Cybersecurity has risen to a top-level issue with a growing number of international accords focusing on rules of the road for cyberspace. Carnegie’s Cyber Norms Index tracks and compares the most important milestones in the negotiation and development of norms for state behavior in and through cyberspace. Featured in the 2018 Munich Security Conference report, it provides insight for policymakers and analysts in assessing cyber norms proposals, their evolution, and endorsements among the international community. Given the collapse of the 2016-2017 United Nations Governmental Group of Experts and the rise of two parallel cyber norms processes at the UN in 2018, the Cyber Norms Index currently only covers developments from 2007 to 2017. [For further explanation, see here and here.]
The Cyber Norms Index is a comparison of existing international expressions of standards of appropriate behavior in cyberspace. This search tool enables the user to compare specific language in multilateral outcome documents either by category or keyword. The ‘International Law and Norms’ category includes language discussing international law as well as the aspirational norms that the international community has been developing. ‘Confidence and Capacity Building’ covers both language specific to the confidence- and transparency-building efforts as well as the statements focusing on cybersecurity capacity-building. In addition, the category ‘Threat Perception’ is dedicated to how the various documents describe the perceived threat and ‘Process’ covers how they crossreference other ongoing processes or outline future processes.
The interactive Cyber Norms Index tool is based on documents released by governments since 2007. It compares existing language relating to international cybersecurity norms in multilateral outcome documents. It also lists (but does not compare) relevant bilateral meeting outcome documents. The year 2007 was chosen as the cut-off because it presents a turning point in the international discussions about cybersecurity as described here. This Cyber Norms Index therefore covers relevant documents published during the past decade. The documents were selected based on a qualitative analysis of their relevance according to experts in various countries and the related literature.
The most important document reflecting the international community’s views to date is the 2015 UNGGE report developed by governmental experts representing twenty states including the permanent five of the UN Security Council. The underlying database and structure of this tool was therefore designed to emulate the structure of the 2015 UNGGE report first, followed by elements from other relevant texts. Building on the structure of the 2015 UNGGE report, we developed a database for the text comparisons. The initial set of categories therefore reflects the outline and content of the 2015 UNGGE report. Additional categories were added subsequently to incorporate content included in other documents but not reflected in the UNGGE report. The final list of categories was the result of an iterative process revising the initial outline based on the results of comparing text elements.
The underlying database is divided into several categories. The first category captures which institutions and documents cross-reference other regional and global processes in their respective outcome documents. This is a proxy for identifying and assessing the importance of the various nodes of this emerging regime complex. The second category focuses on the framing of the various documents, particularly regarding threat perceptions relating to ICTs. The third category compares the accords based on their references to various principles of international law, norms of behavior, confidence-building measures, and capacity-building efforts. Finally, a category is dedicated to future processes outlining what steps were agreed to be taken in the future.
Every text element from the selected accords was coded based on its primary subject matter as it relates to the structure of the 2015 UNGGE report. To reduce complexity, we decided to code every text element only once and to assign it to a single category. The coding was therefore based on a qualitative assessment. The database is a living document and will be revised based on future feedback and developments. Please share any feedback you might have with us here.
When citing this resource, please use the following format:
“Document,” Cyber Norms Index, Carnegie Endowment for International Peace, access date, URL.
“G7 Declaration on Responsible States Behavior in Cyberspace,” Cyber Norms Index, Carnegie Endowment for International Peace, accessed November 6, 2017, http://carnegieendowment.org/publications/interactive/cybernorms.