X
Tech

US, Russia, China don't sign Macron's cyber pact

New cyber peace pact signed by 51 other countries, 224 companies, and 92 non-profits and advocacy groups.
Written by Catalin Cimpanu, Contributor

The US, Russia, and China -- three of today's major cyber-powers -- have not signed an international agreement on cybersecurity rules and principles released at the Paris Peace Forum by French President Emmanuel Macron.

The pact was signed by 51 other countries, 72 companies which are part of The Cybersecurity Tech Accord, 16 companies which are part of The Charter of Trust, 136 other private companies, and 92 non-profit organization, universities, and advocacy groups.

The Paris Call for Trust and Security in Cyberspace, as the agreement has been named, is the most comprehensive, coordinated effort to date to get countries to agree on a set of international rules for cyberspace -- a so-called Digital Geneva Convention.

Microsoft Chief Legal Officer Brad Smith has been advocating for such a pact since 2017 after the exec had seen the damage done to the private sector by the NotPetya ransomware outbreak, which was later proved to be the work of Russian state cyber-operatives attempting to wreak havoc inside Ukraine.

The UK, Iran, and North Korea didn't sign either

Besides the US, China, and Russia, Australia and New Zealand didn't sign the pact either. Only Canada and the UK were the only countries from the Five Eyes intelligence sharing group to sign the pact.

Other countries with important and active cyber units that didn't sign the pact include Iran, Israel, and North Korea.

Without the signatures of these "heavy hitters," the pact is useless, albeit many suspect it was only a PR stunt. The pact was signed a day after world leaders celebrated 100 years since the end of World War I.

The pact doesn't include any penalties for those who signed yet have broken the agreement's clauses. The document is more of a charter and declaration of intent to sign a future, more comprehensive agreement.

The Paris Call for Trust and Security in Cyberspace proposes the following measures and steps:

  • Prevent and recover from malicious cyber activities that threaten or cause significant, indiscriminate or systemic harm to individuals and critical infrastructure;
  • Prevent activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet;
  • Strengthen our capacity to prevent malign interference by foreign actors aimed at undermining electoral processes through malicious cyber activities;
  • Prevent ICT-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sector;
  • Develop ways to prevent the proliferation of malicious ICT tools and practices intended to cause harm;
  • Strengthen the security of digital processes, products and services, throughout their lifecycle and supply chain;
  • Support efforts to strengthen an advanced cyber hygiene for all actors;
  • Take steps to prevent non-State actors, including the private sector, from hacking-back, for their own purposes or those of other non-State actors;
  • Promote the widespread acceptance and implementation of international norms of responsible behavior as well as confidence-building measures in cyberspace.

Related coverage:

Editorial standards