A liquidation scenario like the one in the movie is unfortunately entirely possible. We are talking about attacks on road traffic, air traffic, telecommunications systems, the media, power distribution systems, financial systems, the stock market. There are already examples around the world illustrating the possibility of those cyber-attacks. We think it is just a matter of preparation and means to unleash those types of large-scale attacks. Naturally, it is complicated for isolated individuals, but it unfortunately becomes entirely possible at country level.
We have some recommendations in that context. There are of course basic recommendations. The first recommendation is to stop using software from Russia, especially security software. A number of countries have already recommended that a famous Russian antivirus developer no longer be used.
According to the second assumption, cyber-attacks can come from anywhere in the world, not only from Russia. For example, it was recently shown that the Conti group was led by a 12‑year‑old girl living in Mans, France.
It is also absolutely necessary to raise the overall security level across Canada. That goes through the general mobilization of all resources to be able to address cyber-attacks and urgent needs in terms of federating and coordinating cybersecurity expertise in industry, academia and government.
We also suggest that the sovereign power take over anything related to the cybersecurity of critical infrastructure. That is what a number of countries have done, and that is what France did with its Military Programming Law 2019‑2025.
At Polythechnique, our efforts are focused both on research and on education. When it comes to education, it is extremely important to develop a program for basic education—bachelor's and master's degrees—but also for continuing education by establishing certificates and micro-programs, as well as a professional development program for short one to five day training.
Concerning research, we really believe there is a need to expand the work on cyber weapons as a deterrent. That goes through the development of solutions to meet the needs I will list on a priority basis.
First, there is attribution, the ability to find the true source of an attack. This is not a trivial problem; attribution is a key problem if we want to develop a doctrine for using cyber weapons.
Second, there is the internal threat. A lot of work today is focused on detecting and protecting against external threats. However, a large-scale cyber-attack, like the one we just brought up, will very likely require internal relays in the infrastructure targeted by the attack. So it is very important to develop solutions for monitoring internal threads to manage not only cases of malicious intent, but also cases of negligence. Unfortunately, internal threats are often related to negligence.
Third, parameters for measuring the real impact of a cyber-attack scenario are absolutely necessary to develop a cyber deterrence doctrine in line with the principles of response proportionality.
Fourth, there is cyber resilience, the ability to resist cyber-attacks. Polytechnique has worked on a number of critical sectors, such as finance, the supply chain, defence, the marine sector and aerospace.
In closing, I would say that, to meet those various needs, one of our priorities is the development of tailored solutions based in particular on artificial intelligence.
Thank you for your attention.