The Cyber Policy Initiative focuses primarily on contributing to international cybersecurity norms. It builds on related work by the G20 and the UN, by identifying a few categories of malicious cyber activities that could be exceptionally threatening to the functioning of cyberspace and the broader international system. We engage with governments and commercial actors to shape and promote feasible norms to restrain states from undertaking such activities.
This website provides:
- An introduction and overview of this international discussion. The video “Cyber Norms Revisited: International Cybersecurity and the Way Forward” provides a 90 minute summary and historical background to this policy area. Based on an event taking place in February 2017, the video features Michele Markoff from the U.S. Department of State, one of the main architects of the international efforts to promote stability in and through cyberspace, Paul Nicholas, who leads Microsoft’s Global Security Strategy and Diplomacy Team, Martha Finnemore and Duncan Hollis, two leading academics on norms, and Carnegie’s Tim Maurer.
- A short five-pager primer by Martha Finnemore on the concept of norms in International Relations theory in the specific context of the international cybersecurity debate. This brief describes what is (and what is not) a norm through the academic lens, where they come from and how they spread, and how they relate to other policy instruments.
- A list of our publications relating to the international cybersecurity norms discussion, namely regular analyses published by Jane’s Intelligence Review of the process driven by the UN Group of Governmental Experts as well as negotiations through the G20. This also includes major research reports focusing on specific issues, such as proxy actors, or outlining specific proposals, such as the white paper “Toward a Global Norm Against Manipulating the Integrity of Financial Data.”
- Carnegie’s Cyber Norms Index. This web-based index provides an easy tool for tracking and comparing the specific language that states have proposed or agreed to in multilateral outcome documents dating back to 2007. These international expressions of standards of appropriate behavior in cyberspace are coded by both topic and keywords.