What is cyber diplomacy?

What is cyber diplomacy?

Cyber diplomacy is the conduct of foreign policy, negotiation, and international coordination on matters that substantially affect activity in and through digital networks. It is the application of diplomatic method and legal reasoning to a domain in which the objects of negotiation can be packets, protocols, software supply chains, cryptographic keys, and data. The aim remains diplomatic in shaping expectations, forging consent, and preventing conflict.

At the level of international law, cyber diplomacy operates within the settled frameworks on the use of force, non-intervention, sovereignty, and state responsibility. But it is true that many malicious cyber operations are conducted below the threshold of an armed attack, and breach obligations owed between states or trigger countermeasures when attributable.

Diplomats often have a difficult time to clarify how classic rules apply to new patterns. For example, how can data-wiping attacks against hospitals constitute wrongful acts, where attribution is not certain? What forms of due diligence are required to prevent a state’s territory from being used for harmful operations against another state?

The instruments of cyber diplomacy range from hard to soft law and from public to private. Binding treaties on cybercrime, mutual legal assistance, extradition, and data protection coexist with executive agreements on cross-border data access and with memoranda of understanding for incident response cooperation. Joint attributions and coordinated sanctions combine legal characterization with economic statecraft, often supported by statements of evidence sufficient to persuade allies even if the underlying evidence remains classified.

Confidence building measures create directories of national points of contact, promote exercises and simulations, and establish communications channels for crisis deescalation. Political declarations are in line with expectations, protecting the public core of the internet, refraining from targeting critical infrastructure, cooperating to mitigate malicious code. sometimes, these measures harden into practice that regulators and courts treat as authoritative.

Attribution and evidentiary standards are unique pressure points of cyber diplomacy. Because malicious code can be reused, obfuscated, and proxied through unwitting infrastructure, technical indicators alone seldom deliver courtroom grade proof. Diplomatic practice blends three layers of evidence: Technical forensics linking infrastructure, malware families, and operational tradecraft. Intelligence reporting (signals based or human source based) assist in deciding motive, opportunity, and strategic pattern.

Cyber diplomacy aligns legal doctrine with technical reality, and manages coercion through law rather than force. For risk and compliance, it determines what must be reported and to whom, how to respond to government demands across borders, when to expect sanctions relief or escalation, and what due diligence is adequate in a world where a supplier’s compromise can become an international incident. The craft of cyber diplomacy is necessary and lets regimes interoperate across borders, turning fragmented national measures into a defensible and predictable environment for digital commerce and security.

---

Cyber diplomacy, emerging risks and challenges

Cyber diplomacy has moved into a domain where technological acceleration, strategic competition, and legal fragmentation interact in complex and often destabilizing ways. A new generation of risk alters state responsibility, liability, attribution, sanctions exposure, market access, insurance coverage, procurement integrity, and the enforceability of cross-border obligations.

1. The widening gap between technical capability and legal containment. The core diplomatic risk in cyberspace is that capability is scaling faster than law can contain it. Machine learning models and automated tools have lowered the cost of targeted intrusion, information operations, and deception, enabling a level of persistence and precision previously reserved for a few intelligence services.

Two consequences matter:

a. The evidentiary burden for public attribution increases as operations rely on synthetic content, rented infrastructure, and mercenary operators.

b. The time window for diplomacy, negotiations, and legally sound countermeasures shrinks as autonomous components compress the "observe orient decide act" loop. In simple words, governments facing an unfolding operation may need to consider responses before investigators can assemble a record that satisfies international law thresholds and before diplomats have a chance to negotiate.

2. AI-enabled deception, reputational coercion, and negotiation manipulation. Generative systems have turned social media and information space into an operational battlespace. For cyber diplomacy, there are three new risks:

a. Impersonation of diplomatic principals and institutions, where deepfake voice and video are used to manipulate policy concessions, spread confusion during crises, or discredit international organizations. This includes market manipulation, fraudulent instructions, and the triggering of actions.

b. Targeted cognitive pressure on individual negotiators, where behavioral data are mined to craft manipulative engagement.

c. The contamination of evidentiary chains, where fabricated or subtly altered digital documents appear in investigative or dispute resolution records.

3. Space-cyber convergence. The integration of space and cyber systems has created new points of coercion. Commercial satellite constellations, navigation services, and ground segment operations have become critical infrastructure.

4. Mercenary cyber capability markets and the privatization of coercion. An increasingly sophisticated market of surveillance tools, exploit brokers, and offensive security contractors operates across jurisdictions. From a diplomatic perspective, the risk is deniable coercion deployed by private actors with plausible distance to states, enabling influence operations, transnational repression, or targeted intrusions that would be diplomatically costly if conducted by official services.

The privatization of coercion occurs when those services are used to exert political, economic, or legal pressure by states, corporations, criminal groups, or shadow intermediaries, so that the coercive act can not be directly associated with the principal who benefits. In very simple words, instead of a government ordering a clandestine operation, a government, or state-sponsored entity hires a private operator to do the dirty work, creating plausible deniability, reducing the political cost, and increasing the scale and availability of offensive capability.

---

The Paris Call for Trust and Security in Cyberspace

The Paris Call for Trust and Security in Cyberspace, launched on 12 November 2018 during the Paris Peace Forum, deals with emerging and insufficiently regulated cyber challenges. States, businesses (including Microsoft, Kaspersky, Siemens, Google, Facebook), professional associations and civil society organizations discuss to find solutions for the regulation in cyberspace, the practicability of international law, and the responsible behaviour of States.

11/11/2021 - The European Union and the United States have joined the Paris Call. Their decision will strengthen the Call and enable it to go further in the defence of stability in cyberspace.

The Paris Call for Trust and Security in Cyberspace: https://www.diplomatie.gouv.fr/en/french-foreign-policy/united-nations/multilateralism-a-principle-of-action-for-france/alliance-for-multilateralism/article/paris-call-for-trust-and-security-in-cyberspace

The 9 principles - The Paris Call for Trust and Security in Cyberspace

1. Protect individuals and infrastructure

Prevent and recover from malicious cyber activities that threaten or cause significant, indiscriminate or systemic harm to individuals and critical infrastructure.

Emergency services: the European Emergency Number Association provides cybersecurity guidelines to ensure the safety of citizens

Recent cyberattacks around the world, including against hospitals, remind us about the need to be better prepared. Public safety organizations are not exempt from these ever-evolving cyber risks. When emergency call centers suffer cyberattacks, interference with first response from rescue organizations can result in the death of individuals.

The European Emergency Number Association (EENA) believes that, for the safety of citizens, it is essential to ensure public safety services remain uninterrupted. To protect critical infrastructure and sensitive information, emergency services must implement appropriate and effective safeguards.

After the WannaCry ransomware attacks in 2017, EENA launched its Cybersecurity Working Group to help share best practices and develop a set of concrete, specific recommendations for emergency response organisations. The group held a dedicated webinar and published cybersecurity guidelines. The importance of this issue has been highlighted at the annual EENA Conference for several years and during the EENA Members Workshop 2018. Recommendations include the need to include cybersecurity as part of general risk assessment, train employees, implement technological solutions, and perform vulnerability tests and cyber incident exercises.

2. Protect the Internet

Prevent activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet.

Protecting the Domain Name System: French company Nameshield ensures identity integrity and resilience

Protecting the availability and the integrity of the public core of the Internet requires close cooperation between different types of actors, including non-profit organization ICANN (Internet Corporation for Assigned Names and Numbers) and private companies such as Nameshield. An independent French company, Nameshield ensures identity integrity and resilience on the Internet with its own caste-based, resilient DNS infrastructures.

Cornerstone of the Web, the Domain Name System (DNS) serves as the Internet directory. This protocol translates a domain name into an IP address, based on a database distributed on thousands of machines. If the DNS falls because of data corruption or a denial of service attack, websites and emails become inaccessible.

It is crucial to guarantee the protection and availability of DNS. A new protocol, DNSSEC, has thus been developed with the support of ICANN to address vulnerabilities in the DNS. Other solutions can help ensure identity resilience, such as Registry Lock or SSL certificates. By protecting data on domain name identity cards and providing a high availability service, Nameshield contributes to the second principle of the Paris Call and protects the public core of the Internet.

3. Defend electoral processes

Strengthen our capacity to prevent malign interference by foreign actors aimed at undermining electoral processes through malicious cyber activities.

Protecting the integrity of democratic elections: The Transatlantic Commission on Election Integrity (TCEI) helps advancing solutions

Election interference is a major threat to the universal right of people to take part in the democratic process. Still, democratic governments and technology companies around the world are scrambling to meet the challenges of the latest election meddling tactics and technologies. This is a global phenomenon, with instances of election interference seen in countries from Mexico to North-Macedonia, Ukraine to Kenya, Taiwan to Turkey.

Yet, attacks and coordinated manipulation are no longer coming from foreign malign powers alone: increasingly, the cross-border disinformation playbook is used by domestic actors trying to sow division and polarization in both authoritarian and democratic contexts.

The TCEI brings together committed and eminent persons from different backgrounds with one shared goal: to ensure people decide freely, based on independent information, who should represent them. Transatlantic and bipartisan in nature, the TCEI seeks to share best practice between decision-makers and institutions across the democratic world, raise public awareness about the risks of interference while applying on the ground new models and technologies to empower civil society and governments to defend democracy. The TCEI is an initiative of the Alliance of Democracies Foundation founded by Anders Fogh Rasmussen in 2017.

4. Defend intellectual property

Prevent ICT-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sector.

Protecting software distributed under open source licenses: the Linux Foundation supports communities that share their knowledge

In a world whose dynamics are based on sharing of knowledge, the free software model and the application of free software licenses become increasingly important. Open source software is equipped with legal tools such as copyleft to frame the involvement on a cooperative basis and a reciprocal gift-giving logic, to produce highly performing software and to prevent private appropriation of codes or theft of intellectual property, since what is voluntarily shared cannot be re-appropriated.

The open source software model offers a way to reconcile private individual interest and collective efficiency: it is not a question of abandoning intellectual authorship, but to allow reuse of the free software created under the condition that any new version can also circulate freely. Hence intellectual property shared under such licenses spreads more quickly in the industrial fabric and benefits from network effects, which support the push for creating standards that evolve around it and its promoters.

With over 1,000 corporate members worldwide, The Linux Foundation provides strong support to open source communities through financial and intellectual resources, infrastructure, services, events, and training. Working together, the Linux Foundation and its projects form one of the most ambitious and successful investments in the creation of shared technology: the collective value of the code in Linux Foundation projects is estimated at roughly US$16 billion.

5. Non-proliferation

Develop ways to prevent the proliferation of malicious software and practices intended to cause harm.

Fighting malware at the roots: YesWeHack organises Bug Bounty programmes to disclose and correct vulnerabilities before malicious tools get in.

Bug Bounty programmes reward individuals who report security vulnerabilities. Participants who discover insufficiencies in hardware or software report to the organising entity (“the vendor”) so that corrective measures can be taken.

By bridging the gap between vulnerability discoverers and vendors, Bug Bounty programmes allow the structuration of a Coordinated Vulnerability Disclosure (CVD) process. It prevents state and non-state actors from stockpiling vulnerabilities and limits the development of vulnerability-oriented black markets. In turn, it curbs the proliferation of malicious ICT practices and tools which feed on vulnerabilities.

YesWeHack, Europe’s Bug Bounty leader, promotes proactive vulnerability disclosure by organising public and private Bug Bounty programmes. It also offers such programmes to NGOs and civic tech associations to improve the security of their infrastructures. By mobilising a community of ethical hackers and contributing to a harmonious CVD approach, YesWeHack limits entry points available to malicious ICT tools.

6. Lifecycle security

Strengthen the security of digital processes, products and services, throughout their lifecycle and supply chain.

ICT/OT supply chain integrity: Carnegie Endowment for International Peace presents government and corporations with recommendations

The Carnegie Endowment has released a report on ICT supply chain integrity authored by Ariel E. Levite. It calls for urgent action to arrest the current trends undermining trust in digital products and services and fracturing the global ICT supply chain.

Strengthening the security of digital products and services throughout their supply chain is a key principle of the Paris Call as malicious actors can threaten governments, industry and individuals by attacking the weakest point on the chain, with negative consequences in terms of geopolitics, espionage, trade, and consumer protection. Cooperative efforts are needed to restore confidence in the integrity of supply chains.

In particular, the new report underscores the importance of complimentary governmental and corporate actions to enhance the integrity of the ICT/OT supply chain through a combination of commission and omission, elaborating on practical obligations both should undertake toward that end. It sets up comprehensive objective criteria for qualification of Trustworthy Suppliers, and proposes mechanisms to verify compliance with the trustworthiness criteria and an incentive structure to reward those who assume and fulfill their commitments.

7. Cyber hygiene

Support efforts to strengthen an advanced cyber hygiene for all actors.

Seguros en la red: the Equatorian Cybersecurity Association promotes cyber hygiene to kids in Ecuador

Children and adolescents study, play and interact for hours online. But like every new world to discover, the cyberspace presents a series of risks that they need to know about.

The Ecuadorian Cybersecurity Association (AECI) launched the “Seguros en la Red” (“Secure on the net”) project to teach children about responsible use of ICTs and associated risks. AECI created playful characters, who give girls and boys a minimum level of education in order to nurture, foster and promote a culture of digital security. Named “Cyber” and “Alerto”, these fictional characters introduce children to cyberspace with its resources and opportunities but also its dangers.

Awareness, culture and prevention are the three pillars around which AECI aims at creating an ecosystem of digital security programs, in conjunction with educational institutions, public and private organizations.

8. No private hack back

Take steps to prevent non-State actors, including the private sector, from hacking-back, for their own purposes or those of other non-State actors.

Hack-back, active defense, and countermeasures: the Cybersecurity Tech Accord starts a conversation on definitions and best practices

As the frequency and severity of global cyber threats grow, defenders are investing in new and innovative techniques to protect themselves. However, not all measures being developed are purely defensive: increasingly talk has been around more intrusive “active defense” techniques – with hack back the most prominent example.

The Cybersecurity Tech Accord signatories strongly supported the decision to include Principle 8 in the Paris Call, which rightly introduces a general prevention on hacking back for non-state actors. However, this is an area fraught with ambiguity, and they believe further elaboration is needed to set clear boundaries around intent, authority, and intrusiveness before government and private actors can implement it.

It is particularly critical to ensure the prohibition does not capture positive cybersecurity techniques, such as penetration testing. To this end, the Tech Accord signatories are committed to working together to support effective implementation of the Paris Call principle on hack back, including by highlighting potential definitions and best practices.

They will start the discussions with a meeting at the Internet Governance Forum in Berlin, where they hope to gather views of not just industry, but civil society on this critical topic. Organizations interested in participating in this effort can send an email to info@cybertechaccord.org.

9. International norms

Promote the widespread acceptance and implementation of international norms of responsible behavior as well as confidence-building measures in cyberspace.

Selecting a contact point (POC) in each State to exchange information on ICT-related incidents: along with other countries, France operationalizes confidence-building measures within the OSCE

The Organization for Security and Co-operation in Europe tackles various cyber threats including cybercrimes and the use of the Internet for terrorist purposes. A key focus is on the development of confidence building measures (CBM) between participating states to reduce the risks of conflict. Sixteen CBMs have been adopted, which aim at enhancing interstate cooperation, transparency and predictability to reduce risks of misperception and escalation.

One of these measures requires that participating States nominate a contact point to facilitate pertinent communications and dialogue on ICT-related incidents and coordinate responses. France is one of the lead countries to operationalize this measure, including through communication checks and exercises. Exchanges of information and communication between States can stop an unintentional conflict by defusing potential tensions and stopping or slowing down the spiral of escalation.

Regional organizations such as the OSCE are ideal platforms for building confidence in cyberspace, as they have often been conceived for conflict prevention and offer practical expertise with CBMs. So far, some successful “comcheck” exercises have been launched by the OSCE secretariat, which underline the utility of such measures in order to reinforce stability in cyberspace through a continuous dialogue between States.

---