Publication: Survival: Global Politics and Strategy December 2017–January 2018
20 November 2017
This summer, a nearly seven-year process to write the rules that should guide state activity in cyberspace came to a halt. Since 2010, the United States had successfully corralled the world’s main cyber powers at the United Nations to agree to a set of increasingly prescriptive norms of what they could and could not do in cyberspace. The process broke down over the United States’ desire to have states explicitly endorse the notion that the laws of war applied to cyber conflict.1 Russia, China, Cuba and others refused to do so, on the grounds that it would give a green light to hostile actions in cyberspace.
US policymakers had invested hope and effort in the idea that cyber norms would help bring order to the seeming chaos of cyberspace. The online world is one of strategic instability, given the relative ease and stealth of state-sponsored attacks, and the fact that it is almost impossible to tell whether a purely defensive cyber action is in fact hostile.2 The United States, the United Kingdom and like-minded states held conferences, sponsored diplomatic initiatives at the United Nations and regional security bodies, and funded research to spread a series of norms intended to make cyberspace less prone to catastrophic strategic error.3 Think tanks, foundations and some technology companies joined in as norm entrepreneurs, hoping to make their mark on diplomatic negotiations.