프랑스 사이버안보 입법동향과 시사점

New destructive practices are developing in cyber space, including criminal use of the Internet (cyber crime), including for terrorist purposes; large-scale propagation of false information; espionage for political or economic ends; and attacks on critical infrastructure (transport, energy, communication, etc.) for the purposes of sabotage. Cyber security covers the entirety of security measures that could be taken to defend against these attacks. The spectacular increase in the sophistication and intensity of cyber attacks has, in recent years, led most developed countries to toughen their resilience and adopt national cyber security strategies. France’s national cyber security policy is based on two essential texts: The 2013 White Paper on national security and defence and the 2015 National Strategy for Digital Security. With the National Cyber Security Strategy, the French State is working to ensure the security of IT systems to move towards a collective response, towards the digital trust required for the stability of the State, economic development and the protection of citizens. Many players contribute to the efficacy of this strategy from technical and operational standpoints. Created in 2009, the French Network and Information Security Agency (ANSSI) is the French national authority on cyber security. The authority is a genuine “firefighter” of French cyberspace, it is responsible for preventing (including from a normative perspective) and reacting to IT incidents regarding sensitive institutions. It also organizes crisis management exercises on a national level. ANSSI currently has over 500 staff members and continues to grow. The French Ministry of Defence has a dual mission to ensure the protection of the networks which underpin its action and to integrate digital warfare into military operations. In order to consolidate the Ministry’s work in this field, a cyber defence operational chain of command (COMCYBER), placed under the orders of the Armed Forces Chief of Staff, was created in early 2017. The French Ministry of the Interior aims to fight against all forms of cybercrime, aimed at national institutions and interests, economic stakeholders and government authorities, and individuals. It therefore involves specialised central services and the territorial networks of the general directorates of the national police, French gendarmerie and national security. They are responsible for leading investigations aimed at identifying those responsible for acts of cyber crime and handing them over to the authorities. These services also help to carry out prevention and awareness-raising activities with the relevant audiences. It should be noted that France establishes the above-mentioned organization and imposes its duties in order to guarantee cyber security, and at the same time, stipulates that the authority granted for guaranteeing cyber security should be used within the scope of the law. It is the “loi n°2015-912 du 24 juillet 2015 relative au renseignement”