Axis 2 - Cybersecurity, Cybercrime, Cyberdefense (C3)

Philippe Baumard (PU, CNAM), Sandro Gaycken (PR, EMST- Berlin),  John C. Mallery (MIT), Julia Pieltant (MCF Cnam)

Associated researchers: Pr. Chris Demchak, Pr. David B. Mussington, Pr. Gary Brown, Pr. Paul Cornish, Pr. Robert Jervis, Pr. Nohyoung Park, Pr. Tim Stevens, Dr. Nadim Kobeissi, Dr. Camino Kavanagh, Dr. Enekken Tikk, Pr. Joshua Walker, Pr. Heli Tirmaa-Klaar, Pr. Martha Finnemore, Pr. Henry Farrell, Dr. Carl Horn, Joseph Cannataci, Brown G .

Associated experts: Rafal Rohozinski,  Marcus Willett, Yoko Nitta, Meuel P Klein, Enekken Tikk, Nadim Kobeissi.

PhD students: Marie Devillers ;  Marie Garbez ;  Bouchra Hasnaoui.

The study of threats linked to cyberspace is a priority in any strategic reflection on the security and defense of a territory and its population in the 21st century[1]. Above all, cyberspace is a major field of expansion for all criminal phenomena and actors. Very early on, criminal networks understood the power of hidden communication networks (the Darknet) to move laundered financial flows, illicit goods, activities and services on a massive scale and discreetly, and even to create new ones adapted to these new markets.

Cyberspace has thus become one of the main sources of radicalization, and the communities of experience that have massively developed on the Internet play a central role in the indoctrination and recruitment of future jihadists.

The security of cyberspace is at the heart of new challenges: Machine Learning, for example, is capable of generating human behavior, hidden behind normal activities and generally at the service of mafias and cybercriminals. This revolution in artificial intelligence, on par with the dreams of Turing, Simon and Newell, is becoming a threat to all populations, due to the increased performance of computers, crowdsourcing and Big Data tools derived from social networks and connected objects[2]... Attacks using simulated AI behaviour are already taking place on social networks. Finally, this new space has developed on fundamentally IT and economic bases (the GAFAM business model), with a virtual absence of the regulatory systems traditionally present in our modern societies, and without the contribution of the human and social sciences. A lack of understanding of the characteristics and functioning of this new exchange space jeopardizes the resilience of public and private institutions and has a major impact on the governance of our democratic societies[3].

This research area covers the whole spectrum of cybersecurity issues, from the technical aspects (cryptography, offensive techniques) to the social aspects (psychology, sociology) and geopolitical aspects (information warfare, psychological warfare operations, cyberdefense).

Born out of a partnership with MIT's CSAIL (Computer Science and Artificial Intelligence Laboratory) that began in 2012, this team co-chairs the organizing committee of an international research group that meets every 3 months, and includes 40 researchers, civilian and military decision-makers dealing with the issue of military cyber-stability (Roundtable on Military Cyber-Stability - RMCS). The research component gives rise to training through research, notably within CRM 210, the M2 course bearing the same title. The research programme is dedicated to exploring themes that encourage cooperation (inter-State, police, services, industry and research) to improve resilience and digital security. The aim is to bring together different European, American, Chinese and Russian perspectives on the following research questions:

What regulatory framework should be used to address the issue of attribution of attacks and the costs of the damage caused? (Assimilation of costs at source, WTO, EU, international agencies such as ENISA or domestic agencies, etc.).

What degree of extraterritoriality can be tolerated in the implementation of countermeasures (stopping offensive campaigns, deterrence). What are the economic implications, at European level, of possible supranational regulation of countermeasures? What are the associated issues of competitiveness and national sovereignty?

What metrics should be used to measure the financial and economic impact of cybersecurity in Europe?

(Discussion of current measures, issues relating to the metric system chosen)

What regulatory policy should be used to share the costs of resilience in the European digital and telecommunications industry?

What are the viable monetiztion and value creation strategies for securing the business models of ISPs and service producers?

How can we offset the growth of the grey economy of cybercrime incentives (mechanisms, regulations, software supplier policies)?

The research agenda of this team is the study of the convergence of State, military and organized crime digital capabilities, and their impact on the strategic stability of organizations of vital interest (OIV), regalian institutions (1st circle services), or the interests of the nation in the broadest sense. Strictly speaking, therefore, this is not a team dedicated to cybersecurity (in the technical sense), but to the intersection of international relations, political science, intelligence and digital capability systems (all offensive means, from the physical spectrum to cognitive warfare and destabilisation operations):

In economic terms, the cost of security and correcting vulnerabilities is absorbed by the companies affected, consumers, governments, telecoms operators and service providers. The sector suffers from the absence of a clear regulatory framework for sharing the cost of damage caused by large-scale attacks, both in the United States and in Europe, Latin America and South-East Asia.

In strategic terms, the use of large-scale attacks has entered the arena of confrontation between nations (e.g. the Stuxnet and Flame campaigns), and more recently has become a vector for terrorist attacks and the growth of organised crime.

The economic incentives of the grey economy of IT security, and the failings of the business models present on the market, are the main vectors for the rise in attacks on a global scale. These new factors include

The strong growth of parallel - and legitimate - markets for exploits (discoveries of flaws that can be exploited to carry out an attack). Payment for vulnerability discoveries has seen unprecedented growth in value (estimated at between 200% and 300%);

The leasing of offensive capabilities has also become more democratic, with botnets available for less than $500;

The deterioration in consumers' perception of what is “legitimate” (perception of authorship, digital ownership, free use, the “right” to view streaming material, etc.);

 The growth of business models based on social networks, which creates a reserve of market value among particularly poorly protected targets. The monetization of social networks is a strong incentive for petty computer crime (identity theft, theft of CB identifiers, etc.);

 The delocalization of data, remote access (cloud) and the digitization of currencies are another economic incentive for computer crime, creating a transport of data likely to be monetized on the grey or illicit cybercrime market (mass thefts of identifiers, extortion, blackmail of data from merchants or OIV operators).

 The emergence of very poorly regulated AI capabilities (large language models: LLM, generative AI), which generate new offensive capabilities, but also broaden the attack surface by creating global cognitive vulnerabilities.

This overview identifies a number of crucial economic and security determinants:

The continuity of Internet service providers' operations and the stability of digital infrastructures;

The resilience of services, both for operators of vital infrastructures (health, hospitals, utilities, energy, etc.) and for public and sovereign services (government departments, defence);

The security of electronic payments and transactions, which encourage digital crime by providing an incentive to consume illegally obtained digital goods (torrenting, illegal streaming, software counterfeiting, access theft, identity theft);

Investment in the renewal and generational progression of digital infrastructures (fibre, very high speed broadband), which depends on maintaining profitability and visibility of investment costs over the long term.

[1] Nye, Joseph S., Jr. “Nuclear Lessons for Cyber Security.” Strategic Studies Quarterly, December 2011. Accessed January 1, 2017. http://www.au.af.mil/au/ssq/2011/winter/nye.pdf.  

[2] Schneier, Bruce. Data and Goliath: the hidden battles to collect your data and control your world. New York, NY: W.W. Norton & Company, 2016. Page 27

[3] Baumard Ph. "The behavioral paradigm shift in fighting cybercrime: Counter- measures, innovation and regulation issues", International Journal on Criminology, 2(1), 2014, pp.11-22