How can a state, an individual or a non-state organization be prevented from launching a cyberattack against governmental data networks or vital infrastructure? Does an online non-aggression pact or control of cybernetic weapons make any sense when a laptop computer or a mobile phone can become a weapon?

A Very Real Virtual Threat

Since the spring of 2010 the United States and Russia, followed by six other countries, have been attempting to negotiate a treaty on Internet security and the restriction of the military use of the Internet. A significant divergence became apparent immediately: Washington is insisting on notions of ‘IT security’ and ‘cyberwar’ while Moscow favours a wider concept of ‘information security’. For the Americans, cybercriminality and cyberespionage constitute the major problems; for the Russians, the protection of government IT architectures remains the priority.

Beyond the pious hopes and behind-the-scenes manoeuvres, this ‘Cold War’ type of approach to security, partly justified but deeply mistaken, is the product of leaders who have come lately to information technology, rather than being born to it. Hence their great difficulty in understanding the finer points of the emerging paradigm of cybersecurity.