SPAC Alliance had the privilege of speaking as part of the Security Day organized by Chubb France at the Stade Vélodrome in Marseille. Emerging threats, an overview of the regulatory framework (NIS 2, CER, Cyber Resilience Act), a focus on France with the brand new ReCyF Cyber framework, and discussions on system interoperability (intrusion detection, video surveillance, access control): here is a recap of the day.
A security overview in 6 conferences
No fewer than 6 conferences were held to explore some of the key challenges of modern security, present secure solutions, and show how certifications can be used to demonstrate compliance:
- PFAS (forever chemicals) and their consequences
- Connected services
- Presentation of the INFLUENCE range
- Cybersecurity and regulation by Tibaud Estienne (SPAC Alliance) and Mathieu Cyrille (Chubb)
- Fire suppression systems
- APSAD rules
Focus on France and the ReCyF framework
By a twist of timing, two days before the event, ANSSI published a near-final version of its ReCyF cybersecurity framework, even though the transposition law is still pending. The objective is to enable entities, especially those concerned by NIS 2 and still waiting for more details about their obligations, to organize their compliance efforts, but above all to improve their level of security against threats that will not wait for the transposition of the European directive.
We were able to present an initial analysis and confirm that cybersecurity and physical security can no longer be treated separately (read our full article on ReCyF), while also building bridges between access control and information security systems thanks to the expertise of our co-speaker Mathieu Cyrille.
Conclusion: the structuring convergence between physical security and cybersecurity
Here is what we took away from the day. Whether through the conferences or our discussions with the Chubb teams, exhibitors, and visitors, the convergence between physical security and cybersecurity is now essential to demonstrate compliance. It is even becoming structuring. In practice, several elements are required:
- A broad security culture
- An understanding of the European, national, and sector-specific regulatory framework
- The ability to connect systems together (interoperability) in order to achieve consistent security
- Reliance on certifications and standards to demonstrate a level of security that is appropriate to both the actual risk and the applicable obligations
- Compliance with essential security concepts: secure by default, security by design, continuous improvement, vulnerability management, governance…
We would like to thank all the teams at Chubb France (MED Chubb, Sicli, CEMIS and Chubb Delta) for their trust, with special thanks to Benjamin Thomas and Mathieu Cyrille for their commitment in preparing this presentation, to Alexandre Baleige and Damien Fontaney for the fruitful discussions around security, and to the many members and friends of SPAC Alliance who were present, including Til Technologies by Hirsch, Aritech, and STid.
