How we can ensure the security of cyberspace

This article was originally published in the Spring 2019 issue of The Record. Subscribe for FREE here to get the next issue delivered directly to your inbox. 

Digitisation has made the internet central to almost every aspect of our lives – and has fundamentally transformed the way we work and play.  However, the growing threat of cyberattackers is hard to ignore. They choose to abuse the anonymity granted by the internet, its accessibility and the instant interactions that many of us use for good. This abuse of power has the potential to drastically affect critical governmental infrastructures, the daily functioning of public services and the rights of citizens. 

According to Henri Verdier, the French Ambassador for Digital Affairs, the public sector is experiencing increasing pressures to ensure that its technology infrastructures are working to deliver safe and secure environments for citizens as a result. “Although the digital age has brought new economic opportunities and major social transformations, cyberattacks are threatening critical infrastructures with increasing frequency and sophistication,” he said. “The digital space is a place of conflict and governments must consider its relentless evolution in order to implement measures that maintain a sufficient level of safety and security.” 

There are two major challenges that governments face regarding cybersecurity. “Firstly, cyberspace is the meeting place for a wide range of actors, of different nature and from different backgrounds,” said Verdier. “Goverments bear a key role in ensuring safety and security, however it is necessary to involve other stakeholders, since private actors for instance have specific responsibilities.”   

The second challenge is that the ‘rules’ or ‘norms’ pertaining to the way users of cyberspace behave are not set in stone and as such are not always recognised or respected. It is therefore necessary to promote the existing rules and ensure their implementation. 

“These challenges are part of the reason why President Macron launched The Paris Call on 12 November 2018,” said Verdier. “States cannot necessarily ensure the security of the digital space alone and therefore private actors, the academic world and non-governmental organisations also have a crucial role to play.”

The Paris Call for Trust and Security in Cyberspace is an initiative federating governments, businesses and the civil society, in order to increase trust, security and stability in cyberspace by promoting common principles. 

“The Call, which is now backed by more than 500 supporters, including 65 states, 344 private sector entities and 138 international and civil society organisations, filled a gap by uniting many bodies,” said Verdier. “It aims to enable greater safety and security by ensuring that its supporters promote certain principles, such as respecting international law and human rights in cyberspace and strengthening the security of digital products and services. Through this initiative, supporters commit to reinforce cooperation in order to increase the general ability to prevent the most significant attacks.”

“Online everybody is connected to one another and responsible for their own actions,” said Verdier. “The Paris Call was a wake-up call in this regard as no one has ever tried to federate the full variety of concerned stakeholders and hold each accountable. It constitutes an original form of global governance, which allows all stakeholders to participate in the discussion around cybersecurity.”

Not only is this initiative aimed at increasing security and safety for all, it also intends to benefit its supporting organisations by giving them more visibility and legitimacy to further progress in global cyber-related work. 

The Paris Call is now entering its operational stage and is working on implementing these principles. Alongside its member organisations, The Call is promoting these messages. This phase is also important in encouraging more organisations to join the community. “The motivation behind this is that the greater the number of entities that share this basis of understanding, the greater impact our actions will have in cyberspace,” said Verdier.

Microsoft is among The Call’s supporters. “Private organisations have an important responsibility in the digital world due to their widespread presence and the many services they provide,” said Verdier. “Large firms like Microsoft are an essential component of the Paris Call and are directly concerned by many topics that it addresses, such as the private sector’s responsibilities to strengthen the security of digital products and services throughout their supply chain and lifecycle.” 

Microsoft and its partners which are members of the Cybersecurity Tech Accord have a crucial role to play in promoting and implementing the initiative’s recommendations and creating proposals on how to effectively take them forward. 

However, with digitisation becoming ever-more prevalent, cybersecurity issues are not likely to fade away any time soon. “Cybersecurity issues will become even more important in the years to come,” concludes Verdier. “In an increasingly digital age, governments must prioritise addressing these issues head-on, through a whole-of-government approach that collaborates closely with the relevant stakeholders. I’m sure governments will continue to increase their cyber-related budgets and refine their doctrines to encompass all aspects of this issue.”