< Back to listing

Posted 6 février 2023

Cybersecurity: What will change in 2023

 

What to expect regarding cybersecurity in 2023? New regulations, increased budgets, development of capabilities and resources... In this new article, discover what the administration is putting in place for digital and cybersecurity to better prevent cyber threats and crises.

One of the highlights of this new year is the upcoming enactment of LOPMI, the French Ministry of the Interior's orientation and programming law. This legislation was definitively adopted by the Senate on December 14th, but the Constitutional Council was seized by more than 60 representatives, which delayed its entry into force. Nevertheless, strong measures are expected, including a budget increase of 15 billion euros over the next five years, to invest in digital and cybersecurity to better prevent threats and crises. This is to equip public services with efficient tools, and toughen law enforcement against cyber attackers.

 

The digital transformation of the Ministry of the Interior

Nearly half of the budget will be devoted to the ministry's "digital revolution": digitization of electoral proxies, new digital tools for law enforcement agencies, deployment of the "radio network of the future" (RRF, a very high bandwidth communications network shared by security and emergency services), and improvements in the way police services receive victims, with filing and monitoring complaints online, and hearings through videoconference.

This budget will also be used to modernize capabilities to fight cyber crime: creation of a digital agency for security forces, deployment of 1,500 cyber patrolmen, implementation of a cyber training facility directly within the ministry, and the launch of a cyber "emergency" call number to report a cyber attack or online scam.

 

Cyber risk insurance
After a long debate on this provision, contested by many cybersecurity actors, institutions and parliamentarians, LOPMI now sets the legal framework for an insurance company to compensate for losses and damages caused by cyber attacks. Victims will have a maximum of 72 hours, "after knowledge of a breach", to file a complaint and request reimbursement from their insurance. This is reserved to businesses only.
Legislators agreed that this provision would not come into effect until three months after the law is enacted, and agreed on leaving out references to ransom payments (cyber-ransom) in order to broaden the scope to all computer attacks.

Tougher cyber penalties
This bill also provides for the amendment of several points of the code of criminal procedure. The first allows police officers, with the authorization of the prosecutor or the investigating judge, to seize digital assets. This will speed up the procedure and eliminate the need to go through the liberty and custody judge for these particular seizures. 
The second point covers penalties for cyber attacks on computer networks, banks, hospitals and emergency services, which have increased. Based on aggravating circumstances, prison sentences have increased from five to seven years in case of fraud against state information systems. The aggravating circumstance of organized gangs is now punishable by 10 years of prison and 300,000 euros fine, for any computer system, private or public.
The third point is in response to the increasing number of computer attacks on hospitals. The directive introduces a new aggravating circumstance for hacking, that could result in immediate death or injury, with a penalty also increased to 10 years of prison and a 300,000 euro fine.

 

The Cyberscore Act provides more transparency on the protection of citizens' personal data
cyberscoreEnacted in March 2022, the law will come into force on October 1st, 2023. It aims to provide ever greater transparency to the general public and deploy a cybersecurity certification for digital platforms. Even if the list is not yet clearly defined, it applies to all consumer platforms:  social networks, instant messaging, search engines, video conferencing sites or even marketplaces that will have to display the level of security of their data using a visual rating, from A (very good) to E (very bad) and from green to red.
The Cyberscore will be awarded following a security audit carried out by service providers qualified by ANSSI. A decree will specify the criteria taken into account for this audit, and in case of failure to comply with the obligation to display the cyberscore, the Directorate General for Competition, Consumer Affairs and Fraud Control (DGCCRF) may impose a fine of up to 375,000 euros on the offending companies.
Cyber attacks will not stop in 2023. They will probably increase, but the State is accelerating its digital transition and investing to better equip and protect itself. Ercom is one of the players supporting the State on a daily basis, and deploying secure tools to protect communications, data and devices (PCs and mobiles) to public services.

 

Sources:

Projet loi sécurité Lopmi 2023-27 programmation ministère Intérieur | vie-publique.fr

CYBERSCORE - Comprendre le Barème de Notation des Sites (cyberscore-france.fr)

6