Sandrina Castillo and Tibaud Estienne had the privilege of representing SPAC Alliance at
Security Day #5 organized by Pôle Safe on April 1st at Marseille Provence Airport.
Round tables, solution presentations, discussions on major security topics, and conviviality — here is our recap of the day!
People at the Heart of High Security
Three opening speeches perfectly set the tone for the rest of the day’s discussions.
Whether it was Stéphane Garguilo, Head of Safety and Public Security at Marseille Provence Airport,
the very inspiring Colonel Christophe Torrisi, Advisor on Territorial Affairs,
or Jérôme Perrin, General Director of Pôle Safe — the message was clear:
People are and will remain the key factor in any protection strategy.
- Training and awareness
- Clear protocols (signage, displays, education)
- Ease of use
The feeling of security is a prerequisite for effective access control.
To reach and maintain the appropriate level for each level of criticality,
innovation must be integrated in a thoughtful and structured manner.
- Risk analysis and mastery of the legal framework
- Collaboration with the entire security ecosystem
- Definition and deployment of necessary technologies
- Performance monitoring, testing, and continuous improvement cycles
Round Table: Spotlight on the CER Directive
Sensitive sites go hand in hand with the Critical Entities Resilience Directive (the big sister of NIS 2). The panel gathered for the round table, moderated by Philippe Leclerc, reflected the diversity of France’s most critical sites and events:
- Military Base (Air Base 142 in Istres – Lieutenant-Colonel Thomas)
- 2024 Olympics (Frédéric Jouhaud)
- Petrochemical Site (Petroinos Ineos Lavéra – Walter Brugot)
- Nuclear Site (Orano – Stéphane Suarez)
Tibaud Estienne spoke as a SPAC Alliance expert on regulation and innovation to put these specific security levels into perspective with the European regulatory framework.
Security and Fluidity
LCL Thomas
The Istres base is out of the ordinary: 2,500 hectares, 500 buildings, 5,000 civilian and military personnel, and… just 2 entrances requiring visual authentication.
How do you handle vehicles with multiple occupants and avoid congestion at peak hours?
Visual control is speeding up thanks to RFID badge technology, with ongoing trials coordinated with military headquarters.
Stéphane Suarez
For nuclear sites, the methodology is based on a performance demonstration.
The goal is to show how regulatory challenges are being addressed.
At the entry level, work is progressing toward using biometrics to simplify and optimize guards’ work.
Access rights control is key, but the most serious threat comes from intrusions requiring specific countermeasures for detection and alert.
For example, hidden intruders in a truck can be detected by scanning for biological signals.
Frédéric Jouhaud
With about 13 million spectators and 300,000 accredited individuals (athletes, staff, service providers, media…), managing flows at Olympic sites—
especially the unprecedented opening ceremony in the city—required perfect coordination.
Several zones were defined: traffic control, internal security and anti-terrorism zone, the 2024 Olympics perimeter, and the competition site.
A global vision is essential, and solutions can by no means be limited to just technology.
Walter Brugot
At the Lavéra site, they handle 2 to 4 trains, 200 trucks, and 4,000 people daily. One solution was to create a remote warehouse to reduce small delivery flows by 85% (under 500 kilos).
For perimeter control, the response is a mix of technology and human presence due to cost and reliability, especially for verification purposes.
This is crucial on a 650-hectare site where it’s easy to get lost, highlighting the importance of signage and real-time tracking of trucks once they’ve passed the control zone.
Additionally, 17 nationalities work together. The current geopolitical situation means some nationalities must not be on-site at the same time to avoid conflict, requiring specific delivery scheduling.
Thorough work is needed, starting with the administrative background check,
which helps reduce the number of high-risk individuals and significantly lowers thefts and incidents.
Building a fortress is an illusion. Without fluidity, there’s no business.
A Regulatory Framework in Motion
Tibaud Estienne
Beyond NIS 2 and CER, the Cyber Resilience Act (CRA)
will bring a high level of trust in both hardware and software solutions with mandatory security requirements across Europe – Zero trust, default key and password bans, component origin traceability, full lifecycle maintenance, mandatory vulnerability reporting – the industrial ecosystem and software publishers have until 2027 to deliver reliable and sustainable solutions.
One of the goals is to avoid the deployment of infected hardware (e.g., certain Chinese cameras) for malicious or intelligence purposes.
We must now embrace sovereignty in design, innovation, and manufacturing.
In France, over 30 decrees are expected to implement the NIS 2 / CER / DORA trio.
For the CRA, there are over 40 European standards, including one specific to access control systems in which SPAC Alliance and its members are expected to play a central role.
Without a doubt, the ecosystem (manufacturers, integrators, and institutions) will offer tools that balance needs, innovation, and obligations for each level of criticality. This is possible thanks to the efforts of collectives like Pôle Safe and SPAC Alliance.
The most recent example: the evolution of ANSSI Scheme No.1 with the addition of a second authentication factor at the reader level (PIN Code or Biometrics) in a transparent mode.
Nevertheless, legislation can clash and be overly vague, especially when specific requirements are added for certain activities (SEVESO sites, ATEX, Nuclear) or strategic domains (Military Programming Law).
Innovation Serving People
In security matters, education is key. It helps gain acceptance of constraints and avoid, for example, social unrest, but also involve all users in detection and surveillance efforts.
On sensitive sites, managing external individuals (visitors, workers during construction) can require heavy resources (onboarding, supervision). On a military base, specific teams can be deployed within minutes.
For others, reliance must be on the ability to detect, alert, and communicate with response forces as quickly as possible. Here, technology should ease the burden on control teams, who can then be trained to detect early warning signals of threats and identify them (distinguish a plane from a drone, spot hovering, alert authorities, record incidents, etc.).
In the event of an alert, it’s crucial to lock down vital areas quickly to limit potential consequences of an intrusion or attack. A degraded mode of operation must always be possible to ensure business continuity.
Biometrics help reduce authentication errors and streamline access. The palm profile appears to be a suitable solution, both in terms of security and hygiene (contactless, unlike fingerprint scanning).
How to Integrate Cybersecurity Into Your Tech Model?
The Challenges of Biometrics
Whenever we talk about biometrics, all precautions must be taken. If a badge is lost, it can be revoked and replaced within seconds. Loss of a biometric template, however, is permanent. All security professionals carry significant responsibility towards users and must ensure the highest level of protection.
Biometrics can enhance security and fluidity, but it cannot stand alone. For instance, one can fool cameras using real-time deepfakes based on a profile photo found on social media (thanks to AI).
Security must be viewed panoramically. If closing one gap opens another, protection is not improved.
Hence, the issue of template storage arises. It is strictly regulated and only permitted under the user’s initiative and control (e.g., stored in a physical badge). Smartphone biometric capabilities could be used, but some regulations prohibit them. However, the eIDAS V2 regulation requires each EU member state to develop its own digital wallet with extensive capabilities, particularly regarding authentication. A collective effort is needed to harness this potential to address some of the issues raised during the round table.
Countering Hybrid Attacks
The new paradigm introduced by NIS 2 and the CER directive is best summed up by this ENISA statement: there should be no distinction between physical and logical security.
8% of data breaches since 2020 (IBM study) have stemmed from a physical security breach. If cyber protection is too strong, infiltrating the premises to corrupt the IT system becomes simpler and more profitable. The reverse is also true — one can launch a digital attack to gain physical access to a sensitive site. These hybrid attacks call for unified security strategies, particularly those based on secure communication protocols that promote interoperability.
For instance, SPAC Alliance supports the SSCP communication protocol, a sovereign industrial standard evolving under member initiative. Highly secure (mandatory component authentication, high-level encryption), meeting the strictest requirements (the most widely used protocol in certified solutions), and backed by a growing ecosystem, SSCP illustrates the importance of understanding, innovating, and collaborating.
Effective technology integration requires this collective effort and should be realized by participating in standardization and certification processes in France and across Europe. This is one of SPAC Alliance’s missions.
Europe Is Supporting Us
At the conclusion of this round table, Jean-Florian Bacquey Roullet (NCP Cluster 3 – Civil Security for Society) explained how to obtain funding and support in the field of research and innovation, a key issue for both critical entities and the broader ecosystem. You can find this program by following the link below:
Presentation of High-Security Solutions
Several exhibitors (Exokare, Move2Digital, Primavap, Rohde & Schwarz, Technis), as well as SPAC Alliance members (Nedap France, Onet Sécurité, Coppernic, and Secure Systems & Services), presented innovative and well-established high-security solutions capable of meeting the requirements discussed earlier in the morning.
Other members also stopped by (Omnitech with Sylvain Bosquet and FDI with Didier Poiraud), offering a great opportunity to talk security in the exclusive setting of the Panoramic Lounge.
The Review
Being invited to discuss real-world challenges with leaders from top-tier critical entities is an honor. When we share the same vision of security and the same commitment, it becomes a genuine pleasure.
SPAC Alliance warmly thanks Pôle Safe for their trust, as well as the various speakers who all embraced transparency. This was a highly meaningful day for us, providing concrete input that will help us enhance our content and guide our group work to remain as relevant as possible.
A final double thank-you to Marseille Provence Airport — for the warm and seamless welcome at the Panoramic Lounge, and to Stéphane Garguilo for his perfectly chosen words to start the day.
