'The Need for Norms Is a Shared Need' - Cybersecurity Expert

France and US technology giants have called for world governments and companies to sign up to a new initiative to regulate the Internet. A declaration entitled "Paris call for trust and security in cyberspace" urges governments to beef up protections against cyber meddling in elections, censorship, hate speech and the theft of trade secrets.
Sputnik

Sputnik discussed the initiative to regulate the internet with Pierluigi Paganini, Chief Technology Officer at CSE and member of the ENISA Threat Landscape Stakeholder Group.

Sputnik: Some 50 countries have reportedly signed up for the initiative to regulate the Internet; in your view, what would this regulation entail?

Pierluigi Paganini: I can tell you that we urgently need norms of state behaviour in cyber space. We urgently need a so-called code of good conduct. So this is a global talk on cyber security in cyber space called by the French government is welcome.

Facebook Weighing Ban on Hacked Info - Cyber Head

The risk of escalation and retaliation in cyber space, an increasing number of cyber-attacks could have a destabilizing effect on international peace and security. The risk of conflicts between states caused by cyber incidents, cyber espionage activities encourage states to define a shared framework of norms of confidence-building behaviour and the use of cyberspace.

READ MORE: French Minister Calls for 'Innovative Response' to Cybersecurity Challenges

I'm one of the authors of the G7 Declaration on Responsible States' Behavior in Cyberspace. It was signed during the Italy G7 meeting last year. I had the honour to be a member of the group that worked on the proposal for voluntary, non-binding norms of state behaviour during peacetime. We presented 12 points aimed at proposing stability and security in cyberspace. I belive that this declaration is one of the best starting points for this kind of discussion.

READ MORE: Iran Foils Alleged Israeli Cyberattack on Telecommunications Company — Reports

Sputnik: I totally agree with you in terms of the global community needing better security. Indeed, we've been discussing on this problem for the last 18 months or so about various security scandals that have happened around the world, not least in the UK with regard to the security scandal involving the US presidential election last year. What is a surprise is that we've got all these tech giants in America promoting this idea, but we've got countries like the United States and Australia, and, indeed, Israel as well, refusing to sign the declaration, why is that?

Pierluigi Paganini: Definitely, they don't want norms because these norms limit their operation in cyber space. They're meeting their own interests, while ignoring the needs of the collectivity which is very risky behaviour, in my opinion. Cyberspace has no boundaries and an attack could be carried out from anywhere at any time and without shared norms of behaviour, without sharing information on cyber-attacks it's impossible to mitigate the cyber threat. In my opinion, this is very risky behaviour.

Sputnik: I can understand that this kind of a proposition is, indeed, needed moving forward, especially for Western countries to be able to regulate, police, and have oversight over the Internet. It's very important moving forward. How to police it; the fact that they are taking about it, I think, is very good news. With these countries mentioned that are refusing to sign it, obviously, that's not so good. We've also got the fact that many nations, including China and Russia, have refused to sign the pact as well; does that, in essence, make this particular program and this agreement useless? It's bankrupt before it even starts, isn't it?

Pentagon Report Reveals US Weapons Systems' Cyber Vulnerability
Pierluigi Paganini: I can tell you that the participation of China and Russia is essential, in my opinion. When I was at the G7, we proposed to enlarge the discussion to other countries, including China and Russia. We have opened the discussion to China and Russia in order to receive their proposal. Their agreement is essential. Consider also that they are among the most aggressive states in cyber space; I'm not surprised that they refuse; norms of state behaviour could have severe effects on diplomatic and political sides for both countries if they continue to operate in cyber space like they do. But we have to open the discussion to China and Russia; it's essential. Without them, any kind of discussion is seriously limited.

READ MORE: US Launches Cyber Campaign Against Foreign Trolls Ahead of Midterms

Sputnik: It appears to me that there's, obviously, a long road in terms of the negotiated settlement with all the parties involved. The agreement doesn't command any specific legislation from participating countries; we rely on private companies. With that in mind, how significant is the decision by these huge tech giants, like Google, Facebook and Microsoft, to sign the declaration? Is that going to assist in many of these governments potentially looking further into this potential agreement and maybe coming out in favour of it?

Pierluigi Paganini: In my opinion, it's very significant. The efforts of tech giants and security firms are essential to making cyber space a better place. IT giants manage a huge portion of the global traffic and almost all the data that humans generate today is managed by these companies. So we cannot exclude them from participating in such kinds of initiatives. The efforts of these companies are really precious.

Sputnik: Obviously, we know that this particular legislation is greatly needed; it's very important moving forward. What's your advice to these key decision makers in these countries in terms of getting their heads together and having a pragmatic approach to bringing global legislation because it's very much needed, isn't it?

UK, Netherlands Push for New Cyber Sanctions Amid Accusations Against Russia
Pierluigi Paganini: I want to share my experience at G7 with you. One of the best issues is to involve the largest number of countries. We have to hear any proposal from these countries. Unfortunately, today this kind of discussion is limited to a specific number of countries, for example, during the G7 there were only seven countries. We have to enlarge this kind of discussion to other countries; we have to involve China and Russia. We have to involve every country, explaining what the risks are and why we need norms of state behaviour.

Don't forget that we are not addressing only the nation-state activities in cyber space; but we also need to fight cyber-crime, hacktivism or cyber terrorism every day. And the only way to do this is to involve every country and to request their specific efforts. We have to explain to them what the risks and the economic impacts are. It's very important to enlarge the discussion to every community and country. We have to involve the largest number of countries because the need for norms is a shared need.

The views and opinions expressed by the speaker do not necessarily reflect those of Sputnik.

Discuss