Thierry Berthier is a Lecturer in Mathematics at the University of Limoges and a researcher in cyber defence and cyber security with the Chair of Cyber Defence and Cyber Security at Saint-Cyr. He is a member of the Chair of Excellence “Management of Conflict and After Conflict” (GCAC) with IIRCO (International Institute of Research into Conflict Situations) supported by the University of Limoges Partnership Foundation. Thierry Berthier has become a cyber security adviser for several French media, including France Inter, France Culture and Le Monde.
What does your research cover?
My interest is in hacking techniques that use malware, and “stealth” software introduced into systems to extricate data from them.
Within the Saint-Cyr Chair, we study the implications of an attack from various levels, including technical, legal and geopolitical, and include the psychology of the attackers.
We endeavour to build instruments for measuring cyber threats, by designing new concepts.
We study the methods by which false data are disseminated in a civil or military context, as well as methods of automatically detecting false data. My latest study is on the Hoax-Crash type of attack. This type of attack relies on dissemination of false financial information with the aim of destabilising the share prices of a targeted business. For example, in the Vinci Hoax-Crash type of attack, four minutes after publication of the false information was enough to wipe over 18% off Vinci share values! The false information produced in a hyper-connected environment can thus have very significant economic impacts.
What are the challenges, especially in a context where terrorism is becoming more and more a real threat in France?
The “hacktivist” cells and terrorist groups are now using the full range of digital resources to conduct their operations or recruit new members. They can easily obtain highly offensive programmes on the malware market, especially on darkweb. During the most recent armed conflicts, activist and terrorist groups have used hacking to penetrate their adversaries’ systems and attack them. Since 2011, the Syrian conflict has entered the world of cyberspace by generating numerous cyber-attacks, launched against all of the belligerents. Cyber-conflict is therefore no longer limited to technologically developed states, but extends to everyone involved in the conflict. Groups of hackers often work as mercenary groups, paid by various clients or departments to carry out cyber-attacks on demand and steal sensitive data. It is now therefore essential to study the methods of these operations in order to foil these attacks.
In France, cyber defence is considered one of the three priorities of the latest National Defence white paper, and the State has dedicated a billion euros to it. A cyber-command unit has been created to provide support for the three armed forces (land army, air force and navy). Protection of our critical civil and military infrastructures has now become a national priority.
Are you giving thought to the interface between man and machine? Can you tell us more?
When a computer attack occurs, there is always a group of human actors, with clearly defined resources and motives, behind it. Their aims can be very different: to make money, to steal data and resell them, to damage the image of a company or a government, to disseminate false economic or financial information to influence a market, to create volatility around a share, or discredit a director.
The increased power of artificial intelligence will make these attacks steadily more powerful and more complex. The autonomy of certain systems, as well as automatic learning techniques, will remove the human operator further from direct supervision. There is a risk that attacks will also become automatic and be produced by autonomous systems. We have to consider this risk and think carefully and prospectively about the question of autonomy.
Should we fear artificial intelligence (AI) and robots?
American science fiction cinema often deals with this subject. In the films, the AI always turns on those who created it, as their enemy, a malevolent personality.
Recent surveys have revealed that France is the country most fearful in the world of AI. Most surprisingly, it is young people, especially students, who fear it. This lack of confidence in technology is worrying, at a time when the progress made by AI is about to greatly affect the world economy. This irrational fear has led to several debates. We are currently reflecting on this subject within the Saint-Cyr Chair and also at the Fredrik Bull Institute. In a recent article, we showed that within the framework of a defence AI, certain mechanisms could one day produce instabilities and potentially bring about a crisis or conflict. If they are activated in sequence, certain autonomous mechanisms and systems could “get into resonance” and become unstable without human supervision or guidance.
Whom do you work with for your research?
I am attached to the GCAC Chair in Limoges and to IIRCO, managed by Pascal Plas. This multidisciplinary chair has developed a dynamic network, which helps forge contacts and partnerships with other laboratories and with industrial concerns, as the chairs are often financed through sponsorship from businesses. With regard to the Saint-Cyr chair, the ideas come from the laboratories and may be technologically transferred to start-ups. Within the cyber domain, work with the major groups is essential as the products and platforms are developed by industrial concerns (such as Thales and Airbus), which purchase the patents. Reactivity is effective in this field, and the format of the chairs is particularly well suited in both the military and the civil sphere.