Civilian companies can benefit from adoption of cybersecurity with the French government’s ‘Diffusion Restreinte’ label, not just military and government organisations or contractors to the public sector or organisations handling classified information.
That’s according to Stormshield product manager Simon Dansette, writing on the company website. The ‘Diffusion Restreinte’ label — in English, restricted circulation — can be applied beyond military use to protect sensitive information and data exchange.
“With increasing digitalisation, companies’ sensitive information requires special attention, which means strengthening methods of protection. This rule applies to both private and public players in France, from very small businesses to industrial players in the defence sector,” Dansette explained.
“It has ceased to apply solely to the military sector, and is now opening up to other sectors of activity.”
Diffusion Restreinte may refer to the extent to which a system can store and manipulate information, or the extent of a security product’s ability to protect systems and data, or to the certification applied to an information system, Dansette said.
Typically, it may imply following various IT security measures set up based on specifications issued by the French cybersecurity agency, Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI), guide Recommendations for the Architecture of Sensitive or Restricted Information Systems, he said.
“In the hundred or so pages of this document, the ANSSI makes recommendations such as the use of IPsec VPN tunnels when interconnecting Diffusion Restreinte information systems, or remote connections to such information systems,” Dansette wrote.
“And to take things even further, the French agency has been working on a hardened version of the IPsec protocol for implementation in Diffusion Restreinte-level network protection solutions. With IPsec Diffusion Restreinte (DR), the term has been extended once again.”
The ANSSI recommends setting up a virtual private network (VPN) tunnel, as well as a “precise perimeter” of cryptographic algorithms, enhanced authentication methods, and a limitation of authorised modes and options to protect the network, according to Stormshield.
“It’s a trend that illustrates the porous boundary between these two worlds, military and civilian, both of which are preoccupied by the same issues: protecting their sensitive data, whatever the cost,” Dansette said.
“And all civilian enterprises have data to protect, because all of them handle sensitive, vital or critical data.”
The IPsec DR repository, covering internet encryption and authentication, has been “baked directly” into Stormshield Network Security (SNS) solutions, said Dansette.
( Photo by Ilnur Kalimullin on Unsplash )
