The video “Cyber Norms Revisited: International Cybersecurity and the Way Forward” provides a 90 minute introduction and historical background to the international cyber norms discussion. Based on an event taking place in February 2017, the video features Michele Markoff from the U.S. Department of State, one of the main architects of the international efforts to promote stability in and through cyberspace, Paul Nicholas, who leads Microsoft’s Global Security Strategy and Diplomacy Team, Martha Finnemore and Duncan Hollis, two leading academics on norms, and Carnegie’s Tim Maurer.
The video starts with an overview of the early days of this international debate, dating back to the late 1990s when the Russian Federation introduced a resolution in the UN General Assembly First Committee focusing on the use of Information and Communications Technologies (ICTs) in the context of international peace and security. Initially framed as an arms control effort, UN member states spent several years discussing the scope of the issue starting with differing definitions of information security and cybersecurity. The shift away from an arms control framework toward establishing a norms-based approach focusing on actors’ behavior took nearly a decade.
The year 2007 marked a turning point when the Distributed Denial of Service (DDoS) attacks against Estonia made front page news. The Estonian attacks were one of the first important, public displays of the weaponization of information technology on a large scale. What became clear in 2007 was that there is a need for a strategic framework that would manage the use of these new capabilities that introduced unique and different effects than previous conventional weapons. These “cyberweapons” were not dual-use like some Cold War-era military technology—they were multi-use. Any computer could, in theory, be “weaponized.” A state would not be able to limit the technology without disrupting its inherent economic, social, and political benefits. How then would the international community manage the behavior of states?
The 2009/2010 UN Group of Governmental Experts laid the foundation for the initial progress in this area during the past decade at the United Nations and through the G20. The process at the global level has since been complemented by confidence- and capacity-building efforts through regional organizations, namely the OSCE. These actions are designed to allow states to communicate about challenges and incidents in real time, a strategy that would help them manage the effects of ICTs and to reduce escalatory risks.
The remainder of the video focuses on the major achievements during the past decade in greater detail and discusses latest developments. These include the 2013 and 2015 reports of the UN groups of governmental experts, the 2015 G20 communique, and other relevant processes and agreements such as the September 2015 Xi-Obama agreement.
The year 2017 will see several milestones, starting with the launch of the Global Commission on Cyber Stability and the release of Tallinn Manual 2.0. The latter provides further insight for how existing international law could be applied below the threshold of use of force and armed attack. A new UN group of governmental experts is expected to produce a report by the summer and India will be hosting the next Global Conference on Cyberspace in November 2017.
Michele Markoff is the deputy coordinator for cyber issues in the Office of the Coordinator for Cyber Affairs at the U.S. Department of State.
Paul Nicholas is senior director of trustworthy computing at Microsoft, leading the Global Security Strategy and Diplomacy Team.
Martha Finnemore is a professor of political science and international affairs at George Washington University and nonresident scholar at the Carnegie Endowment for International Peace.
Duncan Hollis is the associate dean for academic affairs and James E. Beasley professor of law at Temple Law School, and a nonresident scholar at the Carnegie Endowment for International Peace.
Tim Maurer is a fellow at the Carnegie Endowment for International Peace and co-directs its Cyber Policy Initiative.