An important step was taken at the first edition of the Paris Peace Forum in 2018 towards an international cybersecurity effort: The Paris Call of 12 November 2018 for Trust and Security in Cyberspace, a declaration in favor of development of common principles for securing cyberspace.
Session title: Crafting Peace in Cyberspace
Date: 12 November 2018
The cyberspace is a grey zone when it comes to war and peace. Taking advantage of the different interpretations of how international law applies in cyberspace, some stakeholders have ignited digital conflict. Let us join forces and search for ways to promote and sustain trust, security and stability in cyberspace by engaging a variety of actors in a ‘digital peace movement’.
What’s the Problem?
The Future is here. Technology will save humanity. The robots are coming. Cyberwars will be the end of us.
Ultimatums of how there is no more stopping the powerhouse that is the new era of tech and the internet run aplenty. We are now all too familiar with the mixed emotion of fear and wonderment that the new technological revolution evokes. We are living its direct consequences, both positive and negative. If there is one clear fact that has emerged in the transformation that our society is undergoing due to the development of the cyberspace, it is that cybersecurity is now a prevalent social issue.
Not a day goes by without a new cyber attack detected in one or another part of the world. Although the average citizen may feel detached from cyberattacks and what (who) causes them, cybersecurity in fact affects all of us, on a daily basis.
As is the case with all other rules that allow for the functioning of our societies and for the maintenance of social cohesion, the cyberspace needs governance. And just like with trade, transport, or…war, governance needs international dialogue.
An important step was taken at the first edition of the Paris Peace Forum in 2018 towards this international effort: The Paris Call of 12 November 2018 for Trust and Security in Cyberspace. This was a declaration in favor of development of common principles for securing cyberspace, that has already received the backing of 564 official supporters: 67 States, 129 international and civil society organizations, and 358 entities of the private sector.
The Big Picture
During the ‘Crafting Peace in the Cyberspace’ panel of Paris Peace Forum 2018, Microsoft President Brad Smith laid out the gravity of the situation with a simple figure: in 2017, there had been 1 billion victims of cybercrime around the world. If that number in itself does not shock, what Brad further said might:
“[This is not just] machines vs. machines: we depend on the internet for the functioning of hospitals, for the heating of homes.“
– Brad Smith, President of Microsoft
One example of this was the Wannacry attack, of May 2017, which hit Microsoft Windows OS computers in 150 countries, over the course of 24 hours. During the first day, in the UK, one third of hospitals stopped working, and 19 000 people were not able to access healthcare.
Another example is the NotPetya attack, which also took place in 2017 and significantly hit Ukraine, among other things causing automated teller machines to stop working. The bottom line is therefore clear: cyberattacks are able to impact and impede lives on mass scales.
Brad put this into perspective: “Imagine what it means to live in a world where one weapon launched by one country can affect 150 nations in a day”.
Indeed, what makes cyber attacks both so difficult to comprehend and terrifying at the same time, is the unpredictability of where they will land, and how they will end, which brings a whole new dimension and scale to the concept of collateral damage. In the same way that the meaning of ‘war’ and ‘warfare’ was dramatically transformed with the advent of air and naval warfare during WWII, in the same way we are experiencing the shift of paradigm in conflict with cyber warfare. We are thus staring at types of combat unprecedented hitherto.
To put this shift into concrete terms, Fabrizio Hochschild, Assistant Secretary General for Strategic Coordination of the UN, discerns two types of risk that are developing in the cyberspace:
- The manipulation of truth and social behaviour that has come with social media, which “create[s] the conditions that allow for conflict’. Hochschild reminds that “the first victim of conflict is truth, and one could argue that the first victim of social media is also the truth”. While we are not unfamiliar to propaganda, social media has brought the effects of disinformation and malleability of thought much closer to home than ever, making many more of us liable to becoming victims in the cyberspace. This also points out to the fact that cyberattacks go beyond one-off, targeted campaigns that shut down a particular computer system. The very process of gradual thought and behaviour manipulation that happens now freely in social media is a fundamental part of the problem.
- The threat of AI and lethal autonomous weapons (LAWs), which ‘can kill without any human agency’, in Hochschild’s chillingly realistic words. The UN is exercising several efforts to curb the proliferation of LAWs, which are now repeatedly on the agenda of the First Committee. The main caveat to such efforts is their non-binding nature. While norm-setting is the crucial first step, a restraining framework is needed, one that is also able to change and adapt fast enough to match the rate of technological change and of the social transformation that follows as a result.
Hochschild was not hesitant in raising the alarm:
“We need to avoid a Hiroshima moment wake up call, where we suddenly treat this with the urgency it deserves because something catastrophic happened all of a sudden but by then it will already be too late.”
At the End of the Tunnel
This is where the Paris Call steps in, as an initiative of paramount importance at a time of great urgency.
The Paris Call stems from the necessity to make out of the international arena a unified body that works towards ‘digital peace’. This concept, was evoked both by Brad Smith in light of Microsoft’s ‘Digital Peace Campaign’, but also by French Minister of Foreign Affairs Jean-Yves le Drian. To achieve ‘la paix digitale’, Le Drian strongly insisted on the norms of trust and resilience. He called for both the national level and the international levels to strengthen the global system of trust, the security of which is only “as strong as its weakest link”. That means that on a national level, states should prove that they can transparently apply ‘le droit national’ to the cyberspace, and on an international level, entities such as the EU, NATO and the G7 can develop and advance good practices and behavioral norms for the cyberspace. The combination of these two makes for good and sustainable cyberdiplomacy, which includes:
- fighting against the proliferation and export of malicious software
- preventing destabilizing practices such as the hack-back
- placing the safety of democratic practices as top priority on the agenda in cyberdiplomacy
Such principles point out to why the Paris Peace Call is important: not only because of its global scale, but because at the end of the day it is an immense effort to formalize the need to place citizen protection at the forefront. In other words, the Paris Peace Call aims to do for cyberwar, what the Geneva Conventions did for the Second World War.
What is needed to fill the governance gaps?
Three main needs were repeatedly evoked during this discussion on cybersecurity at the First Edition of the Paris Peace Forum: trust, cooperation, multistakeholderism.
The first indicator to validate this approach is the very nature of the Paris Call, manifested in the diversity of its signatories. The second, was the panel itself, who also included Olaf Kolkman, Chief Internet Technology Officer of the Internet Society, and Marina Kaljurand, at the time Chair of the Global Commission on the Stability of Cyberspace. Bringing the much-needed representation of the technical community and the civil society, Kolkman and Kaljurand echoed the need for a multilateral approach to cybersecurity.
“What last century was multilateralism, is this century’s multistakeholderism”, Olaf stated, explaining that the creation of a safe and secure cyberspace needed the cooperation not only of national and supranational entities. It required the community of tech experts and professionals to be on board as well, reminding us that the online sphere is not an abstract organ in the ether. It is made possible by the work of “60,000 networks connecting to each other to make the Internet the Internet” and that the effort to make it safe is only secured through “technical standardization, and not collaboration but cooperation”.
Marina Kaljurand was also not hesitant to point out that part of the challenge in achieving the proper amount and form of cooperation came because of how governments themselves operate: “Governments so far are not used to cooperating with non-governmental bodies…and I say this as a former minister.”
That is precisely why the presence of the civil society is paramount in this endeavor, to encourage an apolitical, bottom-up stimulation that will keep reminding tech giants, governments and international organizations to whom they owe their commitment.
“You can’t import or export trust from above and make it compulsory”, Marina put in simple terms.
Beyond that, a strong and motivated community of non-state stakeholders is needed also because it can provide the nimbleness and speed of action that governments cannot guarantee, due to the time it takes to transform state bureaucracy, without forgetting geopolitical deadlocks.
The bottom line
If the Geneva Conventions united
countries against war, the Paris Call is doing more than just translating that
norm to the cyberspace. It is gathering all
stakeholders, state and non-state, private and public, to truly make everyone
play their part.
Fabrizio Hochschild reworked the matter into a ‘simple’ formula: Civil society pressure + tech industry leadership + leadership of some states = we can truly be hopeful despite prevailing distrust.
Last year, the Paris Call was indeed celebrated, but it was clear that sleeves needed to be rolled up and action needed to be taken. As Olaf put it, “it is a wicked problem, we don’t have much time to discuss.”
That is why moving forward, the Paris Peace Forum will again insist on keeping the Paris Call and cybersecurity on the agenda. The more various stakeholders are encouraged to sit at the table to find common solutions, the more we can ensure that the Call will live up to its promise. The Paris Peace Forum is committed to being that driver.
Watch the full session
The Forum thanks panel participants: Fabrizio HOCHSCHILD, United Nations Assistant Secretary General for Strategic Coordination, Marina KALJURAND, Chair, Global Commission on the Stability of Cyberspace, Olaf KOLKMAN, Chief Internet Technology Officer, The Internet Society, Jean-Yves LE DRIAN, French Minister of Foreign Affairs, Brad SMITH, President, Microsoft
The panel was moderated by: Manuel LAFONT RAPNOUIL, Senior Fellow, European Council on Foreign Relations
This is a publication of the Paris Peace Forum reflecting the debates at the Forum’s inaugural session in November 2018. It does not necessarily represent the conclusions of each individual participant.
|About the Paris Peace Forum|
The Paris Peace Forum is an annual event aiming to push forward new approaches and solutions to address the global challenges of our time. All actors of global governance are invited to join the Paris Peace Forum 11-13 November in Paris, France.