2018 will have continued to mark the return of the balance of power on the international scene. The "CLOUD Act" was the symptomatic incarnation in the digital space. Can America, where 40% of the planet’s data centers are gathered, decide to take ownership of data? Faced with this new issue of sovereignty, the need for a data protection strategy is convened around the concept of "digital sovereignty". In February 2018, the Strategic Review of Cyber-Defense recommended maintaining a leading national Information and Communication Industry, in partnership with the Ministry of Armed Forces. However, a purely defensive approach would undermine the potential for innovative development through leveraging the value of data. What is the right balance between data protection and openness?
The digital development has opened up new vulnerabilities revealed by the increase in cyber-attacks. In 2017, ANSII (the French national agency for information system security) received 2435 reports of which 1621 were discussed, with 794 incidents (excluding “OIV”, mission critical player), including 20 major incidents. These attacks come from various stakeholders: states, proxies and individuals. While some may be placed in the more general context of geopolitical conflict (Russia, Daesh, etc.), and therefore hypothetically attributable, others emerge from new types of enemies that are difficult to identify. A loop analysis of threats and a real coalition of state services and industrialists is necessary.
Another vulnerability is linked to protection of sensitive data. Any data can potentially be misused: from people exposing their personal data on social networks to the most critical information systems and sovereign data. Data protection means informing the stakeholders (i.e. General Regulation on Data Protection, enforced in May 2018), and offering, for the most critical systems, autonomous solutions. Foreign cloud or AI solutions developed for civil needs cannot be used by military information systems as data cannot be transferred to a third party without running a collective risk, potentially impacting the interests of the Nation. National data protection policy is a national defense policy.
However, a purely defensive approach, bogged down with international data governance and security, would mean we potentially miss out on opportunities created by the use of data. The international competition for leveraging the value of data, particularly with artificial intelligence, is just starting with great consequences on the military capacities, the doctrine and the strategy. Against a backdrop of resource optimization, leveraging the value of data improves the profitability of tools, for example in-service support (MCO), where artificial intelligence supports predictive maintenance. For the health of a soldier, AI optimizes medical analysis. In the simulation domain, AI rethinks enemy modeling beyond human cognitive biases. For intelligence, it opens many fields of automatic recognition of forms and allows new modeling. Connected data, is not only enriched in volume to reinforce models, it is also the basis for proposing new assumptions with drawing on multiple interpretations of the truth.
Moreover, Defense cannot have access to the best of innovation without being open to civil ecosystem start-ups and implementation of test and pilot phases on its own data. International sourcing will intervene "upstream" if necessary to complement the system, which is of a prime interest for the French and European ecosystem. This interest must be bijective: If the Ministry of the Armed Forces has much to gain from its valorization by innovative civil start-ups, it must also support civil capacities, particularly in higher education and research. Despite their willingness to develop the training capabilities of engineers in France, schools and universities sometimes face administrative paradoxes. Similarly, advanced engineering schools’ incubators receive proposals for partnerships from American companies, where French companies and administrations do not dare to knock on their doors. This reconciliation with the civilian ecosystem must be supported by taking measures against objective blockages. Silo culture must yield to the collective value of a new civil-military innovation ecosystem.
The very nature of the military organization, in its regulated environment where data quality and protection are paramount, favors a defensive rather than an offensive approach. Yet, our army cannot ignore data usage.
That is why Sopra Steria has positioned itself in a coherent and comprehensive proposal covering the spectrum of the data strategy:
In terms of data protection:
  • A private and sovereign cloud (digital factory platform, DFP)
  • An industrialization of computer security with a regular alert system (MCS)
  • A tool for detection, prioritization and management of cyber threats (GSEC)
  • A anonymity service that makes it possible to exploit the potential of mass data without infringing personal rights (Angerona)
In terms of data opening:
  • A mapping tool to quickly integrate a change
  • A technological solution for managing mass data for analytical purposes (CICERO).
  • The initiation of SIA Lab, DGA Lab and a positioning in innovation for the Ministry of the Armed Forces.
While digital is marked by constant technical changes and quick transformations, Sopra Steria is determined to support the Ministry of the Armed Forces with a sovereign, comprehensive and scalable data management strategy.