On Monday, French President Emmanuel Macron released an international agreement on cyber security principles at the Paris Peace Forum. While the pact was signed by 51 countries, 130 global companies, and 90 charitable groups and universities, the five most notorious countries in cyber warfare refused to sign.
— Brad Smith (@BradSmi) November 12, 2018
The Paris Call for Trust and Security in Cyberspace, as the pact has been called, is a coordinated effort to get countries to agree on a set of international rules for cyberspace.
The agreement – already being called the Digital Geneva Convention – proposes the following measures and steps:
- Prevent and recover from malicious cyber activities that threaten or cause significant, indiscriminate or systemic harm to individuals and critical infrastructure;
- Prevent activity that intentionally and substantially damages the general availability or of the public core of the Internet;
- Strengthen our capacity to prevent malign interference by foreign actors aimed at undermining electoral processes through malicious cyber activities;
- Prevent Information and Communication Technology (ICT) enabled theft of intellectual property, including trade secrets or other confidential information, with the intent of providing competitive advantages to companies or sector;
- Develop ways to prevent the proliferation of malicious ICT and practices intended to cause harm;
- Strengthen the security of digital processes, products and services, throughout their lifecycle and supply chain;
- Support efforts to strengthen an advanced cyber hygiene for all actors;
- Take steps to prevent non-State actors, including the private sector, from hacking-back, for their own purposes or those of other non-State actors;
- Promote the widespread acceptance and implementation of international of responsible behavior as well as confidence-building measures in cyberspace.
However, the usual suspects when it comes to cyber warfare – The US, Russia, China, Iran, and North Korea – have not signed the pact, making us wonder if the agreement makes any sense without these countries showing an intent to maintain peace.
— Lukasz Olejnik (@lukOlejnik) November 12, 2018
To me, it is clearly not a surprise why the aforementioned countries refused to sign the pact, as their strategies in defense and geopolitics have heavily relied on cyber warfare for more than a decade now.
Russia is infamous for interfering with the politics of several nations, using their cyber vulnerabilities to undermine their democratic process, and help the people they like to come to power.
China has an unbeatable track record of stealing any valuable technology blueprint even from some the shadiest of corners of the world.
The Washington Post reported that over the years, China has stolen numerous defense blueprints from the US including those of their F-35 fighter jets, the Black Hawk helicopters, and the Patriot missile system known as PAC-3. And an FBI report in 2013 noted that China had secretly developed an army of 180,000 cyber spies and “warriors” to carry out nearly 90,000 cyber attacks each year against the US defense networks alone.
North Korea too has proven time and again that it makes up in cybercrime what it lacks in diplomacy and democracy. TNW’s Matthew Beedham reported that North Korea hacked computers to mine cryptocurrency as a revenue stream for the country’s government projects.
And David Canellis reported last month that $882 million worth of cryptocurrency was stolen from a total of 14 different attacks on cryptocurrency exchanges since January 2017. Of these ill-gotten gains, the North Korean state-sponsored Lazarus group alone was responsible for stealing $571 million.
And it is no surprise that the US also figures in this group. David E. Sanger of the New York Times noted in his book, The Perfect Weapon, that the Obama administration may have opened the Pandora’s box of cyber warfare when it teamed with Israel to deploy the Stuxnet virus against Iranian nuclear facilities, in 2010. Writing about Olympic Games – the code name for the cyber operation to stop Iran’s synthesis of enriched Uranium – Sanger mentioned in the book:
And if Olympic Games was a sign of where American covert action was headed, were we ready as a nation to open this Pandora’s box? Once opened could it ever be closed again?
The World Economic Forum also reported in 2016 that the US, China, Russia, Israel and the United Kingdom have the most sophisticated cyber warfare capabilities of all countries around the world.
The Paris Call for Trust and Security in Cyberspace neither has any stringent rules for countries to follow, nor penalties for being out of line. It merely represents a declaration of intent among the countries to sign a more robust agreement in the future. But with the hard hitters in cyber warfare refusing even to show any intention of getting on board, does it really merit comparing the pact to the Geneva Convention?