NSA whistleblower Edward Snowden speaks to European officials during a parliamentary hearing on mass surveillance at the European Council in Strasbourg, France, on April 8. (Frederick Florin / Getty Images)
PARIS — As European defense firms jump into the cybersecurity business to compensate for dipping military spending, they’re benefiting from the work of one man: Edward Snowden.
Speaking during the Eurosatory show, where firms such as Thales and Airbus pushed their cyber products, company and government officials said forecasts made last year of negative fallout for US firms had proved right.
“I do see a move to using European firms,” said a French government source, “and the losses will be huge for US firms in the future. It’s a very good thing for European companies. Thank you, Snowden.”
Shortly after the National Security Agency whistleblower revealed details of data-sharing by US firms with Washington, one analyst predicted the American cloud computing industry could lose $35 billion in contracts by 2016 as companies and governments outside the US decided their data was safer elsewhere.
Officials at Eurosatory declined to put a figure on the gains for European industry, or give examples of contracts lost by US firms, but said a shift was underway.
“We knew the NSA was working with US firms, but there has been an impact on customers’ perceptions,” said a source from a European firm selling cyber products. “US products are very good, but customers may now look to mix US and other solutions and that clearly helps us. I have seen examples of this in the [Arabian] Gulf.”
At Eurosatory, Swiss firm Ruag was using the Snowden leaks to promote its wares.
“After Snowden, we understand trust is important, and we analyze flows, not data,” said Florian Schutz, head of the cybersecurity division, who added that the economic benefit to Ruag is “slowly emerging.”
“Customers are aware that trust and privacy are important, and that was not always the case before,” he said. More than 50 percent of Ruag’s cyber revenue comes from government contracts.
During the show, Thales announced it had won a contract to supply secure Internet connections to 900,000 future users of the French government’s interministerial network. The firm now sees €500 million (US $678 million) in cyber revenue.
“[Snowden] has had an impact on the business,” said Cyril Autant, Thales’ space and information systems security manager. “Customers saw a danger in US systems, although in general they also saw that data security had a high value.”
The world market for cybersecurity is worth €60 billion, with 10 percent annual growth, Jean-Marc Nasr, managing director of Airbus Defence and Space France, said on June 17 at a media conference at the show.
An official with Symantec, the US cybersecurity firm, said he has not seen a backlash.
“If you have a better tool, you will spend more time explaining to the customer, but basically we have not felt anything,” said Laurent Heslault, director for cybersecurity strategies in Europe for Symantec.
But anecdotal evidence suggested attitudes have changed. One source reported that organizers of a recent banking seminar on cybersecurity in the UK decided to keep a lid on the number of US speakers, whereas a premium would have been placed on US speakers before Snowden.
“In the post-Snowden era, the appetite for European solutions on the part of governments and industry is increasing,” said Wolfgang Rohrig, cyber defense project officer at the European Defence Agency. “Just look at how the cloud computing market has changed — people walked away from US products.”
One French analyst said European governments are looking at ways to build capabilities in Europe to fill the gap.
“I would say this has given a huge political boost to European cloud solutions,” said Frédérick Douzet, chairwoman of the Castex Chair of cyber Strategy. “Snowden shed light on the dependence of Europe on US companies for data collection and exploitation, and there is lots of discussion about the lack of Internet giants here,” she said.
“As governments start to hire companies to make data public under ‘open data’ rules, they will be more careful about who they use,” she said.
Douzet said US firms still have not grasped the sense of unease in Europe.
“In Silicon Valley, the consensus is that if data is used by the government it is done through the due process of US law. But foreign companies won’t buy that,” she said.
The French government has already signaled its willingness to promote the role of home players. In February, then-Prime Minister Jean-Marc Ayrault said, “Only Europe can help create the conditions for the emergence of world champions to strengthen the protection of privacy, the security of data-hosting companies and citizens.”
A law issued in France in December specified that cybersecurity at nationally strategic firms needed to be evaluated, tested and approved by the government.
“This will probably help European firms because European firms are trusted,” the source said. ■