French Defense Secretary Says Country Is Willing To Fire First In Cyber Wars

from the only-good-things-can-come-of-this dept

Over the past few years, politicians and intelligence officials have floated the idea of hacking back. When not pushing the idea of treating cyber wars like declarations of actual war, these officials have seen nothing wrong with hacking back against cyberattackers or allowing private companies to do the same.

It may seem like there's nothing wrong with a "best defense is a good offense" theory of deterrence, but it's not that simple. First of all, attribution is often more difficult than these officials imagine. Hacking back against the wrong party is only going to escalate tensions. At worst, it could result in international incidents where those hacking back have broken laws in other countries. At best, it will just become another forever war countries throw money at -- one that's sure to result in expanded government power at the expense of the taxpayers, both in terms of tax dollars and civil liberties.

France has been scratching its itchy trigger finger for awhile now. Roughly a year ago, the government shot down a proposal giving private companies the right to retaliate against cyberattacks. It felt doing so would only lead to further "instability in cyberspace." That assessment is likely correct. But the French government apparently only felt private hack backs would lead to instability. If the government did it, no such instability should occur… apparently.

As far as offensive actions are concerned, the [Strategic Review of Cyberdefense] may not want companies to unleash hack-backs after an online attack, but it does want to keep that option open for the French authorities.

Not sure how a government-run cyberattack would lead to greater stability, but there you have it. The French government is apparently so confident in its ability to carry out non-destabilizing cyberattacks that it's not even going to wait around to get hacked first. Defense Secretary Florence Parly had this to say at a recent cybersecurity forum:

“The cyber weapon is not only for our enemies,” said France’s defence secretary this afternoon, speaking through a translator. “No. It’s also, in France, a tool to defend ourselves. To respond and attack.”

Her remarks will be seen as moving the debate about offensive cyber capabilities – not just so-called “active defence” but using infosec techniques as another weapon in the arsenal of state-on-state warfare – to a new level. Coming from a prominent NATO member and EU country, it could set the tone for future discussion of nation states' offensive cyber doctrines.

If France is going to start a cyberwar, it's not going to do it alone. Parly also called for "more cooperation and partnerships" from other European governments, suggesting their asses will also be on the line if France kicks off WWIII/CyberWar I with a misdirected cybersortie. While Parly is correct in her assessment that cyber threats are border-less, it seems a little audacious to suggest everyone else is obligated to bail you out if you take the lead in hacking forward.

Filed Under: cyberattacks, first strike, france, hack back

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Christenson, 25 Jan 2019 @ 12:36pm

    How to respond???

    I see infosec (keeping secrets) as quite distinct from the basic question of whether I can trust my computer to do what it says it is doing and nothing else.

    Keeping secrets is becoming really difficult, and I don't think it can begin to be addressed without addressing the trust issue, and even then may be impossible.

    The trust issue comes in two parts: trusting people (really can't nerd harder, or close the door on all the migration that has happened the last half century), and trusting the computer itself.

    Trusting the computer itself is possibly soluble by nerd harder. It will come at a price of simpler, less interdependent systems, and automatic or semi-automatic proofs. For example, I would like to know that my computer has only two connections to the internet: The web browser and the fileshare, that these are independent unless granted specific permissions, and the web browser is not writing to the permanent memory on my computer.

    Those problems can potentially be fixed.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.