The U.S. government declined to sign a global declaration on cybersecurity crafted by French President Emmanuel Macron. Some strategic thinkers quickly downplayed the significance of the “Paris Call for Trust and Security in Cyberspace” despite the document gaining support from some U.S. industry players.
At the same time, a completely separate initiative on international cyber norms, crafted by cybersecurity leaders with impressive resumes, produced a set of principles that may provide fodder for meaningful discussions among democratic governments throughout the world.
“The Paris thing was a lot of hot air, so not signing it was a nice gesture,” said James Lewis of the Center for Strategic and International Studies.
Fifty-four countries — excluding the United States, Australia and Israel — recently signed Macron’s initiative and dozens of companies signed a related Cybersecurity Tech Accord and “Charter of Trust.”
At first, the U.S. offered no public explanation for refusing to sign, but later a State Department spokesperson emailed to say, “Although the United States supports the objectives of the Paris Call, we had reservations with certain elements of the text itself. We understand that a number of governments and other stakeholders have endorsed the document. We welcome their engagement in the discussions on these issues at the Internet Governance Forum and in various other fora going forward.”
The spokesperson added, “The United States strongly supports efforts to promote greater stability in cyberspace. Our recently released National Cyber Strategy affirms that the United States promotes ‘a framework of responsible state behavior’ built on international law and adherence to voluntary, non-binding norms of state behavior that apply during peacetime, which is consistent with the Paris Call.”
Some prominent observers noted that shunning the document fits the Trump administration’s attitude toward multilateralism, even as they suggested little will come from the initiative.
Toomas Hendrik Ilves, the former president of Estonia and currently a visiting fellow at the Hoover Institute at Stanford, is a leader in efforts to rally democratic nations behind a common cyber strategy. He said of the Macron initiative, “No idea what the reasoning here is, but the U.S. has been avoiding multilateral solutions in the past two years.” He said the initiative is a step in the right direction, but cautioned, “I fear there is too great a chasm between authoritarian and liberal democratic countries even on what should be under discussion for something like this to work. I would go for just liberal democracies that respect freedom of speech.”
An organization with the potential for greater impact is the Global Center for Stability in Cyberspace. With leaders from 16 different countries including Michael Chertoff and former State Department cyber coordinator under President Obama, Christopher Painter, the GCSC’s mission is to enhance international peace, security and stability by developing norms and policy proposals to guide responsible state and non-state behavior in cyberspace.
The six norms, finalized at a September meeting in Singapore include, “Norm to Avoid Tampering; Norm Against Commandeering of ICT Devices into Botnets; Norm for States to Create a Vulnerability Equities Process; Norm to Reduce and Mitigate Significant Vulnerabilities; Norm on Basic Cyber Hygienee as Foundational Defense; [and] Norm Against Offensive Cyber Operations by Non-State Actors.”
According to the GCSC, “The norms were developed with the express purpose of being adopted by public and private sector actors towards an architecture to improve international security and stability in cyberspace.”
Painter said, “I think it is significant as a multistakeholder effort that helps supplement the work that governments have done … Many of these can be very helpful especially if embraced by at least some governments.”
Meanwhile, the U.S. business community weighed in with support for the Macron initiative. A long list of tech companies and manufacturers have signed on.
U.S. Chamber of Commerce executive vice president Neil Bradley said in a statement: “The Paris Call makes the compelling argument for global dialogue to enhance the trust, security, and stability of cyberspace. The Chamber supports the important goals of the campaign and is committed to working with all signatory governments and other stakeholders to combat malicious cyber activity that harms individuals, targets critical infrastructure, undermines democracy, and threatens peace among nations.”
World Economic Forum issued a statement of support from Troels Oerting, head of the Centre for Cybersecurity: “We’re facing a new wave of globalization that is driven by technological advances of unprecedented scale and speed. While we welcome the opportunities arising from this transformation, cyber criminals welcome them, too. I’m convinced that organizations that hope to fend off these new threats on their own will pay a high price. Only through global cooperation can we hope to win the day. That’s why the Forum has chosen to support the Paris Call.”
Leo Simonovich, the vice president and global head of industrial cyber and digital security at Siemens helped spearhead the voluntary “Charter of Trust Initiative,” that’s already been adopted by a number of firms in the global manufacturing, tech, telecom industries.
But he also called for binding commitments in trade agreements in order to fully implement international cyber standards and a “regulatory framework” around cybersecurity.
“Security has to be more than a seatbelt or airbag in the digital world,” Simonovich said.
