Le 29 mars 2019 a eu lieu la nuit de la gestion de la crise. Cet évènement est organisé par l’association des jeunes de l’Institut des Hautes Études de Défense Nationale (IHEDN). J’ai ainsi pu participer à plusieurs conférences, exercices et ateliers sur différents types de gestion de crise et ses risques.
Inscription et préparation
Cet évènement est très prisé. Les places pour les ateliers sont parties en moins de deux heures. Ainsi, il faut bien lire le programme et se préparer. Inscrivez vous à l’avance et restez réactifs aux courriels pour l’inscription aux ateliers.
La gestion de crise aujourd’hui, Gilles Malié
L’évènement a débuté par une conférence de Gilles Malié, Chef d’Etat Major de la Zone de Défense et Sécurité de Paris. Gilles Malié a présenté son travail et tenté de définir la notion de résilience. Toutefois, selon lui, il est impossible de promettre la résilience dans la gestion de crise. Il indique qu’ […] « on ne sait pas ce qu’est la résilience, on connait seulement l’absence de résilience ».
Ci-dessous se trouve une diapositive permettant de comprendre les missions de Gilles Malié.
Il a ensuite évoqué, à titre d’exemples, quelques cas pratiques.
Pour conclure, il a rappelé la difficulté à donner une bonne définition de la résilience. Il a souligné aussi que lorsque trop de personnes s’occupent d’un problème, cela débouche sur une mauvaise gestion. Dans ce type de mission, il faut donc être préparé et rester humble.
Les risques de la gestion de crise, Patrick Lagadec
Lors de son intervention, Patrick Lagadec, a donné des exemples de la façon dont ont été géré plusieurs crises qui sont autrefois survenues. Il a évoqué les imprévus, les mauvaises préparations ainsi que la gestion d’évènements inédits. Je vous invite à consulter son site internet qui est fascinant et qui présente ses travaux en différentes langues. C’est ici.
Atelier: Social Room
Social Room est un outil mis au point par Crisotech pour s’entrainer à la communication de crise via les réseaux sociaux. Crisotech met en place différents outils de formation à la gestion de crise.
Après une brève présentation de Crisotech, l’exercice a commencé. Voici le scénario:
Et nous voici devant la social room de Starwhite. Un exercice délicat, périlleux et passionnant!
Ce qui était important dans cet exercice, était de bien comprendre la crise, de tenter d’anticiper au maximum, d’établir une bonne cartographie de la situation et bien sûr de rédiger des billets pertinents. En résumé la priorité ici est d’être rassurant et de protéger la réputation de Starwhite grâce à une communication de crise adaptée.
Atelier création d’un exercice de crise, Resiliency
Lors de cet atelier, Resiliency nous a présenté les processus de création des différents types d’exercices de gestion de crise. Voici quelques diapositives de la présentation:
L’exercice qui m’a le plus intéressé est celui de terrain. Cet exercice se fait sur de longues durées (36h), il s’agit de s’entrainer à sentir ses limites personnelles et physiques.
Un exercice effectué en Corse a été donné en exemple: Les participants occupaient chacun 4 postes de 6h. L’exercice était découpé en plusieurs phases. Les participants ne savaient pas à l’avance ce qu’il se passerait. Voici une vidéo qui présente cet exemple:
Exercice de crise sociale, Patrick Cansell
Cet exercice était très bien ficelé. Toutefois, je ne peux pas en dire trop pour le cas ou vous seriez amené à participer à la prochaine nuit de gestion de crise. Il s’agissait d’un exercice en immersion total ou il fallait déployer des stratégies pour gérer une (ou plusieurs 😉 ) crise(s) en entreprise. Chaque participant avait un rôle et des objectifs à respecter. Bref, un atelier à faire et à refaire 😀
En attendant, je vous invite à vous rendre sur le site de Artem-is
Pour conclure, j’ai adoré cet évènement. Je vous invite à consulter le site officiel de la Nuit de la gestion de crise si vous souhaitez participer à la prochaine édition.
To make it more lively and facilitate the reading of the notes taken during this symposium, i used different formats (interview, summaries, slides).
Introduction: The digital Space, what geographies?
Frédérick Douzet, Castex Chair of cyberstrategy, French institute of Geopolitics of Paris 8 University
In this introduction, Frederick Douzet exposed the aim of this symposium and the future challenges regarding the mapping of cyberspace.
Her presentation attempted to answer the following questions:
How to understand the geography of cyberspace?
For this first question, which is still under study F. Douzet said that concepts method tools and graphical representation should be developed in order to better understand strategic stakes.
What can we measure and comprehend?
To this question she refers to the digital dimension in a geopolitical context.
Mapping is a pedagogic tool that helps explain stakes, it is an accessible way to represent digital spaces. It helps to understand the strategies of influence and geopolitical rivalries that are expressed through cyberspace.
What are the methodological challenges when representing cyberspace?
F. Douzet also pointed out that cyberspace was an environment generated by global interconnection. She underlined the fact that as cyberspace was hard to visualize it would be hard to map because of its complex planetary dimension and highly dynamic aspect. She added that the physical world was more and more projected in cyberspace.
In order to map it correctly she intends to ask relevant strategic questions to guide the choice of elements to be taken into account in a cartographic representation. An interdisciplinary and an experimental approach in geography should be used. The challenge would be to relate the cyber dimension to other dimensions.
John Frank, Microsoft
To introduce his keynote J. Frank explained that 2017 was an inflection point for cybersecurity.
He insisted on the fact that attacks like WannaCry were intended to cause as much chaos as possible in E.U and North America. They were not targeted against a particular organization. Those last attacks were containable but what if the next ones are not?
J. Frank also mentioned the attack in Ukraine on the 27th of June during the Ukrainian Constitution day.
Several radio and TV stations went off the air, bank ATM stopped working, people could not buy gas. Through forensics we can track an attack and that’s how we knew that this one was led by a russian crew.
Then J. Frank explained what we learned from those attacks. According to him 2017 was our wake up call and 2018 must be our response.
2017’s attack could have been far worse but we know now that attackers can do significant damage to civilian infrastructures.
The economics damages are high, for a country in struggle the impact can be dramatic.
More than 40 countries are now developing cybersecurity. This is not a military operation anymore people are now in the middle of a conflict.
He also tackled the issue of international laws, what is the law and does it exist in certain areas?
NotPetya was taking place in a context of conflict so it was acknowledged as a violation of international law.
To conclude he said that we need to insure that there are more international laws to respond to cyber attack.
Territories and sovereignty in cyberspace
To address the subject of territories and sovereignty in cyberspace various military actors, ambassador and academics presented their work and experience.
In this panel different points of view were expressed. Stakeholders, depending on their status, define territories and sovereignty in a different way. That is why I have chosen to present these points using the following keywords: territory, sovereignty and cyberspace.
Général Olivier Bonnet de Paillerets
Modern weapon should be used and that it is not by chance that France has taken measures in cybersecurity
There must be an effort for the laws of the republic to apply on the republic’s territory.
For instance, it is necessary to ensure that heinous content is avoided by the application of the laws of the republic. To do so we must enter into discussions with the platforms that operate in France to ensure that these legislative measures are applied.
We consider the term territory as physical. Territory is not the same as land it includes the notion of someone’s authority on a land.
The cloud act is in discussion in the american congress (it was in discussion during the symposium but it was signed into law on march 23rd). This act is related to personal data and its aim is to allow US authorities to request data even if servers where the data is stored are located outside the US.
The European Union said that they would cooperate and give access to this data and that they would as the USA give an extraterritorial access.
This law is prejudicial to human rights and it should be reconciled with the GDPR
Général Olivier Bonnet de Paillerets
It is a question of the state responsibility. How do we answer to an attack?
It is a question of conditions of an equipment control sovereignty which in the field of operational decision is essential.
Cybersecurity is becoming a stake of collective security.
The threat comes from the fact that the digitalization is an advantage but also a critical weakness.
Can a country be isolated in terms of cyberspace?
In cyberspace, threats and influence also comes from private actors.
In the cyberspace cooperation exists but is not satisfactory.
Today borders are diffuse and the imposed regulations can be circumvented.
The law does not really relate to Data we are never attaching legal consequence purely to data but to actors of the data. In the cyberspace, the border guards for states are not actually inside the territory. These guard borders are asked to act in terms of criminality. The complexity of cyberspace is also related to the fact that data is being collected through private actors outside the borders. For instance any private company in the US is not allowed to give any information relevant for another government.
In order to make proper international laws we should intensify our cooperation between countries.
Cyberspace must be defined before making any international law.
Mapping how data travels
To present this debate it seemed relevant to me to show some slides of the speakers who illustrate the journey of the data.
The internet is shaped by the geopolitic around it
Kevin Limonier and Louis Pétiniaud
The use of the Internet’s data flow has made it possible to map the geopolitical boundaries of cyberspace.
The tool used is the Atlas network
Comparing the travel time of data in the black sea space
To map cyberspace O. Fourmaux used the traceroute utility program. It is therefore mainly based on the path the data takes when it is transferred.
K. Salamatian studied three frameworks:
Cyberspace embedded in geography
Geography embedded in cyberspace
Cyberspace as a space on its own
He also showed that some flows have their source in History.
From gulags to data centers: the strategic territories of Russian cyberspace
He explained that borders are real or imaginary lines in the political space.
How to present the digital boundary between states
The Geopolitics of the Datasphere
For Stéphane Grumbacht, the data sphere is changing the balance of power between states because of new players who are platforms and operators.
He presented several maps related to climatic phenomena to conclude by proposing an improvement on how to map events
“Cartography’s challenge will be to uncover (and validate) spatial/regional patterns within these global-scale overlay networks”
H. Verdier believes that cartography is an obsolete reading grid to understand modern issues.
He argues that « the geography of data precedes the geopolitics of data ».
Amiral Arnaud Coustillère
The Amiral Coustillère stressed the importance of French sovereignty by protecting itself, being at the forefront and establishing a strong legislative framework.
The Art of representing the Intangible
Two artists and a philosopher presented their work to approach cartography from an artistic perspective.
He talked mostly about the invisible and the intangible.
According to him the digital medium is related to the intangible.
He also refered to Bruno Latour and his Mapping of controversies.
G. Wagon made an artistic documentary about the Internet network in the World.
Mapping the Information Warfare
This panel of researchers and experts presented case studies and described the methodology used.
For each speaker I will make a short description of their study and show a representative slide of their remarks.
R. Géraud approaches information warfare in a poetic and mathematical manner based on the notion of time.
Time becomes a space that rhythms cyberspace and an information strategy.
How to approach cyberspace
J. Kelly suggests that we follow his thought process by first comparing Internet expectations (more participation, more diversity and quality in public sphere) and reality (elections targeted, spread of hatred, weakening of democratic debate).
He continues his reasoning by deciphering the propagation of fake news versus news by shedding light on the difficulty of discerning the protagonists of the displacement of a rumour.
Mapping cyber social terrain
R. Campigotto presented a mapping of information dissemination via social networks and specifically via Twitter.
To carry out this search he collected the tweets via an API (Twitter Streaming API) and connected them via direct links (mentions, replies to, retweets) and indirect links (hashtags and posted links shared).
K. Limonier tried to map the information related to the French presidential elections.
Following his study Kevin Limonier asked himself the following question: If we put in parallel with the American campaign how can we explain that the macron leaks movement had little impact on our election?
Ecosystème participant à la propagation
E. Lezean used different media (youtube, facebook, twitter) to observe the Arabic-speaking cyberspace based on two dimensions: geopolitical reasoning and mastery of the Arabic language and its different dialects. She took as example Saudi Arabia’s strategy of influence against Qatar on Twitter.
During her research she was confronted with various technical challenges:
The need to develop a scrapping tool to recover all facebook friends from a public account
How to organize and import data collected on a visualization software?
Army of loyalist bots relaying anti Qatar content from Saudi information accounts.
M. Dittus tried to propose a geography of darknet market places.
To do this he and his study group have scraped the largest darknet markets by focusing on different types of data:
Collection of listings accross the largest market
Buyer reviews to get indication on sales volumes.
With this research they were able to note the fact that darknet vendors don’t appear to be based in drug producer countries.
Seized production darknet trade and population demand
G. Ducrot tackled cyber risk mapping. For her, cyber risk must be managed like all risks in a society. She also made an analysis of this mapping:
5% of the topics addressed by the CAC40 concern cybersecurity and data protection
23% of the topics addressed by the CAC40 concern Big Data, digital transformation and transformation projects.
39% of companies do not update their risk mapping annually, while 100% of audit committees rely on risk mapping.
Cyber risks an ecosystem of risks
S. Heon talked about cyber insurance. He explained the challenge that cyber insurer have to tackle. Fisrt they need to score the cyber maturity of their client, imagine the worst case scenarios and the kind of information they need. Then they need to establish a fair modelling price ratio. Finally they have to analyze systemic aspects of cyber risks.
He added that in order to be more accurate a multi-disciplinary approach must be made.
Collective intelligence and information sharing
Geopolitics and Datascience
This panel of researchers questions the ethics, accountability, transparency and biases of the algorithm.
Martin Dittus proposes a declaration or a manifesto of the data scientist and developer who commit themselves to more respect of the users. He wishes that these professionals commit themselves in conscience in a responsible approach which includes a systemic glance of the tools which they create.
Nozha Boujemaa presented the importance of the transparency of the algorithm as an asset of confidence towards the user. According to her, the opacity of the platforms who use personal data should be limited. She also warned about the new discriminations that the algorithm can generate because of its technicality to people who are less informed or educated about algorithm.
Algorithmic systems in every day life
Amaël Cattaruzza presented a critic of predictive algorithms and the biases they may contain. This limitation may be discriminatory and exclude traditional social science approaches.
Mathematizing criminal behavior
Kavé Salamatian explained that ethical work is necessary to reflect on human adaptation to this digital revolution.