Sputnik discussed the initiative to regulate the internet with Pierluigi Paganini, Chief Technology Officer at CSE and member of the ENISA Threat Landscape Stakeholder Group.
Sputnik: Some 50 countries have reportedly signed up for the initiative to regulate the Internet; in your view, what would this regulation entail?
Pierluigi Paganini: I can tell you that we urgently need norms of state behaviour in cyber space. We urgently need a so-called code of good conduct. So this is a global talk on cyber security in cyber space called by the French government is welcome.
The risk of escalation and retaliation in cyber space, an increasing number of cyber-attacks could have a destabilizing effect on international peace and security. The risk of conflicts between states caused by cyber incidents, cyber espionage activities encourage states to define a shared framework of norms of confidence-building behaviour and the use of cyberspace.
I'm one of the authors of the G7 Declaration on Responsible States' Behavior in Cyberspace. It was signed during the Italy G7 meeting last year. I had the honour to be a member of the group that worked on the proposal for voluntary, non-binding norms of state behaviour during peacetime. We presented 12 points aimed at proposing stability and security in cyberspace. I belive that this declaration is one of the best starting points for this kind of discussion.
Sputnik: I totally agree with you in terms of the global community needing better security. Indeed, we've been discussing on this problem for the last 18 months or so about various security scandals that have happened around the world, not least in the UK with regard to the security scandal involving the US presidential election last year. What is a surprise is that we've got all these tech giants in America promoting this idea, but we've got countries like the United States and Australia, and, indeed, Israel as well, refusing to sign the declaration, why is that?
Pierluigi Paganini: Definitely, they don't want norms because these norms limit their operation in cyber space. They're meeting their own interests, while ignoring the needs of the collectivity which is very risky behaviour, in my opinion. Cyberspace has no boundaries and an attack could be carried out from anywhere at any time and without shared norms of behaviour, without sharing information on cyber-attacks it's impossible to mitigate the cyber threat. In my opinion, this is very risky behaviour.
Sputnik: I can understand that this kind of a proposition is, indeed, needed moving forward, especially for Western countries to be able to regulate, police, and have oversight over the Internet. It's very important moving forward. How to police it; the fact that they are taking about it, I think, is very good news. With these countries mentioned that are refusing to sign it, obviously, that's not so good. We've also got the fact that many nations, including China and Russia, have refused to sign the pact as well; does that, in essence, make this particular program and this agreement useless? It's bankrupt before it even starts, isn't it?
Sputnik: It appears to me that there's, obviously, a long road in terms of the negotiated settlement with all the parties involved. The agreement doesn't command any specific legislation from participating countries; we rely on private companies. With that in mind, how significant is the decision by these huge tech giants, like Google, Facebook and Microsoft, to sign the declaration? Is that going to assist in many of these governments potentially looking further into this potential agreement and maybe coming out in favour of it?
Pierluigi Paganini: In my opinion, it's very significant. The efforts of tech giants and security firms are essential to making cyber space a better place. IT giants manage a huge portion of the global traffic and almost all the data that humans generate today is managed by these companies. So we cannot exclude them from participating in such kinds of initiatives. The efforts of these companies are really precious.
Sputnik: Obviously, we know that this particular legislation is greatly needed; it's very important moving forward. What's your advice to these key decision makers in these countries in terms of getting their heads together and having a pragmatic approach to bringing global legislation because it's very much needed, isn't it?
Don't forget that we are not addressing only the nation-state activities in cyber space; but we also need to fight cyber-crime, hacktivism or cyber terrorism every day. And the only way to do this is to involve every country and to request their specific efforts. We have to explain to them what the risks and the economic impacts are. It's very important to enlarge the discussion to every community and country. We have to involve the largest number of countries because the need for norms is a shared need.
The views and opinions expressed by the speaker do not necessarily reflect those of Sputnik.