Thank you for the question.
I come from Europe, and it's true that in France, in particular, there is the Agence nationale de la sécurité des systèmes d'information, which plays an observatory role as well as a sovereign role, as Dr. Frédéric Cuppens mentioned earlier. So we need a similar institution that would operationalize, if you will, the protection of our systems and infrastructure. It could be the Communications Security Establishment.
We have all kinds of rules on computer hygiene and rules that tell us how to protect ourselves or react to attacks, but there is no obligation to enforce these rules on protection, detection and response to intrusions. It seems to me that establishing such an institution that would play a role as a cyber‑surveillance and observatory, that would push for regulation and verify that the rules are being applied, is of paramount importance to ensure that we are moving in the right direction.
Some might say that it's complicated for small‑ and medium‑sized businesses to apply certain rules. However, they could be associated with an entity that is conducting cyber‑surveillance to help them gradually acquire that protection. We talked about the supply chain earlier. Attacks aren't directed at entities head‑on; they always come from third parties, particularly in the supply chain. So they tend to be the least secure entities.