Gender diversity in ICT as a topic of research – Chantal Morley, Télécom École de Management

Chantal Morley, a Researcher at Télécom École de Management, works on the social construction of the masculinity of Information and Communication Technologies (ICT). Various empirical studies analyzed using a structurationist framework have allowed her to understand how stereotypes linking gender and technology are maintained or broken down through interactions, often spoken, on a daily basis. The notion of social inclusion led her to propose a framework for considering the inclusion of women in the professional world of IT as a change of culture and practices.

For Chantal Morley, the small number of women in ICT professions is a managerial and societal concern. Women take little part in the design of products and processes linked to ICT, which nevertheless shape the world we live in. These technologies are a major source of innovation and development, but women profit little from the fact. They also offer a potential for growth that is not being explored (European Commission 2013). Businesses that have implemented diversity policies struggle to recruit women in these technical professions (AFMD & CIGREF 2013) despite the fact that girls’ results, both in the scientific Baccalaureate and preparatory classes, demonstrate the existence of a pool of competent young women (French Ministry of Education, Higher Education and Research 2015).

Explaining the phenomenon

Chantal Morley believes that the small proportion of women in the field of ICT is not unrelated to instances of discrimination. A gender stereotype continues to prevail which notably upholds the belief of less talent and/or lower professional value among women in ICT professions compared with men, a form of the “differential valence of the sexes”, according to the expression by Anthropologist Françoise Héritier.

The continued existence of a stereotype that devalues women with regards to technology is a source of discrimination (fewer opportunities to advance professionally, difficulty entering informal networks, low tolerance of leadership behavior etc.). In seeking to understand how this stereotype can continue to exist in spheres which are subject to a gender equality regime (equality of pathways, diplomas, competitive exams etc.), Chantal Morley has shown that it slips subtly into daily interactions, usually without the people involved or those targeted noticing. Although barely noticeable, the inclusion of this behavior in practices helps maintain the idea that technical skills are part of a male identity. Chantal Morley has proposed a typology of gender typification behavior which provides a tool for identifying elements of discourse and micro-actions, often hard to spot, which reinforce or undermine the gender stereotype.

A change of culture is needed

People often think that adjusting the gender balance in digital technology will transform the image of technology, modify cultural practices and remove all obstacles facing women. However, the Researcher has highlighted that the gender stereotype is reinforced by both sexes. This observation, alongside an understanding of gender as a rational concept, led her to reflect on programs to encourage women to enter the field of technology. While they all target women, they all contribute to maintaining gender stereotypes.

Using reflections, research and practices in the social field, which highlighted the changes brought about by a switch from an approach in terms of exclusion to an approach based on the notion of inclusion, Chantal Morley has transposed this approach to analyze how ICT professions could cease to be the strongholds of a culture that maintains the “gendering” of digital technologies, according to the expression by Chabaud-Rychter & Gardey (2002). She has proposed a framework in which the inclusion of women in the professional world of ICT can be considered through the individual and collective capacity to act. This framework was used during a period of study leave at the University of Geneva to establish a diagnosis in several schools specializing in ICT in French-speaking Switzerland, and to establish guidelines for greater gender diversity.

Recognition on a national level

Chantal Morley leads the Gender@Telecom teaching and research group which works on the social construction of gender representations and associated stereotypes. As a result of the group’s work, Télécom Sud Paris was awarded the Ingénieuses prize by the CDEFI (Conference of Deans of French Schools of Engineering) in 2016. This prize is in recognition of the online course titled “Féminin-masculin dans le monde du numérique : voyages et découvertes” and the educational measures for diversity first implemented in 2009. In November 2016, the course also won the “Coup de Cœur” (judges’ favorite) from the panel of judges for the Responsible Campus trophies.

Supported by Fondation Mines-Télécom, Gender@Telecom is looking for patrons in order to turn its SPOC into a MOOC (Massive Online Open Course) to be able to reach a wider audience.

Unveiling the history of women in ICT

To spread this culture of diversity across the Télécom SudParis and Télécom École de Management campuses, Chantal Morley and the Gender@Telecom group have added to the offering of classes on gender and diversity with an online course called “Féminin-Masculin dans le monde du numérique : voyages et découvertes” (see inset). This SPOC (Small Private Online Course), launched at the start of 2016, is composed of three sections: the first sheds light on the little-known place of women in the history of ICT in the USA and Europe; the second section leads to reflections on the gender of a profession through the discovery of parity in ICT professions in countries such as Malaysia; the third section focusses on current stereotypes in the fields of ICT in order to learn how to recognize and break them down (How do they function? What are the effects? How are they developing today?) An in-depth analysis of the course revealed its contribution to the breaking-down of stereotypes and the empowerment of women with regards professions in digital technology.

From Management Information Systems to gender sociology

Chantal Morley is a Professor at Télécom École de Management. She holds a PhD in management science from HEC, an Accreditation to Lead Research (HDR) from IAE Montpellier-II, and a Masters in Gender Sociology from the EHESS (School of Higher Education in Social Sciences).

She began her career in the information systems consultancy sector. After writing a thesis on design methods, she entered the world of higher education and research with the creation of the Information Systems Department (DSI) at Télécom École de Management.

She is the author of a reference work on managing information systems projects, and has co-written several works on management information systems, as well as a book on women in the workplace. She is a member of the editorial committee of the Systèmes d’Information et Management review. Over the past decade her research has mainly focused on the relationship between gender and IT.

Computer hacking and sensitive data theft is increasing. Companies are now highly connected and must adapt their security policy to strengthen the protection of their information assets. Hervé Debar, a researcher at Télécom SudParis and expert in cybersecurity, studies the different types of cyber attacks in order to optimize their detection.

The era when IT students developed viruses and then enjoyed their “success” based on the number of computers infected across the world is long gone… Today, the lure of money is the primary motivation for hackers and internet fraudsters and their targets include companies in the French CAC40 and Organizations of Vital Importance (OIV), i.e. those operating in sectors of vital national importance (transport, energy, telecoms etc.) SMEs and SMIs are also concerned by the rise in cyber attacks. They work as subcontractors for client institutions and are therefore targeted by hackers who want to obtain confidential files (R&D program, list of suppliers etc.) or directly infect the main client’s Information System (IS).

Highly connected companies

Two factors explain this evolution. The first is the increase in digital data managed and exchanged by companies. Information is at the core of their business activities. Secondly, organizations have become highly connected with fixed and mobile devices, peripheral devices (printers, cameras etc.) connected to networks, sensors in production lines, automated systems and the Internet of Things (IoT). “The result is that the economic value of connection is greater than the economic value of protection. We must therefore do the best we can to isolate what has to be isolated but still allow companies to benefit from a certain level of connectivity” Hervé Debar stresses.

In terms of computer safety, companies have to manage different problems including “the acceptability of security by users. If the recommended solutions are too complicated, they won’t use them and will find a way to get around them. Security must support use, not hinder it”, the expert from Télécom SudParis explains.

Complex regulations

To face up to this challenge, companies must be able to manage two major limitations. The first concerns the technical aspect. Services such as BYOD (Bring Your Own Device) or corporate Appstores (portals allowing employees to download selected applications to improve productivity) are being rolled out at a quicker rate than security measures.

The second limitation concerns the human dimension. Regulations on digital technology are very complicated, especially due to the Law on Military Programming and obligations imposed by the CNIL (French National Commission on Data Protection and Civil Liberties), and will become even more so in May 2018 with the introduction of the new European regulations on data protection. All companies will have to report personal data violation, in contrast to the law of 1978 currently in force which only concerns suppliers of communications services.

These legal constraints require companies to bring in experts who are able to administrate and roll-out IT security measures on a daily basis and inform staff members through training.

Attacks by computer zombies

DDoS (Distributed Denial of Service) attacks are a company’s worst nightmare. They use a network of thousands of computers or connected devices (often compromised) to interrupt the targeted service or services. There was a major attack of this kind in France between 18 and 21 September 2016, when the servers of OVH, a French web host, were inundated with millions of requests peaking at as high as one terabit per second. A squadron of around 150,000 IP cameras (or botnets) infected by cyber criminals were behind the attack. Hervé Debar has been studying this type of attack for a number of years along with 6cure – a Normandy-based start-up specializing in traffic cleansing – and in the framework of the NECOMA research project (Nippon-European Cyberdefense-Oriented Multilayer threat Analysis), one of the six FP7 projects financed by the European Commission under the Europe and Japan coordinated call. His team’s work consists in studying the possibilities offered by the mechanisms and functions of the network itself in detecting large-scale DDoS attacks which could saturate a single local defense system. The idea is to identify the attacking flow according to its provenance or technical characteristics in order to differentiate it from the legitimate flow, with the aim of restraining bad traffic to leave more room for “good” traffic

Detecting cyber attacks

It is crucial to detect these attacks as early as possible in order to combat them. Identifying cyber attacks is one of IMT’s principal research topics. “We mainly work on the detection of and protection against distributed denial of service attacks (see insert) and those which more closely target environments on the network side”, explains Hervé Debar. The process has seen several developments since the first work carried out at the start of the 1980s by the American military. It was initially limited to rolling out a few probes. The few alerts raised were dealt with “manually”. Then the number of sensors increased and alerts became more frequent. To manage them efficiently, companies implemented SIEMs (Security Information and Event Management).

“Today, we need to automate part of the reaction so that operators can concentrate on the attacks that are more difficult to deal with. We are heading toward more autonomous and more reactive systems which can protect themselves against attacks. But it remains a complicated matter. Artificial intelligence (my PhD subject) is one possible way to improve our response to a certain number of threats”, explains Hervé Debar. The other option is training staff members to react better to attacks. We talk of “cyber range” which allows a realistic simulation of cyber attacks and the evaluation of cyberdefense tactics. These centers are designed to help OIV operators in particular make the right decisions in response to the impact.

The professionalization of cybercriminals and the increase in vulnerability, which concerns both IT networks and industry, require greater awareness among all actors, both public and private.

A very involved practitioner

Hervé Debar is not a theorist, but a keenly involved expert with 25 years of experience in the world of Hervé Debar - cybersecuritycybersecurity and R&D. His work includes more than 100 scientific articles on the subject, the coordination of three European projects (WOMBAT, NECOMA and PANOPTESEC) and participation in a number of French and European programs on the subject. His long career in the private sector partially accounts for this considerable activity. An engineer by training, he obtained his PhD before joining Dassault AT (Automation and Telecoms) to work on European research projects. He then left for Switzerland to join IBM where he developed the IDMEF standard and a product called Tivoli Risk Manager, one of the first security information and event management products on the market. Upon returning to France, he joined Orange Labs in Caen and became an emeritus expert and leader of research activities on security. He then brought his considerable experience in the private sector to Télécom SudParis, where he has been in charge of the “Networks and Security” department since 2009.