View of ecole militaire in Paris
On the 13th and 14th of march in Paris was the international symposium of cyberstrategy entitled “Cartographie du cyberespace” which means literally “Mapping cyberspace”.
It was run by the Castex Chair of cyberstrategy of the IHEDN
To make it more lively and facilitate the reading of the notes taken during this symposium, i used different formats (interview, summaries, slides).
Introduction: The digital Space, what geographies?
Frédérick Douzet, Castex Chair of cyberstrategy, French institute of Geopolitics of Paris 8 University
In this introduction, Frederick Douzet exposed the aim of this symposium and the future challenges regarding the mapping of cyberspace.
Her presentation attempted to answer the following questions:
How to understand the geography of cyberspace?
For this first question, which is still under study F. Douzet said that concepts method tools and graphical representation should be developed in order to better understand strategic stakes.
What can we measure and comprehend?
To this question she refers to the digital dimension in a geopolitical context.
Mapping is a pedagogic tool that helps explain stakes, it is an accessible way to represent digital spaces. It helps to understand the strategies of influence and geopolitical rivalries that are expressed through cyberspace.
What are the methodological challenges when representing cyberspace?
F. Douzet also pointed out that cyberspace was an environment generated by global interconnection. She underlined the fact that as cyberspace was hard to visualize it would be hard to map because of its complex planetary dimension and highly dynamic aspect. She added that the physical world was more and more projected in cyberspace.
In order to map it correctly she intends to ask relevant strategic questions to guide the choice of elements to be taken into account in a cartographic representation. An interdisciplinary and an experimental approach in geography should be used. The challenge would be to relate the cyber dimension to other dimensions.
John Frank, Microsoft
To introduce his keynote J. Frank explained that 2017 was an inflection point for cybersecurity.
He insisted on the fact that attacks like WannaCry were intended to cause as much chaos as possible in E.U and North America. They were not targeted against a particular organization. Those last attacks were containable but what if the next ones are not?
J. Frank also mentioned the attack in Ukraine on the 27th of June during the Ukrainian Constitution day.
Several radio and TV stations went off the air, bank ATM stopped working, people could not buy gas. Through forensics we can track an attack and that’s how we knew that this one was led by a russian crew.
Then J. Frank explained what we learned from those attacks. According to him 2017 was our wake up call and 2018 must be our response.
2017’s attack could have been far worse but we know now that attackers can do significant damage to civilian infrastructures.
The economics damages are high, for a country in struggle the impact can be dramatic.
More than 40 countries are now developing cybersecurity. This is not a military operation anymore people are now in the middle of a conflict.
He also tackled the issue of international laws, what is the law and does it exist in certain areas?
NotPetya was taking place in a context of conflict so it was acknowledged as a violation of international law.
To conclude he said that we need to insure that there are more international laws to respond to cyber attack.
Territories and sovereignty in cyberspace
To address the subject of territories and sovereignty in cyberspace various military actors, ambassador and academics presented their work and experience.
In this panel different points of view were expressed. Stakeholders, depending on their status, define territories and sovereignty in a different way. That is why I have chosen to present these points using the following keywords: territory, sovereignty and cyberspace.
Général Olivier Bonnet de Paillerets
- Modern weapon should be used and that it is not by chance that France has taken measures in cybersecurity
- There must be an effort for the laws of the republic to apply on the republic’s territory.
For instance, it is necessary to ensure that heinous content is avoided by the application of the laws of the republic. To do so we must enter into discussions with the platforms that operate in France to ensure that these legislative measures are applied.
- We consider the term territory as physical. Territory is not the same as land it includes the notion of someone’s authority on a land.
- The cloud act is in discussion in the american congress (it was in discussion during the symposium but it was signed into law on march 23rd). This act is related to personal data and its aim is to allow US authorities to request data even if servers where the data is stored are located outside the US.
The European Union said that they would cooperate and give access to this data and that they would as the USA give an extraterritorial access.
This law is prejudicial to human rights and it should be reconciled with the GDPR
Général Olivier Bonnet de Paillerets
- It is a question of the state responsibility. How do we answer to an attack?
- It is a question of conditions of an equipment control sovereignty which in the field of operational decision is essential.
- Cybersecurity is becoming a stake of collective security.
- Nowadays ANSSI is first mobilized by spy attacks.
- Espionage is the center of gravity of the Army Ministry’s concerns.
- Today there’s a complexity in understanding these issues so that our government can ensure that these notions are fully respected and considered.
- Our defence appartus must always be state of the art, enforcement and compliance must be audited.
- We are losing control over public goods on behalf of private companies. Governments have to build assessments abilities. They have to force the platforms to open for government inspection.
- We should support the idea of having a more and more bigger part of Internet designed as a public good
- The Geneva Digital Convention aims to protect the public from cyberspace threats.
Général Olivier Bonnet de Paillerets
- The threat comes from the fact that the digitalization is an advantage but also a critical weakness.
- Can a country be isolated in terms of cyberspace?
- In cyberspace, threats and influence also comes from private actors.
- In the cyberspace cooperation exists but is not satisfactory.
- Today borders are diffuse and the imposed regulations can be circumvented.
- The law does not really relate to Data we are never attaching legal consequence purely to data but to actors of the data. In the cyberspace, the border guards for states are not actually inside the territory. These guard borders are asked to act in terms of criminality. The complexity of cyberspace is also related to the fact that data is being collected through private actors outside the borders. For instance any private company in the US is not allowed to give any information relevant for another government.
- In order to make proper international laws we should intensify our cooperation between countries.
- Cyberspace must be defined before making any international law.
Mapping how data travels
To present this debate it seemed relevant to me to show some slides of the speakers who illustrate the journey of the data.
The internet is shaped by the geopolitic around it
Kevin Limonier and Louis Pétiniaud
The use of the Internet’s data flow has made it possible to map the geopolitical boundaries of cyberspace.
The tool used is the Atlas network
Comparing the travel time of data in the black sea space
To map cyberspace O. Fourmaux used the traceroute utility program. It is therefore mainly based on the path the data takes when it is transferred.
K. Salamatian studied three frameworks:
- Cyberspace embedded in geography
- Geography embedded in cyberspace
- Cyberspace as a space on its own
He also showed that some flows have their source in History.
From gulags to data centers: the strategic territories of Russian cyberspace
He explained that borders are real or imaginary lines in the political space.
How to present the digital boundary between states
The Geopolitics of the Datasphere
For Stéphane Grumbacht, the data sphere is changing the balance of power between states because of new players who are platforms and operators.
He presented several maps related to climatic phenomena to conclude by proposing an improvement on how to map events
“Cartography’s challenge will be to uncover (and validate) spatial/regional patterns within these global-scale overlay networks”
H. Verdier believes that cartography is an obsolete reading grid to understand modern issues.
He argues that « the geography of data precedes the geopolitics of data ».
Amiral Arnaud Coustillère
The Amiral Coustillère stressed the importance of French sovereignty by protecting itself, being at the forefront and establishing a strong legislative framework.
The Art of representing the Intangible
Two artists and a philosopher presented their work to approach cartography from an artistic perspective.
He talked mostly about the invisible and the intangible.
According to him the digital medium is related to the intangible.
He also refered to Bruno Latour and his Mapping of controversies.
L. Druhle tried to represent the shape of the Internet. Her artwork is an Atlas of the Internet.
Critical Atlas of Internet
G. Wagon made an artistic documentary about the Internet network in the World.
Mapping the Information Warfare
This panel of researchers and experts presented case studies and described the methodology used.
For each speaker I will make a short description of their study and show a representative slide of their remarks.
R. Géraud approaches information warfare in a poetic and mathematical manner based on the notion of time.
Time becomes a space that rhythms cyberspace and an information strategy.
How to approach cyberspace
J. Kelly suggests that we follow his thought process by first comparing Internet expectations (more participation, more diversity and quality in public sphere) and reality (elections targeted, spread of hatred, weakening of democratic debate).
He continues his reasoning by deciphering the propagation of fake news versus news by shedding light on the difficulty of discerning the protagonists of the displacement of a rumour.
Mapping cyber social terrain
R. Campigotto presented a mapping of information dissemination via social networks and specifically via Twitter.
To carry out this search he collected the tweets via an API (Twitter Streaming API) and connected them via direct links (mentions, replies to, retweets) and indirect links (hashtags and posted links shared).
K. Limonier tried to map the information related to the French presidential elections.
Following his study Kevin Limonier asked himself the following question: If we put in parallel with the American campaign how can we explain that the macron leaks movement had little impact on our election?
Ecosystème participant à la propagation
E. Lezean used different media (youtube, facebook, twitter) to observe the Arabic-speaking cyberspace based on two dimensions: geopolitical reasoning and mastery of the Arabic language and its different dialects. She took as example Saudi Arabia’s strategy of influence against Qatar on Twitter.
During her research she was confronted with various technical challenges:
- The need to develop a scrapping tool to recover all facebook friends from a public account
- How to organize and import data collected on a visualization software?
Army of loyalist bots relaying anti Qatar content from Saudi information accounts.
M. Dittus tried to propose a geography of darknet market places.
To do this he and his study group have scraped the largest darknet markets by focusing on different types of data:
- Collection of listings accross the largest market
- Buyer reviews to get indication on sales volumes.
With this research they were able to note the fact that darknet vendors don’t appear to be based in drug producer countries.
Seized production darknet trade and population demand
G. Ducrot tackled cyber risk mapping. For her, cyber risk must be managed like all risks in a society. She also made an analysis of this mapping:
- 5% of the topics addressed by the CAC40 concern cybersecurity and data protection
- 23% of the topics addressed by the CAC40 concern Big Data, digital transformation and transformation projects.
- 39% of companies do not update their risk mapping annually, while 100% of audit committees rely on risk mapping.
Cyber risks an ecosystem of risks
S. Heon talked about cyber insurance. He explained the challenge that cyber insurer have to tackle. Fisrt they need to score the cyber maturity of their client, imagine the worst case scenarios and the kind of information they need. Then they need to establish a fair modelling price ratio. Finally they have to analyze systemic aspects of cyber risks.
He added that in order to be more accurate a multi-disciplinary approach must be made.
Collective intelligence and information sharing
Geopolitics and Datascience
This panel of researchers questions the ethics, accountability, transparency and biases of the algorithm.
Martin Dittus proposes a declaration or a manifesto of the data scientist and developer who commit themselves to more respect of the users. He wishes that these professionals commit themselves in conscience in a responsible approach which includes a systemic glance of the tools which they create.
Nozha Boujemaa presented the importance of the transparency of the algorithm as an asset of confidence towards the user. According to her, the opacity of the platforms who use personal data should be limited. She also warned about the new discriminations that the algorithm can generate because of its technicality to people who are less informed or educated about algorithm.
Algorithmic systems in every day life
Amaël Cattaruzza presented a critic of predictive algorithms and the biases they may contain. This limitation may be discriminatory and exclude traditional social science approaches.
Mathematizing criminal behavior
Kavé Salamatian explained that ethical work is necessary to reflect on human adaptation to this digital revolution.
To go further: