Over the past twenty years, in response to the growing number of cyber-attacks, more and more organizations have recognized the importance of protecting their information systems, and have created one or more CIO positions. At the same time, there has been a significant increase in the number of private and public players specializing in cybersecurity issues. The proliferation of these players, each offering more effective cyber solutions than the last, could today tend to drown out the unwary looking to secure their information. The most vulnerable are individuals with little or no cyber knowledge. With this in mind, we decided to write an article summarizing where to find verified cybersecurity information, and more specifically in the countries where UBCOM is based: France, Switzerland, Luxembourg and Portugal.
French institutions specializing in cybersecurity and data protection:
👉 ANSSI, CERT-FR, DGSI: essential for protecting information systems
More generally, the most reliable information comes from the security agencies of information or intelligence services. In France, the main organization dedicated to these issues is ANSSI: Agence Nationale de Sécurité des Services d’Information. The ANSSI has a team called CERT-FR (Computer Emergency Response Team), which provides support in managing incidents on institutional information systems. CERT-FR also assists government agencies in implementing cyber protection tools, and is responsible for responding to cyber-attacks when they occur. In addition, CERT-FR publishes the latest security alerts and vulnerabilities directly on its website: https://www.cert.ssi.gouv.fr
More generally, the ANSSI website is highly informative and easily accessible. It gives everyone – individuals, businesses and government bodies – access to verified cybersecurity information, as well as specialized news. The ANSSI also offers advice on best cyber practices. It also publishes white papers and reports on the state of the cyber threat in France. A veritable cornucopia of information, the site is a must for anyone wishing to access verified, quality information: https://www.ssi.gouv.fr
The cybermalveillance.gouv.fr website, created by ANSSI and the French Ministry of the Interior, is the national system for assisting victims of cyber-malveillance, preventing and raising awareness of digital risks, and monitoring the threat. The site provides a wealth of information on the best reflexes to adopt, as well as a page for reporting online scams directly. Content for the whole family is also available, such as the family cyber guide: https://www.cybermalveillance.gouv.fr/tous-nos-contenus/actualites/cyber-guide-famille-cybersecurite
Generally speaking, all official government websites guarantee verified information, and are a very good first port of call. The websites of intelligence agencies also host information that can prove invaluable for the proper management of information systems. For example, the DGSI (Direction Générale de la Sécurité Intérieure) occasionally publishes cybersecurity recommendations: https://www.dgsi.interieur.gouv.fr/la-dgsi-a-vos-cotes/cyberdefense – and redirects visitors to the ANSSI, CERT-FR and cybermalveillance.gouv.fr websites mentioned above.
👉 CNIL: the guarantor of data protection
Another important body connected with cyber issues and data protection in France is the CNIL, or Commission nationale de l’informatique et des libertés. An independent administrative body, it is responsible for ensuring that personal data is collected and used lawfully, in compliance with the General Data Protection Regulation (RGPD) and with respect for users’ privacy. Since the RGPD came into force in 2018, the CNIL has recorded a marked increase in requests for information as well as in the number of complaints (several thousand each year) addressed to it.
In addition to its role as guarantor of data protection and privacy, the CNIL also plays a key role in sanctioning and monitoring companies and public bodies for non-compliance with data protection legislation. It is empowered to impose administrative fines, particularly in the event of serious breaches of data protection rules. The CNIL therefore plays an important role in dissuading companies from complying with data protection and privacy regulations. Its website is a fabulous source of information on cyber issues, although it specializes in data protection: https://www.cnil.fr
👉 ISSA France security Tuesday
For the young and neophyte, there are a number of books available to help raise awareness of cybersecurity issues. Published by the ISSA France Security Tuesday association, whose aim is “to educate and raise awareness of all issues relating to digital security”, the Les As du Web booklet aims to lay the first foundations of cyber for children: https://securitytuesday.com/secnum777/ .
The ISSA France Security Tuesday association has also published a book co-authored by Diane REMBALDINI and Hadi EL KHOURY, entitled Envie de Cyber, which is aimed primarily at young teenagers, but is still a good introduction to cybersecurity and protecting your data online. To find out more, click here: https://librairie.studyrama.com/produit/4617/9782759048632/envie-de-cyber
For younger people considering a career in cybersecurity, documents providing an initial introduction are available at: https://github.com/microsoft/cybersecurity-jobs-skills-workshop
Institutions specializing in cybersecurity and data protection in Switzerland :
👉 The National Center for Cybersecurity (NCSC)
In the same vein, the Swiss Confederation has also deployed resources and set up institutional sites specializing in cyber issues. The National Center for Cybersecurity, or NCSC, is a must, and can be consulted at the following address: https://www.ncsc.admin.ch/. The site’s various tabs provide information on topics such as cyber threats, awareness-raising and prevention, and Switzerland’s National Strategy for Protection against Cyber Risks (NCPS).
👉 CERT of the Swiss Confederation
Accessible at www.govCERT.ch, the Swiss government’s Computer Emergency Response Team is responsible for detecting, analyzing and responding to computer security incidents affecting the information systems of federal institutions and private companies. CERT is placed under the supervision of the NCSC and reports to the General Secretariat of the Federal Department of Finance. CERT provides technical analysis and information on targeted attacks. CERT also publishes white papers and articles on the security of all Swiss-related information systems.
👉 OFCOM: Federal Office of Communications
OFCOM is the federal authority responsible for regulating telecommunications and media issues. In collaboration with the Swiss media, OFCOM is preparing a national action plan to guarantee the safety of media professionals. The OFCOM website keeps you up to date with the latest news from this valuable body for the independence and safety of the media in the Swiss Confederation.
👉 FDPIC: Federal Data Protection and Information Commissioner
The Swiss equivalent of the French CNIL, this independent authority oversees the principle of transparency and data protection for all Swiss citizens. It can also initiate a mediation procedure if a citizen’s request for access to official documents is denied. The FDPIC ensures that authorities and companies comply with the transparency obligations imposed by federal law. In the event of non-compliance, it can initiate proceedings. The FDPIC is also responsible for enforcing the Federal Data Protection Act (DPA). Its website can be accessed here: https://www.edoeb.admin.ch/edoeb/fr/home.html
In addition, we recommend that you take a look at the report published in 2021 on Switzerland’s National Cyber Risk Protection Strategy, which you can find here!
Institutions specializing in cybersecurity and data protection in Luxembourg :
👉 The luxembourg house of cybersecurity (LHC)
The Luxembourg house of cybersecurity (LHC) is the national cybersecurity agency, considered to be “the backbone of state-of-the-art cyber resilience in Luxembourg”. In November 2022, it will restructure its activities and strengthen its links with innovation players to boost the Grand Duchy’s cyber resilience. In concrete terms, the LHC is a platform designed to offer tools, data and training materials to strengthen resilience in the face of cyber attacks, under the general direction of Pascal Steichen.
It offers several services, including :
- The cyberdesk: for individuals and organizations
- The “testing lab“: to test or discuss your ideas, tools and solutions with the help of cybersecurity experts.
- The “International standards lecture station“: offering national economic players the possibility of consulting national, European and international standards.
- Room#42: the figurehead of the LHC. An introductory program for companies wishing to learn about cybersecurity. Its innovative format has been designed to immerse users in a scenario based on a real case. The program has been designed to provide an understanding of cyber issues.
👉 Cybersecurity Luxembourg
Under the auspices of the Ministry of the Economy, Cybersecurity Luxembourg is directed and led by the main national cybersecurity players. In concrete terms, it is the national cybersecurity portal. This central platform brings together all the necessary information, including the national cybersecurity strategy and the new entities making up the cybersecurity ecosystem, as well as all the relevant players and services.
👉 High Commission for National Protection (HCPN)
The HCPN is an administrative body reporting to the Prime Minister, whose primary mission is to protect the nation against threats that could seriously undermine the country’s sovereignty and independence, the free functioning of its institutions, the safeguarding of national interests and the security of the population. In this sense, the HCPN is the Agence nationale de la sécurité des systèmes d’information (ANSSI), acting in the field of cybersecurity in the same way as the ANSSI in France.
To this end, Luxembourg’s ANSSI is offering free downloads of cyber awareness documents, including cybersecurity recommendations on ransomware for everyone.
Institutions specializing in cybersecurity and data protection in Portugal :
Established in Portugal since 2023 at the DNA in Cascais, our cyber experts share with you the official Portuguese websites where you’ll find verified information on cybersecurity and data protection.
👉 The “Centro Nacional de Cibersegurança” (CNCS)
The CNCS has the mission of helping citizens and companies to use cyberspace in a free, reliable and secure way. The CNCS also acts as an operational coordinator and national authority in terms of cybersecurity with State entities, operators of national critical infrastructures, operators of essential services and digital service providers, the CNCS also transfers its action to society in general. CNCS produces and publishes periodic reports where it analyzes trends, threats and vulnerabilities in cybersecurity.
👉 The “Comissão Nacional de Proteção de Dados” (CNPD)
Like the CNIL in France and the FDPIC in Switzerland, the CNPD is the authority in charge of data protection for Portuguese citizens. It ensures the proper application of current legislation and compliance with data protection laws, particularly in line with the European Union’s RGPD. The CNPD is also responsible for assisting and advising companies on the best practices to adopt when it comes to protecting their customers’ data. Through its website, the commission shares a wealth of information relating to personal data management. For budding Portuguese-speaking lawyers, case law decisions are also available, providing a better understanding of the Portuguese position on digital data protection.
👉 Unidade Nacional de Combate ao Cibercrime e à Criminalidade Tecnológica (UNC3T)
The National Unit to Combat Cybercrime and Technological Crime – UNC3T – is the specialized operational unit of the Judiciary Police that provides a preventive and repressive response to the phenomenon of cybercrime. The UNC3T is responsible for preventing, detecting and investigating the following crimes, without prejudice to others whose competence is assigned by the national director.