Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Understanding Cyber Norms: A Friendly Guide
As we move through the digital world, we see how vital cyber norms are. These rules help keep our online space safe and secure. But what are these norms, and why are they important?
In 2021, a big step was made when all UN member states agreed on how countries should act online1. This agreement came from the Open-Ended Working Group (OEWG). It’s now a rule for all countries1. This is a big step towards making the internet safer on a global level1.
But, agreeing on rules isn’t enough to make sure they’re followed or keep the internet stable1. Now, we’re talking about how to make sure countries stick to these rules and what to do if they don’t1. It’s key to know why cyber norms matter, how they change, and the hurdles in keeping them strong.
Table of Contents
hide
Key Takeaways
- Cyber norms are the unwritten rules and guidelines that govern behavior in the digital realm.
- In 2021, all UN member states agreed on a politically binding framework for responsible state behavior in cyberspace.
- Agreeing on norms is not enough – building accountability and addressing violations are crucial for their effectiveness.
- Cyber norms serve to maintain a stable cybersecurity ecosystem, deter bad actors, and define acceptable online behavior.
- Implementing cyber norms faces challenges, requiring more than just disseminating guidelines.
The Importance of Cyber Norms
Cyber norms are key to keeping the internet safe and stable2. With more people and businesses online, cyber threats have grown. This includes states using the internet for spying and causing trouble2. But, there’s no global rule to stop these actions, which could lead to more problems2.
Maintaining a Stable Cyberspace Ecosystem
Cyber norms help keep the internet safe and stable2. This is crucial in the digital world where we’re still learning how to live together2. They set rules for what’s okay and what’s not, stopping bad guys and encouraging good online behavior2.
Deterring Bad Actors and Defining Acceptable Behavior
Cyber norms are a way to stop bad actions online, along with threats and laws2. They make it clear what’s right and wrong online, keeping the internet safer2.
As the internet changes, we need strong cyber norms more than ever2. They’re crucial for a safe internet, stopping troublemakers, and setting online rules2.
| Key Cyber Norms Initiatives | Timeline |
|---|---|
| The UN General Assembly established the OEWG to develop norms for responsible cyber behavior | 32015 |
| The OEWG reaffirmed 11 voluntary and non-binding UN cyber norms that were first agreed upon in 2015 | 32021 |
International efforts focus on creating cyber norms to keep the internet safe and secure3. As the internet changes, we need strong cyber norms more than ever2.
“Cyber norms can play a vital role in maintaining a stable cyberspace ecosystem, deterring bad actors, and defining acceptable behavior in the digital realm.”
What are Cyber Norms?
In today’s digital world, cyber norms are key for keeping the internet safe and stable. They are rules that people agree to follow online. These rules tell us what’s okay and what’s not in the digital world. They help guide governments, businesses, and people on how to behave online.
Definition and Characteristics of Norms
Norms are what we expect from each other in certain situations4. In cybersecurity, cyber norms are like a set of rules for being responsible online. They are made together by different groups of people who share their knowledge and ideas.
The Lifecycle of Cyber Norms
The creation and use of cyber norms go through three main stages: Norm Emergence, Norm Cascade, and Norm Internalization2. First, a new norm starts to be noticed and followed by important people.
Then, it spreads more and becomes a global standard. Finally, it becomes so common that we hardly even think about it, making it a basic part of how we act online.
Many things can affect how cyber norms develop and spread. Things like powerful people supporting them, how they fit with what people already do online, and how they match other digital rules2.
As the internet keeps changing, having strong and flexible cyber norms is key to keeping the internet safe and trustworthy.
Existing Norms and Their Applicability
The United Nations has been key in looking at how current laws apply to the internet. In 2010, the UN set up a Group of Governmental Experts (GGE) to explore this issue5.
By 2013, the GGE found a broad agreement that current laws and norms apply online5. But, not everyone agrees, with some countries like Russia wanting new laws just for the internet.
The UN Group of Governmental Experts (GGE)
The UN GGE has been crucial in shaping global views on internet rules. Past efforts have helped define key internet norms and how international laws apply online5.
This led to more talks and the creation of new internet policies. Yet, the 2016 GGE talks ended without agreement, showing deep disagreements among countries6.
Despite this, the GGE has kept the global debate on internet rules alive. Experts say there’s a need to keep improving these rules as threats online grow. Events like Stuxnet and Russian interference in elections show the risks5.
Groups like Microsoft and Siemens have started their own efforts to set internet rules. They aim to bring together governments, companies, and civil groups5. These efforts aim to push the discussion forward and make the internet safer.
As internet rules change, we need a more inclusive way to make them7. The UN talks often focus on a few big countries, leaving out many voices7. To keep the internet safe and stable, we must work together and listen to everyone’s ideas.
The Need for New Cyber-Specific Norms
Western governments think current laws work well in cyberspace. But, Russia, China, and other SCO members want a new set of international laws for the internet. They believe the UN should lead in creating these laws8. This shows we need new rules for the internet to tackle its special problems8.
Finding agreement on how to govern the internet is hard for the world8.
Divergent Views: Russia, China, and the West
Russia, China, and the West have different ideas on how to manage the internet8. The West thinks old laws can cover the internet. But Russia and China want a new, UN-led legal system just for the web8. This shows we need to agree on what’s okay and what’s not online.
In 2023, the German Council on Foreign Relations suggested not attacking certain key systems online8. They also talked about a global cyber treaty to protect important systems from cyber threats. This would help make the internet safer for everyone8.
As the internet keeps changing, we must work together to make clear rules for the web8910.
Initiatives to Develop Cyber Norms
The world is facing big challenges with cyber governance. Two big efforts are helping to make and set cyber norms – the Tallinn Manual and the Budapest Convention on Cybercrime11.
The Tallinn Manual on International Law and Cyber Warfare
In 2013, experts in international law at NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) released the Tallinn Manual. It’s a study on how international law applies to cyber conflicts and warfare11. The goal was to bring traditional international law to the online world of cyberspace11.
The Budapest Convention on Cybercrime
The Council of Europe’s 2001 Convention on Cybercrime, or the Budapest Convention, created a legal framework for fighting cybercrime11. It has over 50 countries signed and works to make laws the same, improve how crimes are solved, and help countries work together against cybercrime12.
These efforts show we need clear cyber norms, cybersecurity standards, and cyber diplomacy for a safe online world11. They aim to make rules for fighting cybercrime and set a standard for how countries should act online12.
“The Department of State’s International Cyberspace and Digital Policy Strategy prioritizes cyber, digital, and emerging technology issues in line with modernizing diplomacy efforts.”11
| Tallinn Manual | Budapest Convention |
|---|---|
| An academic, non-binding study on applying international law to cyber conflicts. | A comprehensive legal framework for addressing cybercrime, with over 50 signatories. |
| Aimed to translate and apply traditional principles of international law to cyberspace. | Seeks to harmonize national laws, improve investigative techniques, and foster international cooperation against cybercrime. |
These efforts show how important cyber norms, internet governance, and cybercrime prevention are for a safe and stable online world1112.
Regional and Issue-Specific Approaches
In the world of cyber governance, regional and issue-specific methods are key. The ASEAN Regional Forum (ARF) is a key place for talks on cyber diplomacy and cybersecurity in the region13.
The ARF lets countries talk about the Shanghai Cooperation Organization’s (SCO) code of conduct with more countries. This makes the discussion on cyber norms more open. The forum also helps in building trust and stability in cyberspace through region-specific steps13.
Regional efforts tackle the unique challenges faced by different areas. By focusing on trust and understanding, these methods can lead to better and lasting cyber norms. These norms fit with different cultures and political views14.
Creating cyber norms is a long-term task that needs ongoing work and teamwork. Regional and specific approaches, like the ASEAN Regional Forum, are key. They help build trust, find common goals, and make cyberspace safer for everyone14.
Confidence-Building Measures in Cyberspace
Confidence-building measures (CBMs) are vital for regional cyber norms. They work to make things clear, reduce confusion, and build trust among those involved. This helps make cyberspace more stable and secure13.
- Improving how countries share information and communicate to boost awareness and early warnings.
- Creating joint plans for dealing with cyber incidents.
- Starting regular talks between military and civilian groups to better understand each other and lower the chance of things getting worse.
- Using voluntary reports and alerts to make cyberspace more open and predictable.
By using these and other CBMs, regional groups and specific forums can help create a common view of right behavior in cyberspace. This strengthens the base for stronger and more widely accepted cyber norms13.
Cyber Norms
The digital world is always changing, making it key to include cyber norms in our cybersecurity plans15. These norms set the rules for online behavior. They help create a safer and more responsible digital space. Here, everyone knows their rights and duties.
The United Nations Cyber Norms were made by the Office for Disarmament Affairs16. They have principles to reduce conflict and keep the digital world stable.
These cover respecting human rights, protecting important infrastructure, and working together to fight cyber threats. By following these norms, countries show they care about using technology wisely and ethically.
Working together is key to making cyber norms work15. Governments, businesses, civil groups, and schools need to talk and work together. This helps everyone understand the digital world’s challenges and chances. It leads to stronger and more effective cybersecurity plans.
Adding cyber norms to cybersecurity plans makes us stronger against cyber threats16. It encourages us to share info on vulnerabilities and protect our supply chains. By doing this, companies show they care about online safety and using technology responsibly. This makes the digital world safer and more trustworthy for everyone.
As we face the digital age’s challenges, cyber norms are more important than ever15. By following these global principles, countries and groups can make the internet safer and more stable. This helps everyone, from individuals to businesses, making our digital lives better.
Challenges in Enforcing Cyber Norms
Enforcing cyber norms is tough, especially in making countries accountable and punishing those who break the rules. Even though many agree on the importance of cyber norms, figuring out who did what online and how to punish them is hard17.
More people are talking about making sure countries act responsibly online. Experts are writing a lot about being open and responsible in the digital world17. But, it’s hard to stop bad online actions because it’s hard to know who did them and how to legally deal with them17.
The world is trying to make rules for being responsible online. The UN Group of Governmental Experts (GGE) said that international laws apply to how countries use technology. In 2015, the GGE came up with 11 rules for countries to follow online, and all UN countries agreed to them17.
But, making these rules work is hard. It’s important to make countries pay for breaking these online rules17. More countries are adding rules to their cyber plans to punish rule-breakers. But, there’s no global agreement on how to figure out who broke the rules or what punishment fits the crime17.
To get past these problems, countries need to keep talking and agree on how to act together. They need to work out who did the bad online stuff and what punishment is fair17. This way, cyber rules can be followed and the internet can stay safe17.
The Role of Collective Action
A group of nations working together is key to making sure everyone follows cyber norms18. When countries often point out when rules are broken, it works better than just one country complaining. This teamwork makes it clear that following cyber norms is expected, not just sometimes.
Coordinated Diplomatic Efforts and Sustained Engagement
Olson’s idea says small groups can work together well to achieve common goals18. But Dejean et al. found that bigger groups can do more good, but they might not always work together18. This shows why international cooperation and collective action are crucial for sticking to cyber norms.
CERT and ISACs are vital for sharing cybersecurity info18. These groups help share and analyze threat data quickly to fight back18. Open-source tools can also fight cybercriminal collaboration well18. But, sharing info can be hard because of fears about being open, losing reputation, and losing an edge in cybersecurity18.
Even though people might not always share info as they should, a group of nations can still make cyber norms a standard online rule.
| Metric | Value |
|---|---|
| Threat events studied | 39,63918 |
| Organizations contributing data | 48518 |
| Local governments studied | 3,15819 |
| Internet-facing devices examined | 26,00019 |
| Countries with cyber offices in foreign ministries | More than 2520 |
“Consistent and direct diplomatic engagement by a group of like-minded nations is essential for creating accountability and ensuring the observation of agreed cyber norms.”
Attribution and Proportional Response
Dealing with cyber norm violations needs a strong plan for accountability. This means setting clear rules for figuring out who did the cyber harm. It also means picking responses that are fair, legal, and effective21.
Standards for Attribution and Lawful Responses
Figuring out who did a cyber attack is hard because the internet is anonymous and complex22. But, the world is getting better at making laws for dealing with this22.
People who make policies and legal experts must think about how sure they are about who did it. They also need to think about the effects of any action on politics, economy, intelligence, and military23.
When a cyber attack happens, the country hit must think about how to react. International law says any strong action must be needed and fair to stop the attack23.
Actions can be in or out of cyberspace and come with risks23. It’s important to keep the response’s size, scope, duration, and intensity in check to follow international law23.
Reacting fairly might help build alliances to punish the attacker23. But, the country hit must think about the big picture, like politics, economy, and strategy23. Actions can be secret and fast if there was cyber spying and a deep understanding of the target’s weak spots23.
| Cyber Incident | Attribution | Proportional Response |
|---|---|---|
| Solarwinds Supply Chain Attack | Attributed to Russia’s Foreign Intelligence Service, the SVR21. | Potential responses could include targeted sanctions, diplomatic pressure, and cyber operations to disrupt the SVR’s activities23. |
| Accellion Supply Chain Attack | Linked to the cybercriminal group FIN11 associated with Clop ransomware21. | Possible responses may include law enforcement actions, information sharing with allies, and disrupting the group’s infrastructure23. |
| Stuxnet Worm | Confirmed attribution remains elusive, but it is widely believed to have been developed by a state actor2123. | Given the significant damage caused, a proportional response could involve covert cyber operations to degrade the target’s capabilities23. |
By setting clear rules for figuring out who did it and having different ways to respond, we can make cyber norms stronger. This will help stop future cyber attacks22.
Conclusion
Creating and promoting cyber norms is key to a safer digital world. The world has made steps to set rules for countries, but we still face hurdles in making sure these rules are followed24.
Since 2004, six groups of experts met, and the UN set up two working groups since 2019 to work on these rules24. Yet, the UN’s rules don’t really help stop cyber attacks because most attacks don’t cross the line of traditional violence1.
To fix this, we need better diplomacy, ongoing talks, and clear rules for blaming and responding fairly1. It’s important for certain countries to work together to punish those who break these rules1.
We also need to talk directly to the countries that cause problems and threaten to punish them1. A detailed plan should outline how to make sure countries are accountable and deal with the growing threats to peace from cyber attacks1.
As technology keeps changing, following cyber norms will be vital for safe and ethical use of technology and good internet management5. By working together, we can make the internet safer and more stable for everyone5.
FAQ
What are cyber norms and why are they important?
Cyber norms are rules for how people act online. They help keep the internet safe and fair. They stop bad behavior and set clear rules for what’s okay online.
What is the lifecycle of cyber norms?
Cyber norms start as new rules and grow in use. They spread more widely, becoming a normal part of online life. Eventually, they become so common, we barely notice them.
How have existing norms and laws been applied to cyberspace?
Western countries say old laws and norms still apply online. But countries like Russia and China want new laws just for the internet.
What initiatives have been taken to develop cyber norms?
Groups have made guides and laws for online behavior. These help apply old norms to the internet.
How can cyber norms be incorporated into national cybersecurity strategies?
Adding cyber norms to security plans makes the internet safer. It makes it clear who has rights and responsibilities online.
What are the challenges in enforcing cyber norms?
It’s hard to make sure people follow the rules and punish those who don’t. It’s also tough to figure out who did something online and how to respond fairly.
How can collective action and coordinated diplomatic efforts support the enforcement of cyber norms?
A group of countries working together can make sure everyone follows the rules. They need to keep working together to make following these rules the standard.
