Protecting digital systems against cyberattacks

CEA-List’s cybersecurity platform brings together around 70 experts tasked with analyzing security vulnerabilities in software applications, integrated circuits, and embedded systems. Our teams also develop advanced techniques and tools to fend off cyberattacks and protect personal data.


A wide range of activities

Companies come to CEA-List for help protecting services, software, integrated circuits, embedded components, and other digital systems against cyberattacks and data leaks.

Our cybersecurity platform is home to 70 experts who use cutting-edge tools and technologies to identify even the most complex vulnerabilities in systems. They analyze how cyberthreats would affect a company’s systems and propose state-of-the-art cybersecurity solutions to mitigate the risks.

The platform’s size and scope of activity mean it is unrivaled by any other facility in Europe and has allowed us to form partnerships with around thirty companies, including Thales, Systerel, Trialog and Parsec. We also maintain close ties with academic research labs in countries all over the globe.

The platform works closely with Information Technology Security Evaluation Facilities (ITSEF/CESTI), helping advance the stat-of-the-art in the assessment of commercially available security products.

1 300 m²

of facilities



5,8 M€

invested in the last 3 years



1,1 Mloc

open-source software

Detecting and addressing vulnerabilities

CEA-List develops tools to verify the security of software systems such as Frama-C for source code verification, Binsec for binary code analysis, and Unisim for platform virtualization. Frama-C has been identifies by NIST as one of the only tools in the world capable of exhaustively detecting entire categories of flaws in safety-critical software.

We also own hardware platform simulators and test benches for simulating faults, replicating physical attacks on electronic components, and analyzing network communications.

CEA-List’s cybersecurity experts use a wide range of innovative tools to secure all aspects of digital systems, including:

  • SIGMO-IDS and Neon, which detect attacks on communication links and instantly deploy software countermeasures to secure and reconfigure the network.
  • COGITO, a compiler that inserts countermeasures into electronic circuits to neutralize cyberattacks.
  • Blockchain-based solutions for tamper-proof data exchange across networks.
  • Cingulata, a privacy-by-design tool capable of processing encrypted cloud-based data without decrypting it.

For the protection of personal data, CEA-List’s cybersecurity platform uses BiGπ, which can process encrypted cloud-based data without decrypting it. BiGπ offers a number of advantages: rapid, transparent implementation, low-latency algorithms, guaranteed privacy, easy scale-up, and low power consumption.


CEA-List: a trusted partner in the cybersecurity ecosystem

CEA-List is a leading figure in the French and European cybersecurity space, as demonstrated by its numerous partnerships with academic research labs, government research and technology organizations, and major industrial companies. The institute contributes its expertise to shape cybersecurity strategy at both a national and a European level, through initiatives like the French government Cybersecurity Grand Challenge and the EU Sparta project.

Government organizations

CEA-List also collaborates with the French National Cybersecurity Agency (ANSSI), the French Ministry for the Armed Forces, and the French Ministry of the Interior. It provides input on two levels: technical (through joint research programs with teams from government labs and testing centers), and strategic (through its involvement in industry-shaping committees and initiatives).


Industrial partners in France and Europe

CEA-List maintains strong ties across the cybersecurity ecosystem—with operators, systems integrators, technology and service providers, software companies, and certification organizations. Its partners come from many different industries, including energy, transportation, telecommunications, and internet services. CEA-List’s scientific, non-profit status, enables its teams to provide fair and trusted expertise even in complex and evolving situations.


Academic partners (Inria, CNRS, IRT, Allistene)

Our academic partners play a crucial role in helping us develop advanced tools and break into global markets where competition is high. For example, Frama-C and Binsec leverage formal methods developed by teams at Inria, and Cingulata’s compilation chain uses cryptographic algorithms developed by the CNRS. CEA-List’s tools are also widely used by research institutes—in particular IRT SystemX and IRT Nanoelec—to produce demonstrators.


Success story

DataBait: protecting personal data on social media

CEA-List’s DataBait app helps social media users understand privacy risks and protect their personal data. It uses multimedia analysis tools to tell users what personal information could be mined from the content they are about to share. The software was developed as part of the EU USEMP project and won a European Commission prize in 2016.


See also


Digital Trust

Today, devices and networks are increasingly interconnected, multiplying the risk of malicious attacks. But AI can help to thwart them, just as it can proactively identify potential vulnerabilities. B...
Read more
Focus areas

Cybersecurity: toward safety and privacy by design

Cybersecurity is at the heart of digital sovereignty, and an essential constituent of modern societies. As a crucial element for peace and security in cyberspace, it is an invisible but key enabler fo...
Read more