Last June, Mr. Frédéric FAUTRIER, Director of the Monegasque Agency for Digital Security, met with the Bureau of the Monegasque Association of Financial Activities to review its work.
Can you summarize the missions of the AMSN?
This agency is the national authority in charge of digital security for the Principality. It sets a course, objectives, so that certain operators in the Principality, and in particular banking establishments, secure their information systems as well as possible. Its role is also to assist in the implementation of these security measures, and to participate, if necessary, in the resolution of cyber security incidents.
How are the controls carried out?
As far as possible, we do not want to carry out controls in the strict sense of the word, unless there is an incident or we have doubts about the good faith of an operator's declarations. The objective is to convince the operators concerned by this regulation that it makes sense, to apply the rules and to control them, and to make this approach sustainable. The AMSN is an administrative authority but also a public service; its agents must therefore first and foremost serve the State and its citizens
Which AMAF members are affected by these provisions?
In consultation with the AMAF, we considered that we would only deal with the banking sector. Except in exceptional cases, including asset managers in the provisions would have been disproportionate to the issues at stake: an IT problem in this type of company would not prevent the Principality from continuing to operate.
We have very regular exchanges with each of the members of the AMAF who ask us about specific subjects: for example, they want to validate the compliance of their approach with the objectives we had set; or to anticipate the resolution of a cyber security problem. The process is very interactive.
Depending on the institution, our contacts are different: the director or the head of the IT department, the people in charge of compliance, the head of IT security... generally, we discuss with all three.
What are the challenges of the AMSN?
In a very tense international cyber context, we want to avoid on the one hand the leakage of banking data on the Internet, and on the other hand that banking establishments are attacked and held to ransom with the threat of rendering their Information System inoperative.
These two dangers have motivated the issuance of the 165 rules constituting a reliable protocol to reinforce computer security.
For the first time this year, we present the results of our work to the AMAF. All the rules are applied by the institutions, even if some of them are more mature than others. This is satisfactory and constructive. We will continue our monitoring because cyber-attacks, in an uncertain international context, tend to increase.
Maintaining vigilance over time is a crucial point.