Catalyst for economic, social and political development, cyberspace has also become an area of conflict in which states and private actors operate, sometimes violently, to advance their interests. Recent attacks on France and some of its major partners have reminded us just how much the fight against cyber threats is a legitimate priority for the Government; the Ministry of Foreign Affairs and International Development.
Like other conflicts, attacks that take place in cyberspace should not be able to escape an international legal system. It is in this regard that since 2004 a group of states (15 initially, 20 after 2014), chosen by the United Nations for their expertise and geographic representation, have met yearly to define recommendations to strengthen the international security of cyberspace. France is an active member of the Group of Governmental Experts (GGE). I have the honor, as ambassador of cybersecurity at the Department of Foreign Affairs and International Development, to represent France at this annual meeting.
The international regulation effort is now led by a dual approach, as indicated by the conclusions from the 2014-2015 GGE session this past June 2015: 1/ first detail how the existing international law can apply to cyberspace; 2/ outline, in the form of a non-binding political commitment for states, new standards of behavior in cyberspace; acting as a road map in accordance with international law. France is proud of these conclusions:
1/ Having made advances in 2013, with the general recognition of an international law applicable to cyberspace, the group clarified its position in 2015 prohibiting the use of force and encouraging peaceful settlement of disputes and acknowledging the law of armed conflicts: ad bellum (self-defense) and jus in bello (the main principles of international humanitarian law). France is committed to applying pre-existing international regulations to cyberspace, notably regulations regarding armed conflict. While there may be some challenges in applying laws (characterization of armed aggression, distinguishing types of attacks), they are not specific to cyberspace and will not throw off the balance of those established in 1945 under the United Nations Charter. Because the UN is guarantor of peace and international security, this balance between prohibiting the use of force and encouraging peaceful settlement must be preserved at all costs. In this sense, the new report represents a victory for the supporters of a cyberspace law notwithstanding the existing principles, which call into question the international system designed 70 years ago.
2/Aware of the need to specify a number of rules in relation to the new security challenges of cyberspace, the group’s members are called upon to formulate, in accordance with international law, a set of good conduct principles for the states in cyberspace. Particularly active in negotiations, France has been able to promote, in hopes of preventing conflict, principles relating to the protection of critical infrastructure with regards to the cooperation needed when dealing with incidents affecting infrastructure. A general ban on cyber attacks by one state against the critical infrastructure of another during peacetime has been retained. The issue of “proliferation” tools used with malicious intent in cyberspace has also been at the heart of discussions, which lead to the formulation of good conduct principles amongst states (responsible communications vulnerabilities, limiting the use of “hidden features” for malicious purposes).
While most of these advances are unfeasible for the time being – their wording is still ambiguous or incomplete and implementation relies on the good will of the states – they nevertheless overcome the current climate of mistrust and difference in cyberspace policy, and they lay the foundations of an international security system. These regulations also show that diplomacy has a crucial role to play in drawing boundaries between what is acceptable and not in cyberspace, and in laying down the rules aimed to maintain peace and international security.
- EncroChat: Deciphering of the End-to-End Encryption Service Used by Criminals Cybercrime
- Preserving Digital Footprints and Cyber Resilience: Training the Swiss Police Cybercrime
- Ransomware in Six Questions (by the Ministerial Delegation to the Security Industries and the Fight Against Cyberthreats, French Ministry of the Interior) Cybercrime