Like the Nutri-Score, a law adopted by the National Assembly offers a simple information system, a “Cyber-Score”, to assess at a glance the security of the digital platforms you use. .
Videoconferencing, collaborative tools, messaging… their uses have exploded with the pandemic from Covid-19. Do you know if all these sites and tools are perfectly secure? It’s the whole idea ofa bill adopted by the National Assembly on November 26, 2021 and which could enter into force on 1is October 2023. Based on the Nutri-Score model for food products, the “Cyber-Score” would make it possible to understand the notion of risk using a clear scale that can be understood by ordinary mortals. If the idea on paper seems attractive to inform Internet users of the potential risks incurred when consulting a site, several questions remain unanswered, however, pending the final adoption of the law.
Who will be affected by this measure?
The concept of cyber-rating is not new. Many specialized agencies exist to allow a digital player to know the level of security of his site. But this service is paying, and free to everyone to subscribe to it. The principle of the law would be to require the display of this barometer so that each user is aware of the risks incurred with a simple and colorful visual. The exact perimeter of the companies concerned is still under discussion, but the text speaks of ” online public communication service providers “, for example the applications videoconferencing or search engine, with a “threshold of use”, therefore with a certain volume of attendance. The idea is to encourage players to adopt better practices.
Who will be responsible for certification?
For the moment nothing fixed. Two visions confront each other: should the audit be carried out by an independent authority such as the National Information Systems Security Authority (Anssi) or based on a self-assessment of companies, simpler to implement provided that a control in the aftermath be undertaken? The fine in the event of a breach of this obligation is however already set at 375,000 euros for a legal person, 75,000 euros for a person physique.
On what criteria will the scale be based?
All the criteria will be specified by a subsequent decree with notice of the National Commission for Computing and Liberties (CNIL). One thing is certain, one of the key points will concern data security and the location of their storage, even if the GDPR already obliges players in the digital world to a certain transparency on the collection of this data and its use. A concern remains, however: will this scale not ultimately encourage cyber-hackers to target companies with a low rating?
Interested in what you just read?
.
