Did you know that France plans to increase its involvement in the Cyber Warfare space? Brace yourselves! In the most recently released “Paris Call of 12 November 2018 for Trust and Security in Cyberspace” the country raised international concern with its idea to get involved in “offensive” most commonly known as proactive cyber warfare with a newly launched offensive cyber warfare doctrine. How come? Based on an outdated understanding of the current Cyber Warfare market including the U.S Cyber Warfare doctrine directly intersecting with Russia’s Iran’s and China’s – basically a copycat mentality for “communication channel” domination France appears to be wrongly positioning itself as a Cyber Warfare market player that could not only raise someone’s eyebrows but could also possibly position the country as a primary target for future and upcoming attacks.
Key points from the Paris Call for Trust and Security in Cyberspace:
- increase prevention against and resilience to malicious online activity
- protect the accessibility and integrity of the Internet
- cooperate in order to prevent interference in electoral processes
- work together to combat intellectual property violations via the Internet
- prevent the proliferation of malicious online programmes and techniques
- improve the security of digital products and services as well as everybody’s “cyber hygiene”
- clamp down on online mercenary activities and offensive action by non-state actors
- work together to strengthen the relevant international standards
It should be noted that major Cyber Warfare powers including the U.S did not get involved in the Paris Call with the exception of U.K., Canada and New Zealand which all signed the agreement. What does the agreement really mean? What does it mean for the U.S and its allies? Keep reading.
From an Information Warfare perspective it should be noted that such widespread calls actually mean to achieve a “media-echo” effect basically re-positioning the country in question as a leading and prominent player in the Cyber Warfare field “without the fuss about it”. Should these calls be avoided and ignored? Definitely.
Would the U.S ultimately position the country as a prominent Cyber Warfare power potentially “listing” the country as a possible source of stolen information and potential wide-spread damage caused by a potential offensive Cyber Warfare campaign launched against the country? Definitely. What France could possibly do in terms of its offensive Cyber Warfare Program? It could definitely aim to piggyback on the U.S Intelligence Community and the Security Industry in terms of establishing a successful SIGINT type of Discovery and “know-how” collection expertise.
Let’s discuss in-depth the key points outlined in the Paris Call for Trust and Security in Cyberspace.
- The first point in the Paris Call for Trust and Security in Cyberspace discusses in-depth an eventual response to an increase in “increase prevention against and resilience to malicious online activity“ – it can be best described as a desperate call to a wide-spread malicious actor and activity-blocking campaign that aims to harness the Wisdom of Crowds type of malicious actor and campaign blocking-type of activity. Should other countries follow? It should be noted that other countries should definitely avoid to stay away from such type of activity for the purpose of preserving their national sovereignty and for the purpose of not becoming a target themselves. This activity can properly materialize in the context of passive and proactive SIGINT including possible Cyber SIGINT “assets discovery” type of technique and methodology to proactively respond to current and emerging cyber threats.
- What the second paragraph – “protect the accessibility and integrity of the Internet” – basically means is a desperate attempt to tackle common Internet flaws known as possible DNS cache poisoning including various attacks on a particular country’s Internet infrastructure. What can be done to tackle this common flaws without participating in the agreement? It should be clearly noted that countries interested in protecting their infrastructure should stick to basic Information Security concepts known as the CIA triad namely the protection of the Confidentiality Availability and Integrity of the Information in question relying on basic Information Security principles and methodologies.
- The third paragraph – “cooperate in order to prevent interference in electoral processes” – basically means of a way for France on piggyback on the recent U.S based election interference on behalf of Russian hackers utilizing basic Cyber Persona’s type of fraudulent and malicious activity in the face of the infamous Guccifer hacker that can be best described as an on purposely generated Cyber Persona that basically “rebooted its lifecycle” in a 2.0 fashion courtesy of Pro-Russian hackers that hijacked the Cyber Persona and utilized its popularity and fame for the purpose of spreading a “propaganda message” including the taking of credit for high profile individual and person’s hacking attempts and compromised intellectual property.
- The fourth paragraph – “work together to combat intellectual property violations via the Internet” can be best described as a desperate attempt to enforce Intellectual Property rights enforcement on the Internet in an attempt to infiltrate and prevent the wide-spread distribution of copyrighted type of content utilizing basic old-school propagation and distribution technologies such as BitTorrent and IRC (Internet Relay Chat) including off-the-shelf P2P file-sharing methodologies.
- The fifth paragraph – “prevent the proliferation of malicious online programmes and techniques” – can be best described as futile but basically an upcoming tactic and process on behalf of the French government that will inevitably aim to target a variety of Security Researchers including Forum Communities and Information Repositories that seek to inform educate and spread knowledge on current and emerging cyber threats. Would the French government develop an active or a passive Cyber Operation that aims to disrupt the proliferation of malicious software including popular and off-the-shelf malicious and fraudulent monetization techniques? Largely depends on their current understanding of the process of disrupting and undermining malicious and fraudulent online operations.
- The sixth paragraph – “improve the security of digital products and services as well as everybody’s “cyber hygiene”” aims to build awareness on the upcoming source code auditing of popular services and products that would ultimately ensure a secure and smooth Internet ecosystem free of security flaws and potential exploitation attempts. In terms of targeting the end user the paragraph will inevitably aim to raise awareness on current and future cyber threats potentially educating tens of thousands of users on basic Cyber Threats the way we know them – malicious software exploits vulnerabilities social media sharing abuse IM (instant messaging) abuse and possible data leak attempts including personal and corporate data leaks.
- The seventh paragraph – “clamp down on online mercenary activities and offensive action by non-state actors” aims to raise awareness on the rise and dangers posed by independent contractors that also includes government-based contractors and Security Researchers posing as a possible nation-state type of malicious actors. The paragraph should be considered as an early warning call for hundreds of high profile Security Researchers that should be really putting their efforts into ensuring a proper OPSEC-research based ecosystem proactively protecting themselves and their know-how including Intellectual Property from falling victim into the wrong hands.
- The eight paragraph – “work together to strengthen the relevant international standards” aims to build awareness on the country’s participation in working on various International Security Standards including the eventual industry-based compliance that might definitely result in improved detection of cyber threats including a possible QA (Quality Assurance) and economies-of-scale type of perspective.
A possible proposal to the French government in terms of the upcoming launch of an offensive cyber warfare doctrine could be the establishment of both defensive an offensive Cyber Warfare unit that could possible ensure both a proactive and reactive response to current and emerging threats facing and somehow threatening the country’s infrastructure. What’s next in terms of a possible offensive Cyber Warfare program could be the direct establishment of a civilian-type of offensive Cyber Warfare community – something that the country might be definitely interested in considering.
The rise of opt-in hacktivism? You wish. Unless the country has the upper hand in a possible civilian-based Hacker and offensive-based Cyber Warfare program – it would be Cyber Warfare basics – back to usual. Piggybacking on civilian offensive Cyber Warfare units for stealing “know-how” is among the key tactics that the country could definitely take into consideration.
What would France do next in terms of an offensive Cyber Warfare program? It could be easily concluded that the country’s current understanding of Offensive Cyber Warfare could wrongly position the country as a primary target launched by nation-state actors including possible rogue actors that could easily find out a way to cripple the country’s infrastructure in case the country doesn’t proactively respond to current and emerging threats. From the logical evolution from passive to active SIGINT and IA (Information Assurance) to CNE (Computer Network Exploitation) it would be noted that sometimes followed the same trail might cause more head-aches than originally anticipated.
Way to go France – but keep in mind that we’ll keep our fingers crossed for an upcoming set of legislative and practical implementation of the proposed efforts.