More than 50 nations, but not U.S., sign onto cybersecurity pact
French President Emmanuel Macron seen after the opening session of the Paris Peace Forum. Photo: Artur Widak/NurPhoto via Getty Images
French President Emmanuel Macron released an international agreement on cybersecurity principles Monday as part of the Paris Peace Forum. The original signatories included more than 50 nations, 130 private sector groups and 90 charitable groups and universities, but not the United States, Russia or China.
The big picture: The Paris Call for Trust and Security in Cyberspace is another step in the disjointed effort to create international norms and laws for cybersecurity and warfare. In most international matters of regulating the internet, there tends to be a wide split between the liberal Western order and authoritarian nations like Russia and China.
Details: The agreement does not command any specific legislation.
- The principles include agreements to promote human rights on the internet, thwart election hacking, cease the theft of intellectual property via hacking and stop "malicious cyber activities in peacetime, notably the ones threatening or resulting in significant, indiscriminate or systemic harm to individuals." China, Russia and North Korea have each been accused of violating some or all of these in the past.
- Private sector groups are tasked with having a unique responsibility in security.
- It includes an endorsement of certain security measures, including basic security practices and responsible disclosure campaigns, allowing security researchers to alert organizations and governments to security vulnerabilities in their systems.
Key absentees from the agreement included the U.S. and Australia — two of the five nations in the powerful Five Eyes digital surveillance alliance. The others — the U.K., Canada and New Zealand — all signed.
- Many restrictive regimes also did not sign on, including China, North Korea, Russia and Iran, who all have active cyber warfare programs, and Saudi Arabia, which does not.
- Israel, which has a large domestic cybersecurity industry, also did not sign on.
But the signatories include two notable tech sector security agreements: the Microsoft-led Cybersecurity Tech Accord and the Siemens-led Charter of Trust.
- Major tech firms like Microsoft, Facebook, Google, IBM and HP are all signed on — either through those private sector pacts or to the agreement outright.
- Kaspersky Lab, which has been accused of assisting in Russia's hacking efforts, signed as well. Chinese firms accused of benefitting from the theft of intellectual property or assisting in espionage, including ZTE and Huawei, did not.
Correction: As originally posted, this article stated incorrectly that the United Kingdom did not sign the agreement. It has.