International Co-Operation: Challenges & Potential For Engaging In Cyberspace
Opinion By Jamie Collier
Until now, the majority of international state discussions, and subsequent academic attention, has focused on promoting or developing norms. This may include, for example, states agreeing to work together to build cyber security capacity or refrain from conducting economic espionage on one another. Although a worthy endeavor, the focus on cultivating new norms has left the understanding of existing norms neglected.
Toni Erskine and Madeline Carr recently published a paper titled Beyond ‘Quasi-Norms’: The Challenges and Potential of Engaging with Norms in Cyberspace. The paper offers a refreshing perspective.
Norms, as studied in international relations scholarship, are principles that embody established codes of what actors should do in given circumstances. For cyber security, their importance should not be underestimated. Consider for example cyber security strategy.
The US and China have radically different cyber strategies: both states differ markedly in in how they use offensive cyber weapons or regard the acceptability of economic espionage. Crucially, these differences cannot be explained by material factors alone (such as access to resources, wealth, capability, etc.).
At least to some degree, differences in cyber security strategy can be explained by moral decisions. Some states wholly disagree with the concept of economic espionage due to their belief in a competitive and fair marketplace for example. Therefore, appreciating what norms are and how they affect cyber security strategy and policy is crucial for future progress.
Cyber security is still a nascent topic for policymakers and strategists. Does this mean that existing cyber norms have emerged in only the last few years? Well perhaps yes and no. In some regards, cyber norms are something new. New technologies such as the Internet of Things or botnets (i.e. a herd of captured computers) are hard to compare to technologies that have existed in the past. Logically therefore, cyber norms are at least somewhat new.
Yet, cyber norms also have a historical element. It is highly likely that pre-existing norms outside of cyber security are also influential in the formation of cyber norms. For example, the Russian government has historically worked with organised crime groups. This strategy has long been regarded as morally acceptable, or at least permissible. Such a view has transferred into the cyber domain: the Kremlin frequently works alongside hacker groups and organised crime cells that possess sophisticated technical capabilities.
The study of norms in cyber security is likely to be particularly interesting over the next few years given that cyber norms are headed for turbulent times. Policymakers are still waking up to the challenge of cyber security; even existing norms are likely to continue to develop and change as states mature at the strategic level.
Within international relations and security studies, cyber security will continue to establish itself as a topic worthy of academic analysis. A number of exciting research agendas have begun to emerge. Out of all of them, perhaps further study of existing cyber norms will prove most fruitful.
Jamie Collier is completing a Doctrate in Cyber Security at The University of Oxford.