Differences in approaches to cybersecurity are not limited
to privacy but also extend to patterns of national historical
governance and, in the case of Europe, to regional cooperation. As an example, cybersecurity in France strongly relates
to national sovereignty. From protection of critical infrastructure to cyberdefense, there is a tradition of a
centralized state in which the military is a strong
influencer. The French Prime Minister’s Office
monitors government action on cybersecurity
through ANSSI, the public agency dedicated to
network and information technology security.
However, the first IT security measures provided
for critical national infrastructure were introduced by the Military Plan Act of 2013.
While designed to protect strategic assets and
capacities, the French regulatory framework also includes
the importance of national sovereignty. The recently updated
French National Cybersecurity Strategy released in October
2015 focuses on fostering the independence of local French
industry. In this strategy, the EU cooperation dimension of
cybersecurity is also recognized and addressed through the
encouragement of developing French and German cooperation. The strategy emphasizes increasing French influence
(while retaining national sovereignty) at the European and
international level. Companies operating in the French market
must take into account the importance of national sovereignty in the French viewpoint. U.S. companies will find greater
success by connecting with the local ecosystem of influence
and being sensitive to the importance of contributing to the local
economic growth of France to
encourage national sovereignty
and economic independence.
In the largest EU economy, Germany, confidence and
security are the cornerstones of
Germany’s Digital Agenda. These
elements are considered critical
to harnessing the real potential
of digital transformation for the
benefit of the economy and society and also to ensure Germany
remains one of the most secure
digital locations in the world.
Interior is primarily responsible
for IT security. It is charged with
responsibility for developing and
enhancing regulations regarding
cybersecurity and the protection
of the critical infrastructure of
the government, business and society. The BMI is also tasked
with generally strengthening the IT security industry in
Germany. BMI works in close collaboration with the German
Federal Office for Information Security to provide appropriate
IT security measures across Germany.
In 2011, the BMI published the “Cyber Security Strategy for
Germany,” which included four key elements:
1. The establishment of a National Security Council,
2. The establishment of a National Cyber Defence Center,
3. The enhanced protection of critical infrastructure against
IT attacks and protection of IT systems in Germany, and
4. Founding of the membership association Germany Safe on
In summer 2015, a new IT Security Law also came into
force in Germany. Currently, implementation guidelines are
being developed in collaboration with the various industries.
Looking across the English Channel from France, the U.K.
approach to cybersecurity has a long tradition of intelligence
gathering and information security, often considered opposite
sides of the same coin. This approach is the basis of GCHQ’s
(the U.K. cybersecurity agency) mission. Intelligence success-
es, such as the WW II Enigma code-breaking efforts at Bletch-
ley Park, a forerunner to GCHQ, have made British academics
such as Alan Turing globally famous. However, perhaps less
well-known is that the U.K. has also long been a leading expo-
nent of technical security, from early Communication Security
to Information Security and Information Assurance and of
course to its most recent incarnation, Cyber-Security.
In the years running up the 2012 London Olympic and
Paralympic Games, heralded as the “first digital games” and
the U.K.’s largest-ever peacetime security operation, the U.K.
invested heavily in cybersecurity, despite unprecedented
cuts in public spending due to the global financial crisis. In
2010, the U.K. also launched its first Cyber Security Strategy,
which only after a subsequent implementation plan saw the
tangible development of a robust capacity-building program.
to privacy b
In the largest