Recent cyber security related discussions in international forums indicate ‘cyber norms’ or cyber ‘norms of behaviour’ as the most suitable vehicles for guiding states’ behaviour in cyberspace. However, despite being frequently addressed by policy-makers, academia, non-profit organisations and the private sector, it is often unclear what is meant by the very concept of a ‘norm’. Indeed, a closer look at different actors and venues reveals that various platforms promote different types of norms – for instance, of a legal, political, technical or moral nature – but it is often not evident (sometimes, it seems, even to the discussing parties) which types of norms are the focus of the debate. Inevitably, this lack of a common conceptualisation of a ‘cyber norm’ results in difficulties in reaching a consensus within the accompanying policy discourse.
The book International Cyber Norms: Legal, Policy & Industry Perspectives is a result of a series of workshops organised by the NATO CCD COE during 2014-2015. The aim of this collection of articles is to shed light on the different approaches to ‘cyber norms’ in various research domains. The articles outline how different disciplines define, prioritise and promote norms, and suggest approaches for developing cyber norms.
The book’s editors – Anna-Maria Osula and Henry Rõigas – introduce in Chapter 1 the principle challenges in reaching a common understanding on ‘cyber norms’ and present an overview of the progress made in the many international platforms for cyber norm development. After the introduction, the book is divided into three sections that analyse legal, policy and industry perspectives to international cyber norms.
Articles in the first section of the book are devoted to understanding the role of legal norms. In chapter 2, Prof Michael N. Schmitt and Liis Vihul provide a comprehensive overview of the nature of the existing legal norms regulating state behaviour as they discuss treaty law, customary law, and the general principles of law in the cyber context. In chapter 3, Prof Sean Watts provides a more specific analysis on cyber law development by focusing on the Law of War Manual released by the US Department of Defense. The last article on legal norms, chapter 4, focuses on the legality of cyber espionage as Dr Russell Buchan presents his thought-provoking approach to the issue.
The second section of the book primarily takes a look the ‘politically binding’ cyber norms. In chapter 5, Prof Toni Erskine and Dr Madeline Carr introduce the topic as they discuss the nature of cyber norms from the theoretical perspective of political science and international relations. Moving from theory to practice, Marina Kaljurand shares her thoughts on the United Nations Group of Governmental Experts process by focusing on the Estonian experience and views within the Group. Chapter 7, by Dr Patryk Pawlak, discusses the nature of Confidence-Building Measures as one of the most prominent tools in contemporary cyber diplomacy. Next, Prof Paul Meyer takes a look at the subject from a comparative perspective as he discusses the differences and similarities between the international security policy of outer space and cyberspace in chapter 8. The policy section of the book concludes with Dr Greg Austin’s chapter 9, where he provides a comprehensive look at the evolution of China’s motivations with regard to international cyber norm development.
The third section of the book illustrates how the private sector views cyber norms and how their input diversifies wider international discussions. In chapter 10, Symantec’s Ilias Chantzos with Shireen Alam discuss how they see cyber norms as part of a broader norm-based strategy, strongly advocating for the principle of technological integrity, and explaining the role of industry in the cyber norm creation process. Intel’s Dr Claire Vishik, Mihoko Matsubara and Audrey Plonk advocate in chapter 11 for the need for a common ontology that would support the discussions on cyber norms which are viewed only as one part of the equation. In Appendix 1 we have provided the readers with an excerpt of Microsoft’s 2014 proposal for international cyber security norms.