The Agence nationale de la sécurité des systèmes d'information (ANSSI; English: French National Agency for the Security of Information Systems) is a French service created on 7 July 2009 with responsibility for computer security.[2]
Guillaume Poupard, Chief Engineer of Armaments, was appointed director general of ANSSI on 27 March 2014,[3][4] succeeding Patrick Pailloux [Wikidata].
Vincent Strubel succeeds Guillaume Poupard as new director general on January 4, 2023.[5]
ANSSI has a budget of €80 million (2014) and a workforce of 500 in 2015[6] and with a target of 567 by the end of 2017.
Background and context
ANSSI is heir to a long line of bodies responsible for ensuring the security of sensitive information belonging to the French State:[7]
1943: Encryption Technical Directorate (created in Algiers);
1951: Encryption Technical Service Centre (in Paris);
1977: the Central Encryption and Communications Security Establishment;
These organizations initially created in a military security perspective confidential information and data protection have gradually evolved. In 1986, the Central Communications Security Establishment has been replaced by the Central Service for Computer Security. Today ANSSI retains a mission of the defence of state information systems, but is also charged with a mission to provide advice and support to government and operators of critical national infrastructure.
Missions
ANSSI has the following mission:
"The agency ensures the mission of national authority security of information systems. As such it is responsible for proposing rules for the protection of state information systems and verify the implementation of measures adopted.
In the field of cyber defence, it provides a monitor, detect, alert and reaction to computer attacks, especially on the networks of the State."[8]
Organization
Management
ANSSI is headed by a director general (currently Vincent Strubel), appointed by the Prime Minister. He is assisted by a deputy director and a chief of staff.
Sub-Directorate Expertise (SDE)[9] which carries the overall mission of expertise and technical assistance of the agency. It supports all the other sub-directorates ANSSI, ministries, industry and providers of security and vital operators.
Sub-Directorate Secure Information Systems (SIS)[10] which carries the mission to propose, design and implement products and secure information systems for the benefit of ministries, operators and vital importance ANSSI .
Sub-Directorate External Relations and Coordination (RELEC)[11] that animates, transverse manner, the external relations of the agency, coordination of interventions and the development of regulations.
Sub-Directorate General Affairs (SDAG)[12] in charge of preparing and managing support of administrative activities at ANSSI.
ANSSI also has its own training centre, the Safety Training Centre for Information Systems (CFSSI),[13] including delivering degrees in computer security (ESSI), registered in the National Directory of Professional Certifications.
Governance
ANSSI governance is ensured by a Strategic Committee[14] including:
Vice president of the General Council of Industry, Energy and Technology;
Director general of the National Agency for Computer Security.
Means
According to a Senate report, although significant efforts have been put in place in recent years, the situation in France with regard to the threat from cyber attacks is still unsatisfactory. Indeed, ANSSI lacks financial and human resources comparable to its American, British and German counterparts.[15]
To meet the national challenge of cyber security, ANSSI continues to expand its teams with positions to be filled in all line of work.[19] The aim is to reach 675 agents in 2022 according to the Public Finance Programming Bill of 2018.[23]
According to French newspaper Le Monde, the ANSSI would have thwarted what seemed to be a simple attack, an interference by the Russians during the French presidential campaign of 2017.[26] "This is not a simple hacking operation, but an attempt to destabilize the French presidential election,"[27] wrote the political party En marche! in the early evening of May 5, 2017.
Following the data leak, ANSSI opened an investigation into the breach.[28]
^Décret n° 2009-834 du 7 juillet 2009 portant création d'un service à compétence nationale dénommé « Agence nationale de la sécurité des systèmes d'information »(in French)
^Décret du 27 mars 2014 portant nomination du directeur général de l'Agence nationale de la sécurité des systèmes d'information - M. POUPARD (Guillaume)(in French)
^Décret du 4 janvier 2023 pportant nomination du directeur général de l'Agence nationale de la sécurité des systèmes d'information - M. STRUBEL (Vincent)(in French)