The Paris Call: A Step toward Greater Global Cybersecurity

Late last month, the French government announced that 158 new
supporters had joined the Paris Call for
Trust and Security in Cyberspace (“Paris Call”), bringing the total to more
than 400. NTI
was pleased to have its name added to this list. So what is the Paris Call
and why do we think it’s important?

Announced on November 12, 2018 by French President Emmanuel
Macron, the Paris Call brought together likeminded countries, private-sector
entities, and international and civil society organizations on a consensus
statement related to growing concerns about cyber threats. Signatories agreed
on the importance of a peaceful cyberspace, the relevance of international law
and responsible behavior by governments, and the threat posed by malicious cyber
activities. Although the Call is non-binding, they agreed on a number of key
principles, including the importance of cooperation to prevent and recover from
malicious cyber activities and the need to strengthen international capacity, and
they affirmed their willingness to work together and to promote international
norms of responsible behavior and confidence-building measures in cyberspace. While
64 countries are now signatories, the US, Russia and China are not among them. So
what does all of this mean?

First, it is now recognized that cyber threats pose one of
the greatest threats to security. Cyberattacks are affecting our daily lives,
whether they are in the form of ransomware attacks or criminals stealing credit
card numbers or personal information. Potentially even more disruptive,
however, would be attacks on critical infrastructure such as the electric grid or
even militarily significant attacks that could spark or amplify international conflicts.

Unfortunately, the number of attacks appears to mount daily,
and there’s no end in sight. There are many reasons for this, including:

• Protecting digital systems from cyberattacks is truly
  difficult work. Digital systems are becoming more complex every day, and humans
  are often the weakest link. (Did you really need to click on that link sent by
  your long-lost relative promising you riches?!)
• Providing cyber-secure products is not rewarded
  by the market. The new product that succeeds is usually not the one that’s most
  secure, but rather the first to market or with the most functionality
• Countries are racing to develop their offensive cyber
  capabilities fearing they will be left behind.

So how can the Paris Call help?

First, it reminds us of the benefits of a peaceful
cyberspace and the importance of international humanitarian law and responsible
behavior by governments. Second, it stresses the value of international cooperation
in preventing and recovering from cyberattacks. Most importantly, however, by
combining the voices of more than 60 countries and many non-government
entities, it illustrates the critical importance of collectively addressing
this threat to the global community.

Where do we go from here? There is no simple solution, but governments,
the private sector and global organizations must begin to lay out areas of
agreement that can be built upon. Recognizing the challenges, dialogue is
essential if we are to make progress. This is particularly true for the great
powers including the U.S., Russia and China—they have not yet joined the Paris
Call, but must begin the process of collectively working to reduce cyber risks.

NTI is focused on reducing the risks of weapons of mass
destruction and disruption, including the threat of cyberattacks on nuclear
weapons, nuclear facilities and other key systems. While only a small part of
the cyberspace, the consequences of such attacks could be devastating. In
signing the Paris Call – and through our innovative work to reduce cyberthreats to nuclear infrastructure – NTI is proud to be part of a growing
international effort to reduce the risk of catastrophic cyberattacks.