Cybersecurity has become a head of state level issue with a growing number of international agreements focusing on rules of the road for cyberspace. The Cyber Norms Index tracks and compares the most important milestones in the negotiation and development of norms for state behavior in and through cyberspace. It provides insight for assessing which proposals have been advanced where, their evolution, and who has endorsed them among the broader international community
The Cyber Norms Index is a comparison of existing international expressions of standards of appropriate behavior in cyberspace. This search tool enables the user to compare specific language in multilateral outcome documents either by category or keyword. The ‘International Law and Norms’ category includes language discussing international law as well as the aspirational norms that the international community has been developing. ‘Confidence and Capacity Building’ covers both language specific to the confidence- and transparency-building efforts as well as the statements focusing on cybersecurity capacity-building. In addition, the category ‘Threat Perception’ is dedicated to how the various documents describe the perceived threat and ‘Process’ covers how they crossreference other ongoing processes or outline future processes.
The interactive Cyber Norms Index tool is based on documents released by governments since 2007. It compares existing language relating to international cybersecurity norms in multilateral outcome documents. It also lists (but does not compare) relevant bilateral meeting outcome documents. The year 2007 was chosen as the cut-off because it presents a turning point in the international discussions about cybersecurity as described here. This Cyber Norms Index therefore covers relevant documents published during the past decade. The documents were selected based on a qualitative analysis of their relevance according to experts in various countries and the related literature.
The most important document reflecting the international community’s views to date is the 2015 UNGGE report developed by governmental experts representing twenty states including the permanent five of the UN Security Council. The underlying database and structure of this tool was therefore designed to emulate the structure of the 2015 UNGGE report first, followed by elements from other relevant texts. Building on the structure of the 2015 UNGGE report, we developed a database for the text comparisons. The initial set of categories therefore reflects the outline and content of the 2015 UNGGE report. Additional categories were added subsequently to incorporate content included in other documents but not reflected in the UNGGE report. The final list of categories was the result of an iterative process revising the initial outline based on the results of comparing text elements.
The underlying database is divided into several categories. The first category captures which institutions and documents cross-reference other regional and global processes in their respective outcome documents. This is a proxy for identifying and assessing the importance of the various nodes of this emerging regime complex. The second category focuses on the framing of the various documents, particularly regarding threat perceptions relating to ICTs. The third category compares the agreements according to their references to various principles of international law, norms of behavior, confidence-building measures, and capacity-building efforts. Finally, a category is dedicated to future processes outlining what steps were agreed to be taken in the future.
Every text element from the selected agreements was coded according to its primary subject matter as it relates to the structure of the 2015 UNGGE report. To reduce complexity, we decided to code every text element only once and to assign it to a single category. The coding was therefore based on a qualitative assessment. The database is a living document and will be revised based on future feedback and developments. Please share any feedback you might have with us here.