While the CYBER community of armies (CCA) has just integrated new operational units, bringing their number to 22, the cyber doctrine of the French forces enters a consolidation phase.
Structured around three components: the defensive IT fight (LID), the offensive IT fight (Lio) and the Influence Computer struggle (L2I), this doctrinal architecture sketches a response to contemporary digital threats. But its implementation remains constrained, both by operational limits, legal brakes, and a still hesitant strategic culture on certain fronts.
LID: defensive frame remains the operational priority
The first pillar of the doctrine, the defensive computer struggle constitutes the most successful base and covers the classic missions of detection, analysis, neutralization and remediation against the cyber attacks. This function is based on the progressive integration of supervision tools (joint SoC), intervention cells (CSIRT), and on the COMCYBER’s ability to coordinate the technical response at national or NATO.
Since its creation in 2017, the Comcyber has strengthened its network, and with the CCA, established in 2023, a significant step has been taken. The creation of specialized units such as the Cyberdefense Regiment of the Army or the Squadron of Cyberdefense Information Systems (AIR) makes it possible to anchor LID’s capacities within the forces. Their missions range from the protection of on -board weapons systems to securing transmissions in OPEX.
However, this component remains dependent on the complexity of military information systems, the fragmentation of architectures and the persistent lack of skilled human resources (many recruitments are underway for both officers and under officers. You will find more information on engagement on this page). Thus the rise in technical power is real, but unevenly distributed.
Lio: French offensive doctrine masked advances
The offensive IT control remains, in France, a discreet subject, officially integrated into the doctrine since 2019, it designates actions aimed at neutralizing, disturbing or destroying opposing digital capacities. Unlike the LID, it supposes an autonomous, often intrusive, legally sensitive, and political control capacity.
French doctrine remains cautious on this aspect. Unlike the United States (US Cyber Command) or the United Kingdom (National Cyber Force), France has not yet detailed the conditions of employment, the rules of engagement, nor the exact means mobilizable for the Lio. The reason is as much legal as cultural with the absence of a previous public, the sensitivity of the legal framework in peacetime, and the desire not to cross certain conflictuality thresholds.
However, capacities exist the Comcyber has dedicated means, but their use remains limited to strictly supervised contexts. To date, no Lio operation has been officially claimed, and any offensive capacities remain in the silent deterrent.
L2i: Influence, poor or emerging strategic field?
The third pillar, the influence computer struggle, raises broader questions about France’s ability to operate in the cognitive field. Where powers like Russia or China invest massively in the disinformation, manipulation of opinion, or psychological warfare campaigns, France has a doctrinal delay. Long confined to psychological operations in an OPEX context, the influence is struggling to find a form suitable for open digital environments.
The joint environment of the environment on the environment (CIAE) or certain military intelligence units have started to structure capacities in this area. But the border remains vague between legitimate information, active influence and interference. Coordination with intelligence services (DGSE, DRM, DRSD) or with civil ministries (MAE, Culture, Interior) remains incomplete.
In a context where influence operations are intensifying, pro-Russian campaigns in Africa, disinformation on social networks, attacks on elections, the absence of fully assumed L2i doctrine weakens the French posture which is confronted with a double issue that is both technical, but above all political.
The CCA as a catalyst for an integrated model
The widening of the CCA in June 2025, however, shows the desire to move forward. By bringing together 22 units divided into the three armies and Dirisi, the Cyber community of the armies aims to create a coherent, interoperable, reactive network. Its role is mainly unifying with the networking of know-how, the pooling of tools, skills rise, and operational coordination.
The diversity of entities, from the Kieffer commando to the 785th electronic war company, makes it possible to cover the whole spectrum: electronic war, information, special operations, cybersecurity, influence. This modular, territorialized approach is part of a broader effort to modernize forces.
But this community remains dependent on a strong central piloting. The Comcyber can be the engine, provided you benefit from human and budgetary resources to the height of the displayed ambitions.
A clear vision, a constraint execution
France today has a complete doctrinal framework for military cyberfense. The LID / LIO / L2I triptych responds to the diversity of threats, to the complexity of hybrid environments, and to the evolution of conflicts to digital.
But this model remains confronted with several challenges:
- Legal and political brakes on offensive employment.
- A doctrine of influence still stammering.
- Operational capacities during maturation.
- A deficit of specialized human resources.
The extension of the CCA marks a turning point, but the rise in power will be progressive. War in cyberspace will not be won by announcement effect, it requires endurance, strategic clarity, and an ability to align doctrine, means and political will.
