The French President Emmanuel Macron took a leadership stance on Monday when he spoke about the new international agreement setting the stage for a set cybersecurity principles. The original signatories included more than 50 nations, 130 private sector groups and 90 charitable groups and universities, but not the United States. Should we be worried the United States did not sign-on?
How Dangerous is the Internet
The idea of the world coming together and mitigating the cybercrime explosition is important. Cyberspace, and particularly the Internet, has become as dangerous as the wild, wild, west over one hundred and fifty years ago. People take what they want, and, in many cases, users have nowhere to turn when attacked. The dark web is expanding quickly and the return on investment is growing for would be cyber-criminals. The threat of punishment is low. Elections around the world are being digitally assaulted and the Internet is used as a portal to influence people towards acts that aren’t good for society.
So, the idea of nations, companies and corporations coming together to unite on cybersecurity principles is incredibly important. The seams and lack of agreement across policy, information sharing, and data management favors the hacker. We lack the leadership to minimize the attacks launched from the Internet. This means the demons hiding in the Internet might eventually work together to successfully overcome the defenses we have been able to muster thus far.
The basic functions of the Internet are widely known, but most people who use it are blind to the global danger. It simply was not built for security. The unstructured part called the he Deep Web compromises 95% of the Internet. It is the stuff not labeled by Google and other entities who provide IP addresses, so you easily reach websites. The Dark Web is a small area on the deep web. It is known to harbor criminal activity and support communications between them. Deals are done daily on the Dark web and for the most part, criminals feel safe to carryout criminal activities there.
Trust and Security in Cyberspace is A Step Forward
You must walk before you can run. The Paris agreement is the decision to lean forward. It is a positive initiative to move towards ending “malicious cyber activities in peacetime.” Among other things, the agreement looks to establish international standards for all parties involved, including practicing good cyber hygiene and disclosing technical vulnerabilities. What could be the issue with establishing standards by which it would become clear “who was below standard.”
A united front against cybercrime is required as cybersecurity is no longer solely a government issue. They have enough issues trying to protect Government assets, systems and networks. The burden falls on all groups to safeguard important, and sometimes vulnerable, digital assets.
What is the issue with the agreement
In theory, the agreement is great. Except, it would be incredibly difficult to enforce any one set of laws or principles on multiple countries. The document serves more as a guide and is a reminder for the need of diplomacy and global teamwork in cybersecurity. Technicalities also come into play, such as a data sharing and the rules surrounding it. There is also a call for nations to minimize companies hacking back at hackers.
Other people have serious issues with this accord because it does not have teeth. This would matter to me if some teeth were growing elsewhere as a part of other efforts, but they are not. In the old days, the U.S. would have taken leadership in the effort. Today, we are a non-participant in the global cybersecurity arena and appear to be waiting for others to take the reins and guide us home.
The Paris Call for Trust and Security in Cyberspace reminds us that offline human rights are applicable online and that the international human rights law is a standard in cyberspace, too. The document continues to outline 9 prominent points that it hopes signatories will act on:
- Prevent and recover from malicious cyber activities that threaten or cause significant, indiscriminate or systemic harm to individuals and critical infrastructure;
- Prevent activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet;
- Strengthen our capacity to prevent malign interference by foreign actors aimed at undermining electoral processes through malicious cyber activities;
- Prevent ICT-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sector;
- Develop ways to prevent the proliferation of malicious ICT tools and practices intended to cause harm;
- Strengthen the security of digital processes, products and services, throughout their lifecycle and supply chain;
- Support efforts to strengthen an advanced cyber hygiene for all actors;
- Take steps to prevent non-State actors, including the private sector, from hacking back, for their own purposes or those of other non-State actors ;
- Promote the widespread acceptance and implementation of international norms of responsible behavior as well as confidence-building measures in cyberspace.
Who Else Has an Issue
Some restrictive regimes did not sign onto the agreement. We can clearly understand why China, North Korea, Russia, and Iran would not be interested in a free and secure cyberspace. I am sure the U.S. does not want to be included in a list such as this one. Dictators rule those countries, and each has had accusations of nation-state hacking and meddling in the elections of other countries.
Giant companies like Microsoft, Twitter, and Facebook have signed the agreement. They believe that it is no longer solely the responsibility of the government to ensure the safety of citizens in cyberspace. If this is a business rouse, God bless the companies because we still benefit from their efforts. Any opportunity the world has to motivate cybersecurity cooperation on cybersecurity concerns such as elections, identity fraud, and critical infrastructure should be taken. Private sector companies admit that it is in their own best interest to secure their cybersecurity platforms and endorse good cyber hygiene. They know participation of the user is paramount and it is their jobs to inspire that participation.
Though the Paris Call for Trust and Security in Cyberspace does not fully iron out all the security kinks, it has leadership written all over it. This is the missing link to cyberspace reformation. Failing to support efforts that enlist the private sector and universities sends the wrong message. The pact highlights important security concerns that should be addressed globally and gives us hope in achieving a safer and sounder cyberspace. Maybe we don’t fully agree with it, but changes are best actuated from the inside. It is an uphill battle trying to influence the world sitting outside and looking in.