsay. In 2000, he obtained an executive MBA from HEC/CPA to acquire a twin perspective: technology and business.Philippe has broad industrial experience (35 years) with start-up and international companies such as Thomson and Thales. His last position was General Manager of the French research centre of Thomson. His main involvement has been in software development for interactive image systems and in R&D management. Among other activities, he was responsible for the definition of strategic views and participated in the definition of the worldwide Thomson Research Programme.He was also deeply involved in standardisation and developed patent production. From 2006 to 2015, he has been Innovation Director at the Institut Mines-Télécom, where he was responsible for valorisation, technology transfer and partnerships. In this role, he participated in the building of the innovation ecosystem connecting international companies, SMEs and the academic world around open innovation and research used as a business-development tool. He has set up an innovation accelerator to support entrepreneurs to push innovations to the market and large companies to manage their digital transition. He is setting up a new start up on mesh solar energy networks.As of 1 September 2008, Philippe Letellier has been Vice-Chairman of ITEA.

Follow or contact Philippe


About Pierre Barnabé

Senior Executive Vice-President, Head of Big Data & Cybersecurity
Pierre Barnabé is Senior Executive Vice-President, Head of the Global Division Big Data & Cybersecurity within the Group Atos, following the successful merger of Bull with Atos. He is also in charge of the Security for the Atos Group. He joined Bull in August 2013 as Chief Operating Officer. Previously, Pierre was General Manager of SFR Business team. He began his career in the venture capital department of Thalès. In 1998, he joined Alcatel Lucent with various successful sales positions (Vice President Sales France, Vice President Sales South Europe) before being appointed Chief Executive Officer of Alcatel Lucent France then Group Executive Vice President Human Resources & Transformation.Knight of the French National Order of Merit, Pierre Barnabé is graduated from NEOMA Business School and from CentraleSupélec.

About Vasco Gomes

Global CTO for cybersecurity products, senior expert and member of the Scientific Community
Vasco is a results-oriented Information Security Manager with over 14 years experience in Information Security Management (Operational Security, Risk Management, Audit Management, Regulatory Compliance and Disaster Recovery, Security Governance) and 18 years in IT Outsourcing.A solid Information Technology general education, and a strong experience in Network Engineering and Telecommunications, gave him ground to a broad understanding of most of the IT technical domains and their context. Having participated from the bid proposal through the set up and day to day governance of large IT Outsourcing contracts provided him the ability of balancing the operational constraints versus the acceptable Business Risks.

Follow or contact Vasco