This 18 January, French Defense minister Florence Parly unveiled the doctrine for Offensive Computer Fight (lutte informatique offensive, LIO, in French).



Operational Command for Cyberdefense (Picture source: French MoD)

In her speech on Friday 18 January, the minister explained that, in 2017, there were 700 security incidents, including a hundred attacks, that targeted the ministry's networks. In 2018, this same number was reached in September. "So, there are more than two security incidents a day that affected our ministry, our operations, our technical expertise and even an army training hospital," she said. "Some are the result of malicious groups, others of isolated hackers, but some, we know, come from states that are at least indiscreet, at least uninhibited," she said.

As reported by Philippe Chapleau in Ouest France, according to Florence Parly, the servers of the French Ministry of the Armed Forces were particularly the target of a cyberattack between the end of 2017 and April 2018 during which "an attacker sought to directly access the contents of mailboxes of 19 executives of the Ministry, including those of some sensitive personalities ". "Without our vigilance, it is all our fuel chain of the Navy that would have been exposed," she said. "We reserve the right to respond," said the minister. "We will also be ready to use the cyber weapon in external operations for offensive purposes, in isolation or in support of our conventional means, in order to multiply its effects", in the "strictest respect of the norms of public international law".

Hence the establishment of a doctrine of LIO (offensive computer fight) and the dissemination of a specific document that is partly accessible to the public. This document, most of which is classified, is now an official reference in the field of offensive computer control. In the first part, it defines the LIO, recalls its specificities and its assets as well as its organization. The second part details the risks associated with the use of the cyber weapon. The third part deals with the legal and legal framework and the fourth part focuses on international cooperation. The fourth and last part highlights the future issues to be taken into account in order to structure cyber capabilities.