In a recent statement released by the White House, it was announced that Vice President Kamala Harris had guaranteed the United States’ support for the Paris Call for Trust and Security in Cyberspace. The news came following a meeting between the Vice President and President Emmanuel Macron of France last month.
The Paris Call for Trust and Security in Cyberspace is a voluntary initiative that aims to bring the international community together to safeguard peace and security in the digital space. It recognizes that while the development of digital technology has brought significant opportunities for economic advancement, innovation, and access to information, it also brings with it new threats.
These threats come from both nation state and non-nation state actors and range from the theft of confidential data to cyber-attacks on critical infrastructure.
First launched by President Macron in November 2018, the Paris Call is now supported by 80 nation states as well as 36 public authorities and local governments. Over 1,000 organizations and private sector companies from around the world have also joined the initiative.
There are nine principles at the core of this initiative, many of which align with the US’s current efforts to improve cybersecurity and prevent cybercrime. As the government begins to take a more authoritative stance on resolving these issues (as evidenced by the new Civil Cyber-Fraud Initiative), organizations, particularly those in the federal supply chain, need to make a proactive effort to improve security in their core networks.
What are the nine principles of the Paris Call for Trust and Security in Cyberspace?
- Protect individuals and infrastructure
- Protect the internet
- Defend electoral processes
- Defend intellectual property
- Lifecycle security
- Cyber hygiene
- No private hack back
- International norms
The first principle focuses on the prevention and recovery from malicious cyber activities, particularly those impacting critical infrastructure.
This is already a high priority for the US government given the increase in these types of attacks in recent years. A recent survey found that 54% of 500 critical infrastructure suppliers had seen attempts to control their systems and many believed these attacks were becoming increasingly sophisticated.
In 2013, one such attack took place when bad actors were able to breach the Bowman Avenue Dam in New York. The hackers infiltrated the command and control center via a cellular modem, giving them remote access.
More recently, the Colonial Pipeline hit the headlines when attackers gained entry to Colonial’s virtual private network account.The temporary shutdown of the pipeline led to fuel shortages across the US East Coast, illustrating the importance of governments joining initiatives like the Paris Call to prevent similarly disruptive events occurring in future.
Principle six in the Paris Call aims to strengthen the security of digital processes, products, and services, and improve supply chain integrity. This principle is especially relevant to the US government, given their current efforts to improve the standards of cybersecurity for federal contractors and organizations in the Department of Defense (DoD) supply chain.
The National Institute of Standards and Technology (NIST) has introduced a series of cybersecurity frameworks to protect government information. Any organization that processes or stores Controlled Unclassified Information (CUI) must comply with the requirements of NIST Special Publication 800-171
Defense contractors must assess their compliance with the framework using a points-based approach and scores recorded in the DoD’s Supplier Performance Risk System (SPRS).
With Titania’s auditing solution, Nipper, you can accurately assess performance against 31 of the core network requirements for NIST 800-171, accounting for up to 113 SPRS points. Nipper’s NIST 800-171 module automates the assessment of 21 of these core network device requirements and provides information on a further 10 requirements that can be used to determine compliance.
Titania is proven to protect critical infrastructure and is already in service with all four arms of the DoD, US federal agencies and government contractors. If you would like to see how you can manage your network risks through accurate reporting and detailed remediation with Titania Nipper, you can request a free trial of the software.
Automate the assessment of 89% of NIST 800-171 core network controls with Nipper.
- Zero Trust Effective Network Segmentation - the ultimate mitigating control for secure network infrastructure.
- How Nipper Enterprise can help your organization to determine compliance with PCI DSS
- Attack Surface Management and Incident Prevention
- Incident Prevention or Incident Recovery: Comparing MTTR definitions.
- How to remediate the NSA and CISA's top 10 misconfigurations