Abstract
ANSSI is the national body responsible for the security of IT systems within the state, but also within organizations or companies for which security issues may be critical. The seminar described the two types of attack that are becoming increasingly widespread, on data and computerized systems, their effects, the way they are carried out, and their potential perpetrators, whose identity is still difficult to prove. He emphasized the unpreparedness of players in many areas, for example with the widespread use of small PLCs and insecure connected objects, the still frequent use of obsolete systems such as Windows XP, the danger of untimely updates, or the use of poorly designed voting machines. He noted the importance of indirect effects, such as the loss of confidence in key players in the event of an attack. He detailed all the contributions made by science to the subject, with major advances in cryptography of course, but also the development of hardened software such as a version of Linux developed at ANSSI. Finally, he emphasized that security problems are solvable provided they are tackled at the right, very high level, that the design of programs and systems must integrate security from the very beginning of the design and throughout the product lifecycle, and that two crucial issues remain the training of all players and the construction of appropriate national and international legislation, of which the RGPD is a good start.