From November 18 to 21, 2024, European Cyber Week (ECW) was held in Rennes, the historic cradle of telecommunications. Every year, this event brings together experts in cyber defense and new technologies, recognized both in France and Europe, to exchange ideas, share knowledge, and discuss the challenges of tomorrow.
As a regular participant in this major event, this year I had the opportunity to represent Squad by helping to run our stand. For this latest edition, our exhibition space was completely redesigned to showcase our new areas of expertise following the integration of Newlode and Scassi into the group.
It was an opportunity to talk with various industry professionals and curious participants, as well as talented individuals seeking new professional experiences.
Participating in the ECW is also, for me as an IT security expert, the ideal opportunity to consolidate my technological monitoring and strengthen my relevance in my service provision mission.
This year's conferences are particularly enriching and provide an opportunity to explore topics that are crucial to the future of our industry.
Artificial intelligence for the benefit of intelligence services
During the first conference on Tuesday, Frédéric Valette, technical director of the DGSE (Direction Générale de la Sécurité Extérieure), explained that artificial intelligence already plays an essential role within the "bureau des légendes" (legends office). In particular, it enables key information to be extracted from the huge amount of data collected by the service's "ears." Classified internal artificial intelligence (AI) is used for strategic tasks such as translating rare languages, interpreting satellite images, and conducting in-depth, automated analysis of the contents of hard drives recovered from the field. An internal virtual assistant, specially designed to support employees in administrative tasks, is also used. It also provides support in software development and, according to their estimates, contributes to a significant increase in productivity. Fortunately, this does not imply a reduction in staff numbers, but rather an overall improvement in the efficiency of the service. The presentation also focused on the risks associated with artificial intelligence, on the other side of their walls, such as the automation of cyberattacks, the exploitation of vulnerabilities, and the development of intelligent malware capable of adapting and optimizing Distributed Denial of Service (DDoS) attacks by adapting in real time to the best possible paths. I was pleasantly surprised by the DGSE's ability to integrate emerging solutions for operations affecting national security with very satisfactory results.
IPSec VPNs in the post-quantum era—ongoing research
From small businesses to multi-site defense industry networks and mobile workers, the use of IPSec Virtual Private Networks (VPNs) is ubiquitous. Now imagine a world where the cryptographic algorithms used today are broken by quantum computers: confidentiality, integrity, and protection against replay attacks will no longer be guaranteed.
Worse still, "Harvest now, decrypt later" attacks are already a reality: with a transition to post-quantum cryptography (PQC) planned for around 2035, data intercepted today could be decrypted in the future.
As part of its France 2030 investment plan, the French government has invested in post-quantum cryptography research projects, including "X7PQC." The latter was the subject of a presentation by Cédric Tavernier from Hensoldt on the post-quantum extension of IPSec/IKEv2 and TLS.
The speaker explained that most cryptographic solutions on the market (OpenSSL, StrongSwan, etc.) are compliant with post-quantum algorithms thanks to the Open Quantum Safe ( OQS) project, which provides an open-source C library. This example shows that the implementation of algorithms is already possible.
One of the remaining challenges is the migration to PQC solutions. Although there are no universal standards yet, government authorities (ANSSI, BSI, etc.) recommend hybrid approaches combining classic cryptography and PQC. These approaches vary: successive operations (classic then PQC) or overlapping use of classic and PQC certificates and protocols.
IPSec VPNs in the post-quantum era – technological solutions
At another conference hosted by a consortium of security companies, I learned about technological solutions that are already available or in development.
First and foremost, they provided details on state-of-the-art research, explaining that standardization is progressing thanks to the NIST process launched in 2016. An initial standard based on lattices (Euclidean networks) has been published, and standardization of the Falcon algorithm (FN-DSA) should be finalized within the year.
In addition, new backward-compatible X.509 certificates adapted to PQC are currently being developed, some of which can be integrated intolegacy systems such as Catalyst or Chameleon. The speakers also presented the main stages of migration to post-quantum cryptography:
- Phase 1 (starting in 2025): implementation of hybridization,
- Phase 2 (2026 to 2027): integration of PQC with a cryptographic agility approach,
- Phase 3 (2028 to 2029): Full adoption of purely post-quantum cryptography.
Source: cyber.gov.fr
There was renewed focus on how to achieve pre-quantum and post-quantum hybridization. For example, it might be possible to preserve pre-quantum ciphers but encapsulate their tunnels with the implementation of other PQC-compatible cipher pairs, or even update existing ciphers with PQC-enabled firmware if the publisher allows it.
These developments will require adapting current infrastructure while taking into account performance constraints, particularly on embedded systems where latency remains a major issue. Encryption keys can be very long. Therefore, the issue of network packet fragmentation and the computing capacity of embedded systems must still be taken into account.
What I took away from this conference is that, even though the transition to post-quantum technology seems a long way off, we need to start planning for post-quantum migration today, using hybrid solutions, to gradually make way for cryptographic agility and, where applicable, the full implementation of post-quantum algorithms.
State of cybersecurity in Europe: update on Lithuania Wednesday featured a speech by Elijus Čivilis, former Lithuanian Minister of Economy and Innovation. His deliberately original speech highlighted his pride in the national basketball team, while illustrating with the same enthusiasm the digital resilience strategy adopted by our Baltic neighbor. He emphasized the importance of raising awareness of cybersecurity issues among all stakeholders at all levels. This approach includes training ministers on topics such as artificial intelligence, strong involvement of women in the field of cybersecurity, and ongoing efforts to attract new talent and support high value-added sectors.
It was very interesting to hear this point of view and feedback, because we are focused on our immediate environment on a daily basis without paying much attention to what is happening hundreds of miles away from us.
Europe and investment in the development of sovereign and innovative solutions: the case of the EU-Guardian project
I attended a fascinating presentation by EU-Guardian, funded by the European Union, which aims to automate incident management and cyber defense processes using artificial intelligence. This is a sovereign security orchestrator (SOAR) solution. The tool is capable of visualizing and analyzing attempted attacks by modeling the links between incidents and alerts in graph form.
I was particularly impressed by the software's ability to provide a comprehensive and detailed analysis of alerts, including a summary of events, indicators of compromise, identified threats such as exfiltration or supply chain attacks, and specific actions to be taken, such as isolating a specific machine or analyzing application logs. The wizard can also recommend remediation actions based on the configuration management database (CMDB) of the affected system and locate configuration files containing the identified vulnerabilities. In my opinion, this ability to automate complex processes represents a major advance in cybersecurity.
It's time to go home! This year, ECW stood out for its strong focus on artificial intelligence and post-quantum issues. After two intensive days, I left the show feeling satisfied that I had learned about topics I don't usually work on, deepened my knowledge of technological solutions that I may encounter on assignments, and, above all, helped to assert Squad's presence in the field of IT security.
