International Co-Operation: Challenges & Potential For Engaging In Cyberspace

Opinion By Jamie Collier

Until now, the majority of international state discussions, and subsequent academic attention, has focused on promoting or developing norms. This may include, for example, states agreeing to work together to build cyber security capacity or refrain from conducting economic espionage on one another. Although a worthy endeavor, the focus on cultivating new norms has left the understanding of existing norms neglected.

Toni Erskine and Madeline Carr recently published a paper titled Beyond ‘Quasi-Norms’: The Challenges and Potential of Engaging with Norms in Cyberspace. The paper offers a refreshing perspective.

Norms, as studied in international relations scholarship, are principles that embody established codes of what actors should do in given circumstances. For cyber security, their importance should not be underestimated. Consider for example cyber security strategy.

The US and China have radically different cyber strategies: both states differ markedly in in how they use offensive cyber weapons or regard the acceptability of economic espionage. Crucially, these differences cannot be explained by material factors alone (such as access to resources, wealth, capability, etc.).

At least to some degree, differences in cyber security strategy can be explained by moral decisions. Some states wholly disagree with the concept of economic espionage due to their belief in a competitive and fair marketplace for example. Therefore, appreciating what norms are and how they affect cyber security strategy and policy is crucial for future progress.

Cyber security is still a nascent topic for policymakers and strategists. Does this mean that existing cyber norms have emerged in only the last few years? Well perhaps yes and no. In some regards, cyber norms are something new. New technologies such as the Internet of Things or botnets (i.e. a herd of captured computers) are hard to compare to technologies that have existed in the past. Logically therefore, cyber norms are at least somewhat new.

Yet, cyber norms also have a historical element. It is highly likely that pre-existing norms outside of cyber security are also influential in the formation of cyber norms. For example, the Russian government has historically worked with organised crime groups.  This strategy has long been regarded as morally acceptable, or at least permissible. Such a view has transferred into the cyber domain: the Kremlin frequently works alongside hacker groups and organised crime cells that possess sophisticated technical capabilities.

The study of norms in cyber security is likely to be particularly interesting over the next few years given that cyber norms are headed for turbulent times. Policymakers are still waking up to the challenge of cyber security; even existing norms are likely to continue to develop and change as states mature at the strategic level.

Within international relations and security studies, cyber security will continue to establish itself as a topic worthy of academic analysis.  A number of exciting research agendas have begun to emerge. Out of all of them, perhaps further study of existing cyber norms will prove most fruitful.

Jamie Collier is completing a Doctrate in Cyber Security at The University of Oxford.

Jamie Collier

« Syrian Government Hacked
Think You Know Your Customers? Try Authenticating Them »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Guardea Cyberdefense

Guardea Cyberdefense

Guardea Cyberdefense is an IT services company specializing in the management of security projects, with a pool of skills selected from a network of specialized partners.

National Cyber Security Authority (NCA) - Saudi Arabia

National Cyber Security Authority (NCA) - Saudi Arabia

The NCA is the government entity in charge of cybersecurity in Saudi Arabia and serves as the national authority on its affairs.

Johnson Controls International

Johnson Controls International

Johnson Controls is a global diversified technology company with a focus on smart cities, energy, infrastructure and transportation including the security of automation and control systems.

Fyde

Fyde

Fyde helps companies with an increasingly distributed workforce mitigate breach risk by enabling secure access to critical enterprise resources.

SOCOTEC Certification International

SOCOTEC Certification International

SOCOTEC Certification International has been providing management systems assessment and accredited ISO certification services to organisations around the world since 1995.

American Cybersecurity Institute

American Cybersecurity Institute

American cybersecurity Institute is a newly formed not-for-profit organization dedicated to education, advocacy, study and analysis in the space of cybersecurity law and policy.

360° Online Brand Protection

360° Online Brand Protection

360° Online Brand Protection have developed a response to monitor counterfeiting and piracy activity at the online point of sale.

Sevatec

Sevatec

Sevatec’s Active Cyber Defense (ACD) methodology proactively defends against adversarial kills chain, addressing active and emerging threats while reducing program vulnerabilities and risks.

NINJIO

NINJIO

NINJIO is a leader in cybersecurity awareness training. View IT Security Awareness through a different lens - entertain and educate your users through storytelling.

Cutting Edge Technologies (CE Tech)

Cutting Edge Technologies (CE Tech)

CE Tech is a Next Generation Technology Partner providing advanced technology infrastructure solutions through partnerships with leading technology providers.

Activu

Activu

Activu makes any information visible, collaborative, and proactive for people tasked with monitoring critical operations including network security.

Numen Cyber Technology

Numen Cyber Technology

Numen Cyber Technology is committed to becoming a Threat Discovery and Response expert for corporate customers.

TAFEcyber

TAFEcyber

TAFEcyber is an Australian based consortium focusing on the skilling of the fast-growing cyber security workforce through education and training.

HashiCorp

HashiCorp

At HashiCorp, we believe infrastructure enables innovation, and we are helping organizations to operate that infrastructure in the cloud.

CyberMontana

CyberMontana

CyberMontana is a statewide initiative providing cybersecurity awareness, training, and workforce development for businesses and residents of Montana.

Resemble AI

Resemble AI

Resemble AI is an innovator in Generative Voice AI technology and tools to combat AI fraud including audio watermarking and deepfake detection.