Failing to get the major cyber aggressors on board with the Paris Cyber Agreement risks the agreement becoming nothing more than a paper tiger.
On November 12, 2018, the government of France initiated the Paris Call for Trust and Security in Cyberspace. The declaration was well received by many other governments with 51 countries, 72 companies of the Cybersecurity Tech, 16 companies of the Charter, 136 private companies, and 92 non-profit entities, universities, and advocacy groups. The pact is intended to develop “common principles for securing cyberspace” and promotes security measures (e.g., such as risk management measures), as well as guiding values of how states and responsible commercial enterprises will operate in cyberspace.
The latter point bears closer inspection as trying to come to international consensus on what cyber norms should entail have typically failed in the United Nations, both in the General Assembly (GA) via proposals brought forward by China and Russia, as well as the in the Group of Government Experts in the Field of Information and Telecommunications in the Context of International Security (GGE). Repeatedly these efforts have failed to reach their…