Recently I was dispatched to Lille to attend the 8th International Cybersecurity Forum  to report live,  and shortly after I shared some key insights from the top keynotes focusing on the political agenda around cyber-security, including copies of keynote speeches at the event from European Commissioner Günther H. Oettinger, French Interior Minister Bernard Cazeneuve, and Security Minister at the UK Home Office John Hayes.

[easy-tweet tweet=”Get the latest on French #CyberSecurity from @BillMew and the top French #CyberCop”]

I’ve been to many IT security events in the UK. Never have I seen the British police manning a stand at any such event, but in Lille the French Interior Ministry has a stand that was crawling with Cyber-cops – many of them heavily armed. We asked to speak to the top cyber-cop to get a direct line on what their main challenges are.

OCLCTIC – One acronym to beat them all!

The greatest challenge that they face is volume of data, but this data is not uniformly spread across the various threats: the greatest volume by far is in relation to scams and hacks where they are overloaded. Child exploitation involves a far lower volume of data and terrorism less still – meaning that it is far more like finding a needle in a haystack. Different technologies and techniques are therefore required in each area.

Sometimes interrupting these data flows is a real challenge. A great deal of the scams, hacks, and fraud come from abroad and arrive in enormous volume (as with DDOS attacks), while child exploitation is hidden and terrorist activity is either public (where the authorities seek to interrupt and take down propaganda) or secret (where activists seek to communicate, coordinate and plan their actions).

the central office for the fight against crime related to information and communications technology

The French National Gendarmerie has the most policing resources both physical and electronic, but the Interior Ministry (headed by Bernard Cazeneuve who was a speaker at the event) has established a specialist unit called L’Office central de lutte contre la criminalité liée aux technologies de l’information et de la communication (OCLCTIC) – which means the central office for the fight against crime related to information and communications technology.

Meet France’s top Cyber-cop

cybercopFrancois-Xavier Masson, Chef de l’ OCLCTIC, is the unit’s head. He explained that the cyber security unit is focused on technologies and techniques to address the massification (growth in volume) of threats, attacks and breaches as well as the sophistication of criminals through their use of everything from malware to encryption and the dark net. 

This body is not only the main unit focused on organised crime, scams, fraud and hacking, but it also works closely with Europol on an operational basis (and with Interpol on more of an information-sharing basis only). OCLCTIC employs techniques different from those of many of its counterparts in Europol because French law still doesn’t allow it to operate undercover or on the dark net.

[easy-tweet tweet=”French law still doesn’t allow OCLCTIC to operate undercover or on the dark net” user=”billmew” hashtags=”cybersecurity”]

Cooperation is seen as their greatest weapon – not only ensuring that the various French government agencies work effectively together and with their international policing counterparts, but the private sector has a major role to play as well. Masson suggests that they are learning to work with ISPs and the major global social media enterprises and that cooperation is improving all the time. Indeed working with the private sector is essential for OCLCTIC if the unit is to hope to keep pace with the latest advances in technology.

Masson and his team need to work with other international agencies to find the necessary proof – even if this means pursuing hackers back to their bases in Russia, or scammers back to their bases in Africa or the Balkans. 

there is always going to be a difficult balance to be had between privacy and investigation

He accepts that there is always going to be a difficult balance to be had between privacy and investigation. Despite being the target of significant recent terrorist outrages, the French still see liberties as culturally important and are keen to guard their privacy. This isn’t necessarily the greatest barrier to effective investigation though, he suggests. The authorities are always at a slight disadvantage as they are always going to need to have evidence in order to pursue any prosecution and this can mean the need to wait for proof, even when you are reasonably sure who is responsible.

cybercop bill