Skip to content
Don't miss

Get the daily Cyber Briefing in your inbox

SIGN UP
Podcast

Transatlantic Reset: Private Sector Diplomacy & Digital Trust with Sébastien Garnault

Season 3 Episode 13 •

Show Notes

Overview

Transatlantic cyber cooperation is being tested by political strain, regulatory divergence, and competing ideas about sovereignty, trust, and market access. In this episode of Cyber Focus, Sébastien Garnault argues that if the United States and Europe want to keep working together on security, they need to move quickly to make that cooperation practical, especially in critical infrastructure and digital markets.

Speaking from a French private-sector perspective, Garnault makes the case that governments alone may not be able to repair or sustain that cooperation at the speed the moment requires. He points instead to private-sector partnerships, shared market incentives, and clearer language around security standards as possible ways to keep the transatlantic relationship workable even when public-sector trust is under pressure. The conversation also explores how Europe and the United States differ on clean versus trusted technology stacks, how threat perceptions shape national requirements, and how privacy, AI, and data localization debates can either strengthen or complicate cooperation. The conversation was recorded on February 11, 2026.

Main Topics Covered

  • Private-Sector Cooperation as a Strategic Bridge: Why Garnault believes business-to-business cooperation may move faster than government-to-government diplomacy when trust is strained.
  • Clean Stack vs. Trusted Stack: How U.S. national-security thinking and EU market-standard thinking create different paths for defining who can participate in secure digital markets.
  • Threat Perception and Market Access: How geography, history, and national priorities shape security requirements across Europe and affect access to critical infrastructure markets.
  • Trust, Sovereignty, and the Transatlantic Reset: Why Garnault sees damaged trust as a real obstacle, and why he argues for a reset rather than a rupture in U.S.-European cyber cooperation.
  • Privacy, AI, and Data Localization: How French and European views on privacy, regulation, and AI governance differ from those in the United States, and why those differences matter for security and interoperability.

Key Quotes

“Maybe what we’ve done in the last decade and what we will do in the next decade don’t belong from government but belongs to us.” — Sébastien Garnault

“We can do a reset; we cannot afford a reboot.” — Sébastien Garnault

“The damages that have been done in our trust, mutual trust, are very deep. So we need to fix it quickly.” — Sébastien Garnault

“The best way for us to cooperate with our allies is to use the market because the market is less political than national security.” — Sébastien Garnault

“From my standpoint, the glue that binds us together is much greater than anything that can tear us apart.” — Frank Cilluffo

Links/Resources

CyberTaskForce: https://www.cybertaskforce.fr/
Paris Cyber Summit: https://www.paris-cyber-summit.com/

Guest Bio

Sébastien Garnault is the founder of the CyberTaskForce and president of the Paris Cyber Summit. He joined Cyber Focus while in Washington leading a French delegation meeting with U.S. policymakers, industry leaders, and other decision-makers, and spoke in a private-sector capacity rather than on behalf of the French government.

Transcript

1
00:00:00,000 –> 00:00:01,000
Sébastien Garnault [00:00:00]: So what is the reset? What is the condition that the US company can participate in our security and how backward we can also participate in the US security because we are interconnected?

2
00:00:01,000 –> 00:00:02,000
Frank Cilluffo [00:00:16]: Welcome to Cyber Focus from the McCrary Institute, where we explore the people and ideas shaping and defending our digital world. I’m your host, Frank Cilluffo, and this week I have a special guest joining us today. Sebastian Garnault, who is founder of the Cyber Task Force and president of the Paris Cyber Summit. He is in D.C. this week leading a delegation from France, meeting with a number of U.S. policymakers and decision makers and industry leaders, and comes to this role as a private sector citizen and is speaking on his own behalf here, not on behalf of the republic, but really excited to have Sebastian here. We had a great discussion with his delegation earlier. And Sébastien, thank you so much for joining us.

3
00:00:02,000 –> 00:00:03,000
Sébastien Garnault [00:01:00]: Thank you for having me. I’m so happy to be here.

4
00:00:03,000 –> 00:00:04,000
Frank Cilluffo [00:01:04]: Thank you, thank you. I thought we’d start just to level set and let our viewers and listeners get a sense of how France is structured and governed to deal with the cyber threat. And then we’ll get into a couple of issues in greater depth, but I thought just as a baseline to start, to start us out.

5
00:00:04,000 –> 00:00:05,000
Sébastien Garnault [00:01:23]: Thank you, thank you for having me and for giving me the opportunity to explain how it works in our country, because I think that, uh, it’s with knowledge that we can make our alliance and the Transatlantic reset, uh, actionable. So here’s the point: we have the threat which belongs to the states, and we have the cyber risk which belongs to the market. And there is a match of the threat and the risk, which is the critical infrastructure. Here, how we are organized, we have our cyber command, which is military, it’s defense, and we have a cyber commander who leads that. But on the civil part, on the national security part, we have our CISA, which is way more actionable because it’s a real entity with power, and they are monitoring the ecosystem and the market. The name is ANSI. So this is on the public side. Of course, we have also a judicial approach of that with the G3 parquet.

6
00:00:05,000 –> 00:00:06,000
Sébastien Garnault [00:02:31]: That is the name in France. It’s kind of a national security cyber division in the DOJ. So judiciary, executive, military, with each one has a decision to take on the topic, and everything is monitored by our Prime Minister. So this is how it is structured. Does it work?

7
00:00:06,000 –> 00:00:07,000
Frank Cilluffo [00:02:56]: That’s the question.

8
00:00:07,000 –> 00:00:08,000
Sébastien Garnault [00:02:57]: Well, more and more, but they need the private sector. This is why I’m very committed to bridge the private, the French private sector, and the French public sector to better understand each other. And this is also what we are doing here in, in DC.

9
00:00:08,000 –> 00:00:09,000
Frank Cilluffo [00:03:14]: And you know, we’re struggling with that in the United States as well. I often say we’re long on nouns, short on verbs. We all recognize the need. In practice, it’s still a work in progress, but it’s the way to go, right? And even when we start thinking about, as you referred to as the transatlantic reset, it’s not just going to be government to government, but potentially industry to industry as well, or sector to sector, more ideal, because there’s trust between these various communities and they face the same problems and they face the same threats, right?

10
00:00:09,000 –> 00:00:10,000
Sébastien Garnault [00:03:48]: Well, I agree with that, and I think even more that the private sector has a key role, strategic role to play, because what is the state of our public sector, public-public relationship? Very tense. There is lots of things going on. We have the Greenland case, which is government to government. We are businessmen. We need to have results and we need to make money. So maybe what we’ve done in the last decade and what we will do in the next decade don’t belong from government, but belongs to us. So I agree that if we find a way to match our clean stack and trusted stack in the following weeks, following month, not following year, we don’t have that time.

11
00:00:10,000 –> 00:00:11,000
Frank Cilluffo [00:04:40]: We don’t have years.

12
00:00:11,000 –> 00:00:12,000
Sébastien Garnault [00:04:41]: No, no, no. I think we have weeks. So if we can manage to do that on our own, this is our responsibility in a way, then the government will have no choice to follow us because they need us either for their national security activity, but also for the economy and the market. Let’s make something together.

13
00:00:12,000 –> 00:00:13,000
Frank Cilluffo [00:05:04]: And one of the topics we’ve touched on in various different ways in many previous episodes is sort of the blurring between national security and economic security. And when you think about cyber in particular, especially when you think about critical infrastructure owner operators, that’s not run by government, right? It’s run by industry. So I think that it’s just riding the wave where the wave is going, right?

14
00:00:13,000 –> 00:00:14,000
Sébastien Garnault [00:05:33]: Well, from my European perspective, when I’m looking at this topic, I always think about the EU because the market is driven at this level. Why? Because we are a digital single market to make our companies get in through multiple national level. But here’s the point, when it comes to cyber, national security belongs to the to the states’ capitals. Paris defined its own, uh, view, which is very different from Hungary, which is discussing with Russia, and very different from Estonia, which is frightened and threatened by Russia. We have an East Front, we don’t have an East Coast. So if you think that way, then the Transatlantic reset makes sense, because we can do a reset, we cannot afford a reboot. So what is the reset? What is the condition that the US company can participate in our security and how backward we can also participate in the US security because we are interconnected.

15
00:00:14,000 –> 00:00:15,000
Frank Cilluffo [00:06:42]: And I’d love to, help our viewers and listeners understand clean stack, trusted stack. What are we talking about there?

16
00:00:15,000 –> 00:00:16,000
Sébastien Garnault [00:06:50]: Well, so in my view, because we are waiting for the national cyber strategy from the US to better understand what is a clean stack.

17
00:00:16,000 –> 00:00:17,000
Frank Cilluffo [00:06:57]: You’re not alone.

18
00:00:17,000 –> 00:00:18,000
Sébastien Garnault [00:06:58]: Yeah. Well, I would say that the Clean Stack is the one who is national security oriented. So I guess it’s a stack without Chinese technology. So if we are going to the EU, as we have a market approach and market standard, then it’s a trusted stack. No matter who you are, where you’re from, the question is, are you complying with the standard according to the market you want to get in. And we won’t have a common definition of what is clean stack because again, Hungary is discussing Russia. So the best way for us to cooperate with our allies is to use the market because the market is less political than national security.

19
00:00:18,000 –> 00:00:19,000
Frank Cilluffo [00:07:45]: And at the end of the day, it’s what keeps our lights on and keeps our power running and keeps our trains and planes and all transportation moving. So I think, I think it’s inevitable it gets there. It might take some time to get to that point, but it’s a fight worth fighting.

20
00:00:19,000 –> 00:00:20,000
Sébastien Garnault [00:08:01]: But if I can add something, we did a mistake. And here’s the point. To promote our standard, we use the national security wording. So I think that we need to keep going, but change wording. What does it mean? When you have SecNumCloud, SecNumCloud is our standard to get into our critical infrastructure market. You can define it in two ways. You can say it’s to avoid the US company, which is wrong, but you can say it because that is true that if the US company doesn’t comply with the standard, then there is a problem. Or you can say, no, it’s a transatlantic tool to allow the US company to get into our market under command and control approach.

21
00:00:20,000 –> 00:00:21,000
Sébastien Garnault [00:08:54]: We, France, are a nuclear power. We have the civil and the military. We are targeted by Russia in Africa. We are targeted by China in Indo-Pacific, which is not the case for Poland, Finland, or whatever or Romania. So our view is different and our requirement in the procurement cannot be the same, cannot be the same. So if you understand that, and I think you do because I know Fendrum here and it’s actually exactly the same, but you have been way more thin in the way you’re promoting this. You’re saying you want to get to the market, you need to be a trusted vendor. We have our transit border tool, which is in France Technicloud, and in another country it will be another requirement because the threat is not the same, the perception is not the same.

22
00:00:21,000 –> 00:00:22,000
Sébastien Garnault [00:09:52]: What is the good news? National security perceptions are not built in one day. They are built for decades. It’s not new that the east front is looking at Russia. So you can anticipate how they’re going to look at a topic or a policy from that perspective. Same for France. Our activity in Africa is not like yesterday’s news. It has been for like, well, 400 years. So when you take this long view approach, then you can build and work on the trust architecture.

23
00:00:22,000 –> 00:00:23,000
Sébastien Garnault [00:10:35]: And this is where the impact is important and words are key. What do we want facing the threat and facing China? Do you want Greenland impact? Or do you want DOJ and cooperation against a ransomware group impact? That’s the question we need to ask ourselves. And the good news is that is not our point as a private sector. We need to get the market.

24
00:00:23,000 –> 00:00:24,000
Frank Cilluffo [00:11:02]: Well said. Well said. And truth is, is when we’re looking at ransomware, everybody is facing that particular threat from the biggest companies to the smallest companies. And it’s global in nature. And some of them are initiated by proxies of foreign adversaries. Right? So if you were to rack and stack the threat environment, my view from a U.S. perspective, China is the existential threat.

25
00:00:24,000 –> 00:00:25,000
Frank Cilluffo [00:11:29]: Russia is a very capable cyber actor, and they’ve shown little impunction. They utilize it quite regularly. Iran, North Korea, what they lack in capability they make up for with intent there, but they are savvy cyber actors. And basically any country with a military has a cyber capability. Would you differentiate from that, or is it pretty much in line?

26
00:00:25,000 –> 00:00:26,000
Sébastien Garnault [00:11:54]: Well, maybe I can take this part. I can walk in your shoes, but I will keep my European glasses.

27
00:00:26,000 –> 00:00:27,000
Frank Cilluffo [00:12:03]: Perfect.

28
00:00:27,000 –> 00:00:28,000
Sébastien Garnault [00:12:04]: I cannot do differently. So yesterday, because we are here in DC for two reasons. First, to commit and to work with our ally. We know that we are the oldest, we are not the closest.

29
00:00:28,000 –> 00:00:29,000
Frank Cilluffo [00:12:20]: It’s the 250th anniversary. How can we not thank France for that?

30
00:00:29,000 –> 00:00:30,000
Sébastien Garnault [00:12:25]: So no, but we are the oldest and not closest, the British are the closest. So that’s very normal that they are supporting you in any ways. We are the holders. So maybe we’re more prepared, someone were a bit more challenging, but because again, the threat is not the same. What I’ve learned yesterday, and I logged this sentence, is Russia is a storm, but China is climate change. This is a very US perspective. Ask this to someone living in Finland.

31
00:00:30,000 –> 00:00:31,000
Frank Cilluffo [00:12:57]: Yeah, yeah, yeah. And, and they don’t have time to think about that. They have the immediate impact, which is, which is well said. So, but by and large, the actors are the same, but mix and match in terms of priorities from the national perspective.

32
00:00:31,000 –> 00:00:32,000
Sébastien Garnault [00:13:15]: Actually, yes, because of course, um, well, the threat is not the same. We are threatened more by disinformation by Russia and also through proxies, where when China is more prepositioning to anticipate something, and we have very recent takes on that, you know, that was fun. Two weeks ago we had this Chinese citizens in the south of France having in his garden technological material that you don’t have, especially when you have military not far. So our intelligence community kicked them out. But here’s the threat. It’s not exactly the same because they are not looking for the same objective. China is fighting for the worldwide leadership when Russia is fighting for Eastern Europe. So they are using either one way or another.

33
00:00:32,000 –> 00:00:33,000
Sébastien Garnault [00:14:18]: And in Africa, we are very targeted through misinformation. That explains why we have Viginum, which is fighting this. And this is why in the US you don’t have that kind of thing, because you have another approach that’s facing another threat. So again, you find in the policy that the operational, well, policy operationalize threat perception. And then when you have the policy, you have the rules to access the market. What I would like to say to our colleagues from the US private sector, the American private sector, please come and you will be more than welcome to get the money, but we have our national requirement and we cannot negotiate our constitution and we won’t. And we are not asking you to do that.

34
00:00:33,000 –> 00:00:34,000
Sébastien Garnault [00:15:21]: So how we make things possible instead of leverage barriers?

35
00:00:34,000 –> 00:00:35,000
Frank Cilluffo [00:15:26]: Well said, and I think that that’s the same from any national perspective and it is the right perspective. From my standpoint, the glue that binds us together is much greater than anything that can tear us apart. And we have 250-plus years to be able to look to that. And I think that that is essential. Looking at sort of the national security sets of issues, France recently came out with their national cybersecurity strategy and they’re calling for a little more proactive approach, which I think is receptive to some some of our activities right near here, and they’re calling for active sovereignty. What are your thoughts on that?

36
00:00:35,000 –> 00:00:36,000
Sébastien Garnault [00:16:13]: So first, I would say that the private sector, or at least me, would have waited way more of this strategy. I would say that to this point, we have the frame, but we don’t have the measure what we need to do. So probably, in the classified version, I’m sure there is lots of interesting things, but in the public one, most of the actionable measures are postponed to 6 months. Do we have this time? I’m not sure. This is not policy at AI speed. Well, this is how we are doing this. This is my first point. The second one is that private sector is not into it.

37
00:00:36,000 –> 00:00:37,000
Sébastien Garnault [00:17:03]: So when I’m here and I’m seeing the private sector soon integrated to the national security infrastructure, and in my country—

38
00:00:37,000 –> 00:00:38,000
Frank Cilluffo [00:17:12]: It’s not the case yet.

39
00:00:38,000 –> 00:00:39,000
Sébastien Garnault [00:17:13]: It’s not the case yet, but for cultural reason, for historical reason, but the shift, we are in the 21st century, we’re not anymore in 20th. So we need to change the mindset, the tools, and the speed. The tempo is very important. And again, back to the US perspective, I’m not discussing your national security priorities. That’s not my job. I’m a citizen from France, not from the US. However, when you’re doing what has been done in Greenland, here’s the signal. Trust is not a lever to act together, and if you don’t comply with what I need, then I’m attacking you.

40
00:00:39,000 –> 00:00:40,000
Sébastien Garnault [00:17:59]: I think it is underestimated the damages that have been done in our trust, mutual trust, are very deep. So we need to fix it quickly. And I think that again, private sector and private sector as a line, we have a lane on that.

41
00:00:40,000 –> 00:00:41,000
Frank Cilluffo [00:18:19]: So what I’m hearing is agnostic to diplomatic highs and lows, private sector to private sector is a way to go, right?

42
00:00:41,000 –> 00:00:42,000
Sébastien Garnault [00:18:30]: That’s what I think because otherwise we can discuss the national, the US national security strategy, okay? Why? I don’t have time for that. However, I have time to access, to win market. I want to put my time is making money. Because more the private sector in cyber is making money, more the society is secure.

43
00:00:42,000 –> 00:00:43,000
Frank Cilluffo [00:18:55]: And let me ask, so another often discussed set of issues on the transatlantic partnership is regulation vis-à-vis non-regulation. What are your thoughts there?

44
00:00:43,000 –> 00:00:44,000
Sébastien Garnault [00:19:08]: I had this conversation with Chris Albright from Recorded Future, and we disagree. So we are known apparently for this regulation. What you don’t understand is that if we don’t take them, you can’t have the access to the digital single market, which is 27+ market. So we can also not taking regulation, but then you will have a problem. Let’s go on AI and the AI Act. That’s, it has been, well, again, a mistake because we, we are trying to go fast and we were like, okay, so AI is very disruptive.

45
00:00:44,000 –> 00:00:45,000
Sébastien Garnault [00:19:53]: I’ve seen Anthropic calling for frameworks, and that makes me laugh because we did it, it was the opposite 2 years ago. But we did a mistake because instead of framing the direction we frame the innovation, and that’s not good. So we need less regulation for innovation, but we need rules of the game. And this is exactly what I’m seeing here in the US. I’m very interested in looking what is happening here because Anthropic refuses to participate in the military action. And there is a conversation on that, meaning that the private sector, the US private sector has its own ethic. So what is, what is the best? Having its own ethic that can turn in one day or having a stable long-term approach that make the market and the innovation predictable? I don’t know, but I prefer long-term approach.

46
00:00:45,000 –> 00:00:46,000
Frank Cilluffo [00:20:59]: And I’m glad you sort of brought up AI in this context. So we’re looking at a, we have a task force stood up with the US Chamber of Commerce looking at streamlining or bringing in common sense regulation. I don’t think anyone would say zero regulation is an answer, but because you need the rules of the road. But I also think that well-intended, every entity looked at it through their lens and next thing you know, they’re not looking at it from the user’s perspective. And the challenge I have is it often just creates this check the box mentality, which doesn’t lead to real security. Are we in jeopardy of going through that same headache around AI? Well-intended or not.

47
00:00:46,000 –> 00:00:47,000
Sébastien Garnault [00:21:46]: It could have been, uh, before, before Munich I would have said yes. After, I’m seeing a shift.

48
00:00:47,000 –> 00:00:48,000
Frank Cilluffo [00:21:56]: What is that shift?

49
00:00:48,000 –> 00:00:49,000
Sébastien Garnault [00:21:57]: In the mindset. And I think that the most important is the mindset, because if you look at an innovation thinking how I will frame it then you are not thinking about how I will use it. So maybe we can look at use of AI and then look at the framework. What are the use cases? And we are on that path. And this is what we were discussing earlier, agentic AI. I’m sure, that’s for sure, that the European Union will look at it as a regulatory, sorry, uh, frame. Why? Because it’s, it’s DNA. It’s not the states.

50
00:00:49,000 –> 00:00:50,000
Sébastien Garnault [00:22:41]: They don’t have power on the national security and defense. So the only way to seize technology is through market tools, and the only market tools is regulation.

51
00:00:50,000 –> 00:00:51,000
Frank Cilluffo [00:22:53]: And you can’t put the genie back in the bottle. So, so there are two big questions in terms of AI and, and we’re often looking on this podcast, I brought in a lot of our national security community who always tends to lean on the adversary is the big beneficiary for AI. Then I’ll bring in industry partners and they’re saying actually the blue, the defender is the big beneficiary of AI because it can automate tons of activities. The reality is, is it’s both, right? I mean, it can increase the adversary’s capability, but simultaneously it can automate some of our responses in a better, sort of way. The question is, who’s making these decisions? And is it going to come from Paris, or is it going to come from an innovative technology company, or in this case, DC or Silicon Valley? I think we’re seeing that debate play out as we speak in terms of Anthropic and, and others. But I’d be curious what your thoughts are there.

52
00:00:51,000 –> 00:00:52,000
Sébastien Garnault [00:23:54]: Well, if I got your point, I would say that maybe we are confusing, and there is a lot of confusion these days, two things.

53
00:00:52,000 –> 00:00:53,000
Frank Cilluffo [00:24:03]: And that’s not just the Russians, right?

54
00:00:53,000 –> 00:00:54,000
Sébastien Garnault [00:24:06]: But here’s my point. Why are we looking at AI use cases as a whole? Because finally there is military use cases that might have some rules that are not the same as in the civil world. And what is feasible is not always wishable. We’ve seen it with medical. We know how to clone people. We decided not to do so because we thought that it was not a good idea. Okay. And we are seeing this debate coming back.

55
00:00:54,000 –> 00:00:55,000
Sébastien Garnault [00:24:41]: Should we do everything that we can or not? And where is the boundary? And these boundaries cannot be set by innovative people because their mindset is to break the boundaries and to get the next gen, next move. So how, let them get the next move and having use cases that are framed in our value approach. Because again, since I’m in the US, I’m always hearing the same thing: where are shared values and like-minded states? And that is true. But are we classifying them the same way? I’m not sure. You are putting the freedom of speech for one, and that makes lots of sense when we know the 250-year history of the United States of America. But when it comes to France, my country has been built up very differently. So my approach is very different also, and I put privacy number one.

56
00:00:55,000 –> 00:00:56,000
Sébastien Garnault [00:25:44]: And I give you two examples for that. The first one is that our kings can put us in jail and get into our house without any permission. Privacy is property in the US in a way. The states cannot get in your property, but kings could. And then after the US Declaration of Independence, you had the French Revolution.

57
00:00:56,000 –> 00:00:57,000
Frank Cilluffo [00:26:13]: Yeah, you’re coming up on your anniversary soon too, right?

58
00:00:57,000 –> 00:00:58,000
Sébastien Garnault [00:26:16]: Very soon. And what has been said is that it’s over. The state won’t get into our private life and we put it in our Bill of Rights. So it’s number one. And there is another use cases. And I know the US people are very sensitive. It’s World War II. Do you know what states can do when they have access to personal data? They are organizing trains.

59
00:00:58,000 –> 00:00:59,000
Sébastien Garnault [00:26:47]: So lesson learned, no access.

60
00:00:59,000 –> 00:01:00,000
Frank Cilluffo [00:26:50]: But they’re not necessarily mutually exclusive though, are they? The reality, we can and must have both, right?

61
00:01:00,000 –> 00:01:01,000
Sébastien Garnault [00:26:58]: Exactly. It’s not a question of the one or the other, it’s how it is interoperable. So now you understand that, let’s talk about data, which is fueling AI. Data localization. This is a huge debate in France because of politics and blah, blah, blah. So we are looking at regulation that localize data on site. Great. But we cannot take this decision alone.

62
00:01:01,000 –> 00:01:02,000
Sébastien Garnault [00:27:30]: We need to do it with our partner in the EU. When you go to, let’s take Lithuania. When you go to Lithuania, they will explain to you that they need to exfiltrate their data in less than 20 hours. Lesson learned from Ukraine. So it makes no sense to have a data localization rule for that. Here’s the point: you can have both without taking the regulation. This is a wrong regulation to take because it compromises both national security. Same for values, privacy and freedom of speech.

63
00:01:02,000 –> 00:01:03,000
Frank Cilluffo [00:28:10]: And safety.

64
00:01:03,000 –> 00:01:04,000
Sébastien Garnault [00:28:11]: And safety, sorry.

65
00:01:04,000 –> 00:01:05,000
Frank Cilluffo [00:28:12]: No, no, you’re right on both, but—

66
00:01:05,000 –> 00:01:06,000
Sébastien Garnault [00:28:15]: Does it answer to the question?

67
00:01:06,000 –> 00:01:07,000
Frank Cilluffo [00:28:17]: Yes, no, that answered it well. And I just come back to it’s, when we think of data, it’s not just the exfiltration, it’s the integrity of that data. And that’s where new technologies like the blockchain can come into play, right? And you do have countries in Europe leaning forward, at least Estonia is, and others where the blockchain underpins all of governance.

68
00:01:07,000 –> 00:01:08,000
Sébastien Garnault [00:28:44]: Well, there is another move. It’s easier to drive, to have a shift in Estonia than in France.

69
00:01:08,000 –> 00:01:09,000
Frank Cilluffo [00:28:52]: Yeah, smaller country, yeah.

70
00:01:09,000 –> 00:01:10,000
Sébastien Garnault [00:28:54]: It’s not a smaller country, there is less people in it. But it’s a country. They have one vote in the EU Council. So for us, it’s a country that we, we cannot say it’s a small country. However, 1.2 million is more manageable than 68 million. So if you need to educate, because we didn’t talk about skills yet, but there is also this topic, if you, if you need to, to bring people to the AI speed and the AI level, you need to, to teach them what is AI. And, and 68 people, you are, you are like 450 million, I guess. Uh, it is, or are all Americans aware about AI and use of AI and how they can make more money with this, or are they afraid that they will take their job?

71
00:01:10,000 –> 00:01:11,000
Frank Cilluffo [00:29:48]: Well said. Yeah, that’s truth. And there’s truth to both of those end states there. You know, I often like to say since the end of the Cold War, threat forecasting has made astrology look respectable. So I’m not asking you to look in a crystal ball, but I am to an extent. What is one thing that you’re optimistic about and what is one thing that you’re pessimistic about in terms of cyber, AI for this year, for 2026?

72
00:01:11,000 –> 00:01:12,000
Sébastien Garnault [00:30:19]: Well, I will, I will switch the approach. I will, I will be realistic and pragmatic.

73
00:01:12,000 –> 00:01:13,000
Frank Cilluffo [00:30:25]: Okay, good.

74
00:01:13,000 –> 00:01:14,000
Sébastien Garnault [00:30:27]: So I think that in the coming year, we need to fix the NATO topic first. Secondly, we need to fix our market accesses in the EU, not in the US. If we do that, then lots of noises will disappear and, and the picture will be clearer. When the picture will be clearer, it will be easier to, to find anything to action, and by this time China will go fast. So we are in kind of asymmetric race where we need to partner, uh, and, and this is why again we need to change wording, to change the way we are doing things between us, because I think that Munich Security Conference 2025, where the message were European are weak, 2026, the message is we need you.

75
00:01:14,000 –> 00:01:15,000
Sébastien Garnault [00:31:31]: Okay, but we are not weak. We are nice and we are nice only with our allies. Because when it comes to our enemy, we fight them. And how’s the Ukrainian, how’s the Estonian? They are fighting. The French also, we are fighting in Africa. So the international security is based on our mutual trust. We need, this is our treasure. And this is also the history of our-

76
00:01:15,000 –> 00:01:16,000
Frank Cilluffo [00:31:59]: Our transatlantic alliance. Let me ask a very point-blank question. Are you getting to the point where some may trust China more than the United States in the market in Europe?

77
00:01:16,000 –> 00:01:17,000
Sébastien Garnault [00:32:10]: So that’s a very interesting question because this is one of my points when I last—

78
00:01:17,000 –> 00:01:18,000
Frank Cilluffo [00:32:16]: Which would scare me because the consequences are dire if that’s the case. But I don’t want to lead the witness.

79
00:01:18,000 –> 00:01:19,000
Sébastien Garnault [00:32:22]: No, but, you know, we are talking serious game about national security. And your question is more about politics.

80
00:01:19,000 –> 00:01:20,000
Frank Cilluffo [00:32:31]: Is it?

81
00:01:20,000 –> 00:01:21,000
Sébastien Garnault [00:32:32]: Ideology. Yeah, because you have people in France, for instance, who are preparing the campaign. It will be a key time in 2027, and they might have interest in targeting the US. And you know why? Because it’s always easier to target an ally than an enemy, because the answer is not the same. So this is my first take for my country. And then at the EU level, earlier today we discussed the topic, and you’ve seen that even in my country, debate is still alive because I disagreed with one of my colleagues, and I’ll let you know why. In the EU, you have Hungary who is talking with Russia and with China.

82
00:01:21,000 –> 00:01:22,000
Sébastien Garnault [00:33:16]: So yeah, I think that it is possible because of ideology, because of asymmetric approach of the threats, that the US will be a threat. And you know, Greenland impact reinforced this position.

83
00:01:22,000 –> 00:01:23,000
Frank Cilluffo [00:33:36]: Yeah, and my whole argument is we can’t let transactional tactical get in the way of strategic because the, the consequences will be significant.

84
00:01:23,000 –> 00:01:24,000
Sébastien Garnault [00:33:47]: Yeah, but again, uh, there is two ways to talk about this. You can use words to make things possible, or you can use words that make things impossible. We did our mistake with using our standard economic standards as with, with a national security wording. I think it would be, I think that you understood that the Greenland case was a bit too much. And this is exactly what State Secretary Rubio did in Munich. It’s, it keep going, but it changed wording.

85
00:01:24,000 –> 00:01:25,000
Frank Cilluffo [00:34:20]: Sebastian, thank you so much for spending so much time with us. Thank you for fighting for this important bilateral relationship. And thank you for joining us today.

86
00:01:25,000 –> 00:01:26,000
Sébastien Garnault [00:34:30]: Thank you so much.

87
00:01:26,000 –> 00:01:27,000
Frank Cilluffo [00:34:30]: Let me leave you with a token of our appreciation, both figuratively and literally. Thank you so much. Thank you for joining us for this episode of Cyber Focus. If you liked what you heard, please consider subscribing. Your ratings and reviews help us reach more listeners. Drop us a line if you have any ideas in terms of topics, themes, or individuals you’d like for us to host. Until next time, stay safe, stay informed, and stay curious.

Related Content