The tragic return of History represented by this war at the gates of Europe never ceases to question us, and necessarily calls into question the fundamentals of free-trade globalism. We are all reminded of the harsh reality and pay dearly for our multiple dependencies: energy dependency on Russian gas, even if tensions on these markets had started before the conflict, and military and security dependency on the United States, a state that the Americans have skilfully maintained, it is clear that a weak Europe with weakened nations suits their business well.
The objective of this article is not to deal with the economic and military aspects of this crisis, but to focus on our digital independence, or rather, our digital sovereignty!
Why the sabotage of Nord Stream is a cause for concern ?
Among the recent events that make me think that the situation is more urgent than one might think, it is the sabotage by a state actor (Russian? American?) of the Nord Stream 2 gas pipeline that seems to me the most worrying… Indeed, the two forces that oppose each other through Ukraine, the United States and Russia, have the technological means to open a new front under the seas.
It is clear that we are left with an Internet infrastructure (submarine cables) that is completely vulnerable to an attack of the same type, even if these data exchange channels are monitored. Beyond the concern, these events force us to rethink our economic and digital development. This is an essential reflection, given that all economic actors agree that digital transformation is the 4th industrial revolution.
What needs to be modified or changed in the current approach to digital? From my humble point of view, it would be necessary to change the paradigm when it comes to the cloud, and more particularly the mania of going almost exclusively through the same actors, the American digital giants. Indeed, the concentration of cloud players in a handful of mostly American companies raises questions, and not only in the context of American extraterritorial laws. There are also security issues, it is indeed easier to concentrate these attacks on one or two players to have a significant benefit. Moreover, the last Teams (NetCost) which allows (?) or allowed to see in clear the security tokens (password / login to simplify), shows that these actors are no more protected from a critical flaw than a smaller actor, or than an internalized IT service.
The other point that I think is important to emphasize is that contrary to the origins of the Internet, decentralization, operation in network nodes, the cloud has centralized and burdened the entire Internet, significantly impairing its resilience. Indeed, imagine that an underwater attack occurs on several important cables connecting the continents, what would be the economic impact of such an attack? When we see the effects that an act of maliciousness / sabotage in France on inter-metropolitan fiber optic cables (Effisyn SDS) could have, we can fear the worst.
What are the possible consequences?
You can easily imagine the consequences of such a sabotage and the cascading failures that could affect all of our economic activities, because digital technology is everywhere. Failure of our banking and financial systems, failure of our flight and train management information systems, collapse of supply chains, internet commerce etc. (blackout)
As you can see, the consequences could be dizzying, despite the service continuity measures that many major players have had to take. But will they be enough to escape the disaster?
Once the observation is made, what are the actions to put in place?
There are measures that are the responsibility of states. They are of a security nature and involve reinforced surveillance of these critical architectures. However, given the magnitude of the task, “holes in the carpet” are more than likely, and a sufficiently willful state will eventually find the flaw. It would also be the responsibility of the French state to give some orientations on the architecture of our information and telecommunication systems. Implementing policies that favor local actors, with less concentrated and networked systems, would allow us to consider a more resilient architecture. The grid principle that is being put in place in the energy sector, particularly in relation to renewable energies, could find an equivalent for our national network structures.
Then there are measures that each company should be able to take. Putting in place robust back-up procedures with suppliers who are not dependent on transatlantic links, for example. We can also consider moving to so-called multicloud architectures, which avoids the risks associated with dependence on a single supplier. These measures are also useful for purely cyber security aspects. Our weakness in this area cannot remain as it is!
For the long term, shouldn’t we go back to the basics of the Internet, resilience through decentralization from both a government and an industrial perspective? And instead of going to the scalers for the whole cloud, go back to the internalized parts of the IS, and choose cloud players who have designed their architecture in a decentralized way, like KloudIci for example? This will be painful for many, because it requires many companies to acquire the skills necessary for this transformation, skills that are often lost during these excessive outsourcings, in my opinion. On the other hand, we can imagine that these hybrid internalization/outsourcing practices will reinforce the company’s ability to better control and manage its suppliers, through the re-internalization of resources.
Hope through the crisis?
As with any crisis that we have to go through, the dangers exist, but the interest of this crisis is also to put the work back on the job, and to bring new solutions that are more resilient and more responsible in terms of both the environment and social issues… The questions raised by this crisis should make it possible to have a systemic approach to the risks related to geopolitics. Companies do not live outside the world, a complex world that cannot be summarized in Excel tables and/or financial evaluations. Let’s hope that this crisis provokes a salutary awareness!