Limited cable audit
Well-equipped and well-equipped, Gugi has in his fleet a weapon of choice, the spy ship Yantar (a clone of which is under construction), equipped with a mini-submarine capable of submerging up to 6,000 meters deep. In August 2021, this supposed “oceanographic” building was spotted in Ireland near the transatlantic submarine cables, through which nearly 95% of the world’s internet and telephone exchanges pass.
The attack on the Nord Stream gas pipelines has raised the specter of a “hybrid war” orchestrated by the Kremlin. In the process, President Macron asked the Navy and the General Secretariat for Defense and National Security (SGDSN) to conduct an audit of 23 submarine cables connected to France. “Thanks to operator Orange and manufacturer Alcatel Submarine Networks, we have significant repair tools, an insider says. On the other hand, we are not able to see if mines or other elements are placed on our cables, especially more. decisive, transatlantic, at a depth of 6000 meters.”
Reduction of NATO’s capacities
A major weakness that prompted the Navy to announce in February that it would take an autonomous underwater vehicle (AUV) and a remotely operated underwater vehicle (ROV) to reach these depths. “We are clearly vulnerable to Russia,” says Bernard Barbier, former technical director of the Directorate-General for External Security (DGSE). A judgment shared by Sönke Marahrens, researcher at the European Center of Excellence for countering hybrid threats: “NATO made the mistake of reducing its capabilities in this area, when Russia increased them.”
While, on October 20, the rupture of a submarine cable (which we do not know whether it is criminal or accidental) in the Shetland Islands, in the north of Scotland, temporarily cut off the 23 thousand inhabitants of the archipelago, experts believe that the sabotage in France would be devastating only if it were multiple. “80% of our traffic goes to the United States, so if one transatlantic cable goes down, it would be good, two would be problematic and three would be very hot,” said Jean-Luc Vuillemin, director of international networks. in Orange. .
Submarine cable cuts, which are relatively frequent (400 on average per year), are mostly accidental, for example related to fishing. Terrestrial cables are more accessible to perpetrators of malicious acts, as was the case on October 18, near Aix-en-Provence, resulting in a slowdown of the Internet for thousands of users. “Can a cable be 100% safe?”, a sector expert claims to ask. Whether on land or under water, in a concrete or steel casing, it is impossible, over thousands of kilometers. Especially since you need many hats to perform maintenance operations.”
Increasing threats to strategic installations
Beyond communications infrastructure, the second major concern relates to cyber security, another front of a potential hybrid war, where Russia has a reputation as an aggressor. Since February 24, several digital raids have targeted Ukraine, Poland and the United States. Thus, on October 10, the websites of American airports, in Chicago, Los Angeles, Atlanta, were blocked for a while by pro-Russian hackers.
In France, the authorities report nothing of note. Cyberattacks against hospitals and multinational companies that have made the news in recent months are mostly the work of cybercriminal groups using ransomware. But Jacques de La Rivière, co-founder of Gatewatcher, a company that developed the first computerized cyber attack detection investigation dedicated to operators of vital importance (OIV), strategic French companies and administrations, whose list is secret, admits that “the engines of its for implant discovery [portes dérobées dans le code d’un logiciel par où passent les pirates pour espionner ou saboter] they are ringing more often these days”.
“Since September, alerts have multiplied, there are many security managers of an OIV. We have suffered many classic DDoS attacks [afflux de requêtes destiné à saturer un serveur pour le rendre inopérant]. At the moment it’s an easy move in the head.” If it becomes more difficult to directly attack large companies, which are now well secured, attackers go through subcontractors. Thus, in 2019, Airbus was targeted by an attack by APT 10 group, linked to the Chinese state, which had gained access to the aircraft manufacturer through one of its suppliers.
The Pearl Harbor Cyber Peril
Today, these state-engineered attacks are above all industrial espionage. However, the National Information Systems Security Agency (ANSSI) regularly warns of a possible dark scenario: that a power could cause a “cyber Pearl Harbor” by depositing “explosive payloads” on a network computer that could be acted upon the day decide to take action.
The director general of Anssi, Guillaume Poupard, however, has always remained silent on possible data in support of this fear. Heard by the Senate on October 5, it revealed only that in 2021, France had been affected by 17 major operations, 14 of which were espionage and, among them, “9 appeared to correspond to operational methods of Chinese origin”.
However, the agency has limited resources. “With 600 employees, Anssi is doing a very good job,” says a former member of the house. Except that given the context, they had to be 1,000 to make it all right.”
Planned factory sabotage
For his part, Jacques de La Rivière is positive: “In terms of protecting critical infrastructure, we are more advanced than the United States”, which has only one cyber security agency (Cisa) as of 2018, compared with 2009 in France. But danger is potentially everywhere… and not necessarily where you expect it.
In this way, if the Russians strike around the Ukrainian power plant in Zaporizhia have raised concerns about a nuclear accident, French authorities ensure that tricolor reactors are ultra-protected, whether buildings (sometimes via automated drones) or computer systems. On the other hand, according to our information, the Minister of the Armed Forces Sébastien Lecornu invited the officials of the aeronautics sector at the beginning of November to discuss the risks of sabotage, with drones or electromagnetic disturbances, of their assembly lines. “There is a special vigilance to be had, given the geopolitical moment we are going through”, we understand in Matignon.