Energy resilience is the next cyber challenge, says INCERT CEO Benoît Poletti. He warns of rising energy risks from AI, big data, and e-mobility — exacerbating ESG and digital supply chain issues.
Benoît Poletti, what are the concrete missions of the INCERT?
I was asked to lead this brand-new structure when the economic interest group (EIG) was established in 2012. My mission was to secure some of the State’s critical infrastructures and develop sovereign digital solutions. INCERT’s initial missions focused on supporting Luxembourg’s public services, including the issuance and verification of electronic passports and ID cards, the development of an eWallet and associated services, the digitalisation of health processes, and the traceability of tobacco products.
How have these missions evolved?
Since then, our expertise has grown in the areas of digital identity for individuals and objects, cryptography (including public key infrastructure, key management systems, and pseudonymisation), as well as cybersecurity and darknet technologies.
Our objective is to remain a centre of excellence in identity management, cryptography, and cybersecurity. 2017 was pivotal for the agency, with the implementation of the IT environment supporting tobacco product traceability – under the European regulation “Track & Trace”. We became the national issuer of credentials for tobacco products on behalf of Belgium and Luxembourg (around 700 million credentials generated per year), ensuring the traceability of each packet of tobacco produced or sold in Belux. The COVID-19 period was also a turning point, during which we were tasked with setting up the infrastructure for generating CovidCheck certificates.
Today, we serve various ministries with tailored solutions and follow a virtuous model that allows us to resell these solutions internationally. In the beginning, we were just two people with no equipment. Today, we are around 40. This experience has been a significant challenge and has allowed me to dedicate myself more concretely to handling complex and sensitive projects.
How do you think cybersecurity has evolved in that time?
I have witnessed the evolution of terminology. Initially, we spoke of “IT security,” then “information security,” and now it is “cybersecurity.” Today’s challenges go far beyond technical matters: they touch on disinformation, digital sovereignty, and data sovereignty. Digitalisation and cybersecurity challenges have grown exponentially, especially with increasing competition between countries at both the European and international levels.
How do you tackle these issues?
It is essential to combine strategic vision with technical expertise. At INCERT, we remain deeply involved in core issues, particularly in identity management and cryptography. We actively participate in international working groups and conferences in those domains. We stay alert and follow numerous initiatives, especially those led by the GAFA companies. Ultimately, it’s our curiosity that drives us — observing how other countries, international organisations and manufacturers are preparing for future challenges within these domains.
What are the next cyber challenges you foresee?
The next challenges involve energy management and resilience, as well as the ESG impact of digital technologies. Today, we speak of big data. The data generated daily must be stored and processed by servers and solutions, which consume increasing amounts of energy. This is compounded by the growing use of electric vehicles, which place additional pressure on electricity infrastructures and grids.
“We Europeans must consider the risks linked to our entire supply chain, as we rely heavily on foreign suppliers for much of the equipment and services we use”
Add to that the rapid adoption of generative AI — which has gained strong momentum and broad public support — and the result is an exponential rise in energy consumption. The energy sustainability of digital technologies has become a strategic issue. Indeed, this increased reliance on energy-intensive technologies will likely intensify our ESG and energy challenges and could lead to disruptions in our energy supply, as we may struggle to produce enough electricity to meet demand.
The same concerns apply to data sovereignty. We Europeans must consider the risks linked to our entire supply chain, as we rely heavily on foreign suppliers for much of the equipment and services we use.
How do you approach this problem?
At our level, as an EIG specialising in identity and cryptography management, we have limited influence over energy management. However, we discuss these issues and are concerned about them within the ICT community, especially since they are being addressed at State level.
What is your assessment after 12 years at the head of the agency?
The structure is robust, agile, internationally recognised, and supported by a committed team. My hope is that INCERT will outlast me while maintaining its spirit of excellence and public services support. I believe the trust placed in me to establish this agency was concrete and significant. When we began, there was nothing. I quickly pushed for us to implement well-established processes. Within a year, we achieved ISO/IEC 27001 certification, as I felt having a solid foundation and clear structure was extremely important.
The success is therefore collective — we would not have achieved these results without the commitment of the entire team. On a personal level, a career is never linear, which is what makes it so rewarding. I’ve built mine by faithfully serving the projects entrusted to me, navigating ambiguity, and developing methodologies to see things through despite complexity. My greatest pride is knowing that the agency will continue in the same spirit after my departure.
As CEO today, do you still have the opportunity to be hands on?
Yes, particularly on topics related to cryptography. What I miss the most, however, is the standardisation work, where I had the opportunity to meet experts and contribute to fascinating topics. To me, standardisation is a crucial — though often underappreciated — discipline that fosters collaboration among international experts and leads to consensus on best practices.
I was a co-editor of ISO standards, an experience that led me to question my vision, develop my knowledge (identity management and cryptography), find consensus, build resilience, and gain a broader skill set. This has given me a valuable perspective — something I believe is essential for any leader.
This article was published in the 7th edition of Forbes Luxembourg.
Read more articles:
Luxembourg’s Banks Take The Lead In Europe’s New Era Of Secure Payments
