Conclusion - Cyberspace: conflicts and cooperation among actors

Cyberspace, born at the end of the 20th century, is a network formed by the global interconnection of computers. It is both a physical network, comprising interconnected infrastructure, and an immaterial space, encompassing all digital data exchanges.

The number of internet users has grown from 1 to 5 billion since the early 2000s, representing half of the human population. In the 1990s, pioneers of the internet viewed the cyberspace as an independent, supranational territory, without borders, where states had no sovereignty to intervene, contrasting with traditional territories.

Since the mid-2000s, states perceive cyberspace as a territory to be controlled through laws for protection, leading to its militarisation, thus rendering it a conventional territory. The control of this “immaterial territory” is a political and geopolitical issue for States. States can indeed be the victims of cyber threats, therefore, they implement cyber defense policies.

How does cyberspace generate new conflicts? Are these tensions mitigated by cooperation among actors?

#1. Cyberspace: between networks and territories (infrastructure, actors, freedom or control of data).

#A. Infrastructure of cyberspace: three interdependent layers

#a) The physical layer (hardware)

The physical layer forms the foundation of cyberspace. This includes the terminals, such as computers, smartphones, and other connected devices, that communicate with one another. These devices are linked to data centres, which serve as hubs for storing vast amounts of information. As of 2022, there were approximately 7,500 data centres worldwide, spread across 127 countries. However, a significant concentration about 40% is located in the United States.

Connecting these terminals and data centres are cables, both terrestrial and submarine, which enable the near-instantaneous transfer of data over long distances. Notably, 99% of intercontinental digital traffic is transmitted via submarine cables. There are around 450 such cables stretching over 1.3 million kilometres, equivalent to 32 times the circumference of the Earth. These cables are laid on the ocean floor, at depths of up to 8,000 metres. Traditionally owned by private telecommunications companies such as France’s Alcatel, they are now increasingly controlled by global digital corporations like the GAFAM group (Google, Apple, Facebook, Amazon, Microsoft), as well as Netflix, Huawei, and Tata.

#b) The software layer

The software layer constitutes the second level of cyberspace infrastructure. This includes operating systems such as Windows, Linux, and MacOS, as well as the various applications that manage the transmission of digital data. These systems ensure that information travels efficiently and securely between its point of origin and its intended destination.

#c) The content layer (data)

The content layer is the third and final layer. It encompasses the actual information exchanged between users, ranging from messages and emails to media shared on social networks and other platforms. This is the layer most visible to everyday users, but it relies entirely on the smooth functioning of the underlying hardware and software.

Together, these three layers, hardware, software, and data, form the complex and vital infrastructure that sustains our digital world.

#B. The many actors of cyberspace: individual and collective, public and private, cooperative and confrontational

Cyberspace is animated by a wide range of actors who interact, collaborate, or compete within this vast and dynamic domain. These actors may be individual or collective, public or private, and their roles often overlap in complex ways.

#a) Public actors

These include nation-states, which exert only limited control over the physical infrastructures of cyberspace. Yet, as cyberspace becomes essential to a growing number of military, political, and economic activities, states are increasingly legislating to protect the flow of data. This legal intervention is aimed at defending their sovereignty, whether against rival states or cyber criminals such as hackers.

The United States currently dominates global data transfers: 80% of the world’s digital data passes through the USA, and it hosts 40% of the world’s data centres. Meanwhile, states like China aim for near-total control over their citizens' digital activities. This is achieved through censorship and digital monopolies, made possible by domestic tools, such as Baidu, which handles approximately 80% of China’s internet searches.

#b) Private actors

They play a central role in shaping cyberspace, particularly large multinational corporations. American GAFAM firms (Google, Amazon, Facebook, Apple, Microsoft) and their Chinese counterparts, the BATX (Baidu, Alibaba, Tencent, Xiaomi), are exerting increasing influence. These digital giants provide both the hardware and software infrastructure of cyberspace. For example, they own the majority of data centres and submarine cables, which are essential for global connectivity. On the software side, Google alone accounts for 90% of global internet searches.

#c) Netizens: everyday individual actors of cyberspace

Netizens, short for internet citizens, are individuals who use the internet regularly to access information, connect with others, and share content. They make up the majority of cyberspace users and play a key role in shaping online culture and communication.

Though they lack the power of states or tech giants, netizens can collectively influence politics, culture, and public opinion, as seen in movements like “#MeToo" or online protests. In some regions, especially under authoritarian regimes, netizens may face censorship or surveillance, pushing some towards digital resistance or anonymity.

Despite differences in access and experience, netizens are essential to the functioning of cyberspace. Their daily actions, such as searching, posting, reacting, drive the flow of data and give life to the digital world.

#C. Other actors in the “grey zones” of cyberspace

Beyond states, corporations, and everyday users, there are other actors, both individual and collective, who operate in the less visible areas of cyberspace, often referred to as its “grey zones”.

#a) The Deep Web

This comprises all web pages that are not indexed by standard search engines. It may be up to 400 times larger than the visible web and could account for as much as 80% of all online content. Examples include large academic or government databases, private networks, and ephemeral or low-traffic pages that do not meet indexing criteria like Google’s PageRank algorithm.

#b) The Dark Web

A smaller, hidden part of the Deep Web, the Dark Web is accessible only through specialised software (e.g. Tor). It hosts websites often linked to illicit activity, including marketplaces for illegal goods and services, usually transacted via anonymous cryptocurrencies. However, it is also a platform for ideological, political, and activist engagement.

#c) The actors of the Dark Web

These include a wide range of groups:

  • Hackers and hacktivists, who carry out cyberattacks to promote causes or disrupt systems.
  • Political dissidents and human rights activists, who use anonymity to evade censorship and fight authoritarian regimes. A well-known example is Anonymous, a decentralised collective known for targeting oppressive governments.
  • Malicious hackers, (also known as blackhats) involved in criminal activities like ransomware attacks or the leaking of private data.
  • Terrorist organisations, such as Daesh, which use encrypted platforms on the Dark Web for recruitment and coordination.

These “grey zones” reveal cyberspace as a fragmented and contested arena, where freedom, security, and control are constantly being renegotiated by competing forces.

#d) Blockchain technologies and cryptocurrencies

Blockchain, the decentralised technology underlying cryptocurrencies like Bitcoin and Ethereum, occupies an ambiguous space within cyberspace, often described as a regulatory grey zone. Initially developed to enable peer-to-peer digital transactions without intermediaries, blockchain has become central to many activities on the Dark Web, where anonymous cryptocurrencies (such as Monero) are the primary medium for anonymous transactions.

Its appeal lies in the lack of regulation, anonymity, and resilience to state control. Transactions are public yet pseudonymous, making blockchain-based payments difficult to trace to real-world identities. This has facilitated its use in illicit activities such as ransomware payments, money laundering, and unregulated markets.

However, blockchain is not inherently criminal. It also underpins legitimate innovations, such as secure digital identities, decentralised finance (DeFi), and transparent voting systems. Yet, the regulatory vacuum around its use places it within cyberspace’s grey zones, where legal frameworks struggle to keep pace with technological change, and where sovereignty and oversight are actively contested.

Thus, blockchain serves as both a tool of freedom and a potential risk, depending on how and by whom it is used, further illustrating the blurred boundaries that characterise the grey zones of cyberspace.

#D. Cyberspace as a space of conflict and contested control

Cyberspace is far from a neutral or harmonious space, it has become a zone of tension and conflict at multiple levels. As it grows in strategic, economic, and political importance, it increasingly reflects and reinforces both global power struggles and local disputes.

#a) Global and local conflict dynamics

At the global scale, cyberspace mirrors geopolitical tensions. It has become a new battleground for influence and interference. A notable example is the accusation by the United States that Russia interfered in the 2016 and 2020 presidential elections, using hackers to manipulate public opinion and spread disinformation. In a landmark case in May 2019, Israel responded to a cyberattack with a military strike on Gaza, the first known instance of a kinetic military response to a virtual attack.

At the local scale, cyberspace can generate conflicts between private actors and citizens. For example, in the north of Paris, residents have opposed the concentration of data centres, the largest in Europe, citing concerns over noise pollution and explosion risks, illustrating how digital infrastructure can trigger physical-world disputes.

#b) The ideal of freedom in cyberspace

Originally, cyberspace was envisioned as a realm of absolute freedom, independent of state control. Freedom of expression was seen as its foundational principle. This vision was famously articulated in John Perry Barlow’s “Declaration of the Independence of Cyberspace” (1996), which called for a digital space free from governmental interference.

This libertarian spirit is embodied in the Open Data movement, which promotes free access and reuse of information without copyright restrictions, supporting the idea of a global knowledge society. Hacktivist groups like Anonymous have embraced this ideal, hacking into state or corporate websites to make hidden data public. Similarly, platforms like WikiLeaks, founded by Julian Assange in 2006, exemplify this approach. In 2010, WikiLeaks published millions of documents exposing corruption, espionage, and human rights violations.

#c) The rise of control and surveillance

Despite its libertarian origins, cyberspace is now subject to increasing surveillance and control by both public and private actors. For tech giants such as Google, Meta, or Amazon, data control is a major economic asset. These companies collect, store, and trade user data for commercial gain. Users often lose control over their personal information by agreeing to vague and extensive terms of service. This practice regularly sparks public and institutional backlash. For example, the European Union has moved to ban Meta from transferring user data from Europe to the United States.

#d) State strategies for cyber-sovereignty

States increasingly treat cyberspace as part of their sovereign territory, striving to protect and control it. To safeguard this sovereignty, governments take several actions:

  • They work to secure critical infrastructure, such as the United States' plan to protect its submarine cables with sonic barriers.
  • They expand surveillance capabilities, with intelligence services monitoring cyberspace to detect threats, a key element of national cybersecurity policy.
  • In authoritarian states like China, Iran, and Russia, the aim is often total control over domestic cyberspace. These regimes implement cybercensorship, combining surveillance with restrictions on content, as part of broader efforts to control society through digital means.

#2. Cyberdefense: Between European cooperation and national sovereignty – the French case

#A. Cyberdefense as a matter of national security

#a) The strategic shift since the 2000s

Since the late 1990s and even more so in the early 2000s, the multiplication of cyberattacks targeting states, businesses, and international institutions has led to the recognition of cyberspace as a national security domain. The most technologically developed countries, due to their high level of digital interconnectivity, are also the most vulnerable.

#b) France’s national doctrine

France has prioritised a national approach to cyberdefense, despite participating in European cooperation. This was formalised in 2008 with the publication of a White Paper on Defence and National Security, updated in 2013. It placed the security of digital information systems on the same level as nuclear deterrence, highlighting the strategic importance of cyberspace.

The 2013 White Paper identified three main cyber threats:

  • Cybercrime, including fraud and ransomware;
  • Cyberespionage, targeting sensitive political, economic or scientific data;
  • Cyber sabotage, aiming to paralyse critical national infrastructure.

France has gradually developed an offensive cyber doctrine to deal with these threats.

#B. The French national cyberdefense strategy

#a) Evolution of national tools and investments

France has made significant investments in cyberdefense: In 2009, France created the National Agency for the Security of Information Systems (ANSSI, Agence nationale de la sécurité des systèmes d’information), a civilian agency tasked with protecting sensitive information systems. It operates with an annual budget of €100 million and plays a key role in national cyberdefence.

In 2014, the French government launched a €1 billion Cyber Defense Plan, marking a significant investment in developing its defensive and offensive cyber capabilities.

Between 2014 and 2019, France’s cyber capabilities were further reinforced through the Military Programming Law, which integrated cybersecurity as a key pillar of national defence planning.

In 2017, the French armed forces established the Cyber Defense Command (COMCYBER, _Commandement de la cyberdéfense _). Its first headquarters, located in Brittany, was inaugurated in 2019, marking the institutionalisation of cybercombat within France’s military doctrine.

#b) Dual approach: defensive and offensive strategies

France’s cyberdefence strategy is based on a dual approach, combining both defensive and offensive measures. On the defensive side, efforts focus on protecting data, securing networks, and analysing threats to prevent intrusions and disruptions. On the offensive side, since 2019, France has authorised “offensive cyber operations” (Lutte Informatique Offensive – LIO), allowing the military to actively respond to or neutralise cyber threats.

#c) Main actors in French cyberdefence

Several key actors contribute to France’s national cyberdefence. Law enforcement agencies, including police and gendarmerie units, are responsible for identifying and prosecuting cybercriminals.

The National Agency for the Security of Information Systems (ANSSI) plays a crucial role in protecting both public and private users. It focuses on securing critical infrastructure such as airports, nuclear power stations, and government ministries.

The military component is led by COMCYBER, the Cyber Defence Command, which coordinates all military cyber operations. COMCYBER currently consists of approximately 3,800 cyber soldiers, with plans to expand to 5,000 by 2025. It works closely with France’s intelligence services, including the DGSE and DGSI.

In addition, a cyber defense reserve has been created, composed of 4,000 civilian volunteer experts and 400 additional personnel who can be deployed to reinforce COMCYBER in the event of a major cyberattack.

#C. The nature of cyberthreats against France

#a) Foreign powers

France, like other states, faces cyber threats from foreign states. In 2021, the FBI ranked France in the top 10 most-targeted countries.

For example, Russia used hacking to destabilise democracies (e.g. cyberattacks on French hospitals and the CNED during the Covid lockdown).

#b) Cybercriminals and hacktivist groups

Political attacks include incidents like the use of Pegasus spyware in 2021, which targeted heads of state, including French President Emmanuel Macron.

Institutional attacks were widespread in 2017, with 700 cyberattacks reported against French government websites. Among these, 100 targeted the Ministry of Defense.

Economic attacks such as the WannaCry ransomware in 2017 had a global impact. It affected Renault in France, along with institutions in 150 countries, including Russia’s interior ministry and the U.S. NSA.

#D. France and international cooperation in cyberdefence

#a) Challenges of global cooperation

International law remains limited. The UN only allows retaliation if the cyberattack occurs during a conventional armed conflict.

Identifying cyberattackers is difficult. Proving links between attackers and states is even harder. In the 2016 US elections, 12 million tweets were traced to Russia. However, no direct link to Donald Trump could be proven.

Access to key evidence is often restricted. Social media companies hold vital data but may refuse to cooperate with governments.

Some countries resist global governance of cyberspace. Russia and China oppose international regulation, while many states lack the means to respond to cyberattacks independently.

#b) Multilateral initiatives

In 2018, France launched the Paris Call for Trust and Security in Cyberspace. It was signed by 81 states (excluding China and Russia), 700 companies (including GAFAM), and 400 civil society organisations.

NATO adopted a cyber defence strategy in 2008. It supports member training and coordinates defence in case of cyber incidents.

#E. Regional cooperation within the European Union

The EU faces growing cyber threats. In 2019, subcontractors of Airbus were targeted in a cyberattack linked to industrial espionage, showing that even key European industries are vulnerable.

To respond, the EU has launched several initiatives. In 2004, it created ENISA, the European Agency for Cybersecurity. ENISA supports member states in developing national strategies and enforcing cybersecurity standards through certifications and shared expertise.

In 2019, the EU established CyCLONe (Cyber Crisis Liaison Organisation Network) to coordinate national responses to large-scale cyberattacks. The EU also conducts annual cyberattack simulations to improve readiness across the continent.

However, cooperation remains limited. EU cyberdefense is still fragmented, as most countries prefer to retain national control over cybersecurity. Furthermore, budget commitments and technical capabilities vary significantly between member states, which weakens the EU’s collective response to cyber threats.