U.S. states and cities are breaking with the federal government and signing onto an international pledge aimed at making cyberspace safer.

Virginia, Colorado and Washington state have all endorsed the Paris Call, which was first boosted last year by French President Emmanuel Macron and which commits members to combatting major cyberattacks, digital theft of intellectual property and foreign election interference. City governments in Louisville, Kentucky; San Jose, California; and Huntington, West Virginia, have also joined.

The Trump administration, meanwhile, is still refusing to endorse the pledge - even though it was approved by 74 other nations including our closest allies in Britain, Canada, Australia and New Zealand.

The move is another way that cities and states are breaking with the Trump administration. Others have done so on issues ranging from climate change, privacy to immigrant rights. It also underscores how states and localities, which have been pelted with costly ransomware attacks and struggled to protect their elections against highly sophisticated Russian hackers in recent years, are increasingly viewing cybersecurity as an existential threat.

"It's a problem that's facing us and I really don't give a flip whether a governor or a president is addressing it," said Stephen Williams, mayor of Huntington, West Virginia. "I'm going to find people on common ground and we're going to move forward and make our case. If the states and federal government want to come along, that's fine, but, if not, we've got our own voice."

The Paris Call, which Macron launched on the centennial of the armistice ending World War I, is basically a statement of broad principles that doesn't specifically bind signatories to do anything except to "work together" to prevent major hacking operations and protect the integrity of the Internet. As of the call's first anniversary Tuesday it had endorsements from 333 civil society organizations and 608 companies along with 74 national governments - making the United States an outlier for rejecting it.

Major U.S. adversaries have also declined to sign the pledge including Russia, China, Iran and North Korea.

The U.S. government "largely supports the objectives of the Paris Call," a State Department official told me, but has "significant reservations" about some elements of the text and the way it was drafted.

"Unfortunately, there was not sufficient opportunity in the drafting process to shape the text or clarify certain ambiguities. Therefore, we could not endorse the Paris Call," the official said. The official didn't describe the specific problems with the text.

The U.S. government has endorsed some rules of the road in cyberspace - such as that nations shouldn't attack each other's critical infrastructure such as hospitals and energy plants - but not for several years and typically after intense negotiations.

Some state and local officials are hoping their endorsements will pressure the federal government to take a firmer stand.

"State and local governments are all finding a certain value from the Paris Call and that could help the federal government see the value as well. I think that would be a step in the right direction," Washington state Chief Information Security Officer Vinod Brahmapuram told me.

In other cases, they see signing the pledge as the only way to do right by their citizens.

"We want to be good stewards of our constituents," said Robby Demeria, Virginia deputy secretary of commerce and trade for technology. "We want to make sure they're protected and we want to make sure our elections are protected."

Many other signatories hope the pledge will prompt local and national governments to take digital defense more seriously - especially as technological developments such as artificial intelligence and next-generation 5G wireless networks increase the possibility for cyberattacks to be far more damaging.

But without the U.S. government's endorsement the call will lack international heft, they worry.

"I think the U.S. is losing the opportunity to demonstrate leadership in this area," said John Frank, vice president for European Union affairs at Microsoft, which was an early endorser of the call.

"Governments can't solve this problem by themselves. Companies can't solve this problem by themselves. Customers can't solve this problem by themselves. We need to work together," he said.

Get our daily Headlines Newsletter

* I understand and agree that registration on or use of this site constitutes agreement to its user agreement and privacy policy.

Recommended for you

Load comments