Guaranteeing Cybersecurity

It is crucial for cyber space to remain a space for freedom, exchange and growth. This major issue of France’s digital diplomacy is based on France’s international digital strategy. France’s position takes into consideration the fact that cyber security – which is required for prosperity and progress in our societies – is now part of power strategies and relations that govern international relations.

What is cyber security?

Cyber security includes all security measures that can be taken to protect an information system from cyber attacks. Cyber attacks are becoming more sophisticated and intense. That is why, in recent years, most developed countries have strengthened their resilience [1] and their infrastructures and developed a culture of cybersecurity in the private and public sectors. The aim is to protect their critical infrastructures because there would be significant security, economic and health risks if they are attacked.

What is France doing to ensure cyber security?

France takes action at national, European and international levels. A European Union Member State and leader in this area, it encourages EU action using an approach focused on subsidiarity, complementarity, and respect for national security competence of Member States. It also seeks enhanced cooperation among Member States regarding these issues to better understand and defend our common interests.
At the operational level, it aims to achieve the highest level of strategic autonomy as possible in terms of technology, regulations and capabilities.

At European level, France is a driver

France’s action includes :

• Effective consideration of cybersecurity issues, including in preparation of the new Commission’s Digital Agenda for Europe. Making these issues a high priority, France is working for a EU-specific positioning that is compatible with its national interests including the single market, law enforcement cooperation, external relations, security and defence, and the protection of European institutions from possible cyber attacks;

• Enhanced cooperation between the EU Member States in the event of a cyber crisis;

• Adoption by all Member States and implementation of an EU cyber diplomacy toolbox, providing Member States with various options, including a global individual sanctions regime enabling a joint response to cyber crises. France has ensured that the European Union developed an autonomous and progressive approach, based on compliance with international law, dialogue and respect for the sovereign powers of its Member States.

At international level, France is carrying out several additional initiatives.

• At the United Nations, various groups of governmental experts have held meetings since 2004 to deal with issues and produce recommendations for States to prevent cyber space from becoming a no-go zone. Recently the focus has been on assistance to the least developed countries so that they can improve their overall level of cybersecurity (for example, by protecting telecommunications infrastructures or training staff);

• The Paris Call of 12 November 2018 for Trust and Security in Cyberspace invites all stakeholders to tackle new threats endangering citizens and infrastructures together. This initiative is based on 9 common principles that are avenues for reflection and action.
  As of 1 January 2020, the Paris Call is supported by 76 States, 626 companies and professional associations, 342 civil society organizations and 26 central or local government authorities who are working to together to adopt responsible behaviours.

• The Dinard Declaration on the Cyber Norm Initiative is in line with the Paris Call. It includes the main principles and objectives of an initiative of G7 countries to implement UN-approved norms and recommendations, summarizes the lessons and best practices identified and lays the foundations for a self-regulation mechanism.

• At the G20, France raised the question of the responsibility of private stakeholders to the Japanese Presidency. The Osaka Declaration, as a result of this initiative, recognizes the importance of promoting security in the digital economy and of addressing the existing cybersecurity security gaps and vulnerabilities. In 2020, cyber resilience has been identified as one of the five priorities of the Saudian Presidency.
  =>Cybersecurity will be the theme for a side event on 3 February 2020 of the first Digital Economy Working Group.

• A Global Forum on Digital Security for Economic Prosperity has been held at the OECD since 2018, at France’s instigation. The Forum provides the opportunity to take forward the positions that France defends regarding the issue of the responsibility of the private sector in the security and stability of cyber space.

• At the OSCE, discussions have been held in an informal working group of experts from participating States. The OSCE conducts important work to develop and enact confidence-building measures which can apply to cyber space.

At the same time, France holds:

• Strategic bilateral discussions on cybersecurity with its main partners. At these meetings, points of convergence can be identified to be promoted within the framework of multilateral bodies, and more generally, build a trust relationship. During these discussions, the implementation of technical cooperation is decided:

• Bilateral cooperation led by the French Network and Information Security Agency (ANSSI) with some foreign partners, a sharing of experience and best practices on technical topics such as threat analysis methods, digital certifications, incident resolution, protection of critical infrastructures and provision of security for major events. The Ministry of Justice and the Ministry of the Interior also develop bilateral cooperation between investigation and judicial services on the themes of combating cyber crime.