International Co-Operation: Challenges & Potential For Engaging In Cyberspace

Opinion By Jamie Collier

Until now, the majority of international state discussions, and subsequent academic attention, has focused on promoting or developing norms. This may include, for example, states agreeing to work together to build cyber security capacity or refrain from conducting economic espionage on one another. Although a worthy endeavor, the focus on cultivating new norms has left the understanding of existing norms neglected.

Toni Erskine and Madeline Carr recently published a paper titled Beyond ‘Quasi-Norms’: The Challenges and Potential of Engaging with Norms in Cyberspace. The paper offers a refreshing perspective.

Norms, as studied in international relations scholarship, are principles that embody established codes of what actors should do in given circumstances. For cyber security, their importance should not be underestimated. Consider for example cyber security strategy.

The US and China have radically different cyber strategies: both states differ markedly in in how they use offensive cyber weapons or regard the acceptability of economic espionage. Crucially, these differences cannot be explained by material factors alone (such as access to resources, wealth, capability, etc.).

At least to some degree, differences in cyber security strategy can be explained by moral decisions. Some states wholly disagree with the concept of economic espionage due to their belief in a competitive and fair marketplace for example. Therefore, appreciating what norms are and how they affect cyber security strategy and policy is crucial for future progress.

Cyber security is still a nascent topic for policymakers and strategists. Does this mean that existing cyber norms have emerged in only the last few years? Well perhaps yes and no. In some regards, cyber norms are something new. New technologies such as the Internet of Things or botnets (i.e. a herd of captured computers) are hard to compare to technologies that have existed in the past. Logically therefore, cyber norms are at least somewhat new.

Yet, cyber norms also have a historical element. It is highly likely that pre-existing norms outside of cyber security are also influential in the formation of cyber norms. For example, the Russian government has historically worked with organised crime groups.  This strategy has long been regarded as morally acceptable, or at least permissible. Such a view has transferred into the cyber domain: the Kremlin frequently works alongside hacker groups and organised crime cells that possess sophisticated technical capabilities.

The study of norms in cyber security is likely to be particularly interesting over the next few years given that cyber norms are headed for turbulent times. Policymakers are still waking up to the challenge of cyber security; even existing norms are likely to continue to develop and change as states mature at the strategic level.

Within international relations and security studies, cyber security will continue to establish itself as a topic worthy of academic analysis.  A number of exciting research agendas have begun to emerge. Out of all of them, perhaps further study of existing cyber norms will prove most fruitful.

Jamie Collier is completing a Doctrate in Cyber Security at The University of Oxford.

Jamie Collier

« Syrian Government Hacked
Think You Know Your Customers? Try Authenticating Them »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

SecuriThings

SecuriThings

SecuriThings is a User and Entity Behavioral Analytics (UEBA) solution for IoT security.

Fluency Security

Fluency Security

Fluency is the only Security Analytics & Orchestration (SAO) solution that automates correlation, detection, validation and ongoing tracking.

Dubai Electronic Security Center (DESC)

Dubai Electronic Security Center (DESC)

Dubai Electronic Security Center (DESC) was founded to develop and implement information security practices in Dubai.

Bowbridge

Bowbridge

Bowbridge provides anti-virus and application security solutions for SAP systems.

Quadron  Cybersecurity Services

Quadron Cybersecurity Services

Quadron Cybersecurity Services is a specialist in digital security, data and system protection.

Puleng Technologies

Puleng Technologies

Puleng provides customers with a client-centric strategy to manage and secure the two most valuable assets an organisation has - its Data and Users.

42Gears

42Gears

42Gears is a leading Unified Endpoint Management provider. Secure, monitor and manage tablets, phones, desktops and wearables.

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71)

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71)

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71) is Singapore's first cybersecurity entrepreneur hub.

BrandShield

BrandShield

BrandShield is an anti-counterfeiting, anti-phishing and online brand protection solution.

PurpleSynapz

PurpleSynapz

PurpleSynapz provides hyper-realistic Cyber Security Training with a modern curriculum and Cyber Range.

CWSI

CWSI

CWSI provide a full suite of enterprise mobility, security and productivity solutions to many of Ireland and the UK’s most respected organisations across a wide range of industry and public sectors.

Anonomatic

Anonomatic

Anonomatic’s mission is to make data privacy secure, simple and cost effective. We are Data and Privacy Experts who are passionate about helping organizations solve PII compliance.

Imprivata

Imprivata

Imprivata is the digital identity company for life- and mission-critical industries, redefining how organizations solve complex workflow, security, and compliance challenges.

Aquia

Aquia

Aquia are on a mission to enable innovation and drive transformative change to solve the world’s most pressing and complex cybersecurity challenges.

Telarus

Telarus

Telarus is a Technology Services Brokerage that holds contracts with the world's leading cloud voice, contact center, cybersecurity, mobility and IoT providers.

Eclypses

Eclypses

Eclypses has a disrupting cyber technology, offering organizations an advanced data security solution called MicroToken Exchange (MTE).