International Cybersecurity Norm Development: The Roles of States Post-2017

 In

by Jacqueline Eggenschwiler

Abstract

Once considered the primary purview of sovereign entities, processes of international norm-formation have experienced far-reaching phases of pluralisation. Non-state actors have come to inhabit central areas of global policymaking, which in turn has given rise to questions about the normative and legislative capabilities of governmental protagonists. In the context of cybersecurity, for example, political quarrels among state actors concerning the enactment of norms for responsible behaviour in the digital realm have created a flourishing environment for non-state actor initiatives. As a rising amount of normative pro-posals appears to emanate not from traditional, sovereign entities but from a collection of non-state actors, including private sector, civil society and multi-stakeholder organisations, a reassessment of the roles of sovereign actors is important for making sense of contemporary cybersecurity governance and understanding future policy trajectories. This paper finds that despite a strong increase in the number of non-state initiatives, governmental protagonists remain critical agents of cybersecurity norm-making. Effective provision of cybersecurity at a global level requires states to live up to their traditional roles as standard-setters and enforcers of norms. Given the complex and highly interconnected nature of cyberspace, they also have to assume additional roles, e.g. as sparring partners of non-state initiatives and meta-level orchestrators of normative responsibilities.

Key points

  • International norm-formation has long been considered the exclusive purview of governmental actors. In the context of cybersecurity, this paradigm has come under increasing attack as a diverse group of non-state actors has come to actively contribute to the development of global rules for the digital realm.
  • State-driven debates concerning the implementation of norms for responsible behaviour in cyberspace have yielded mixed results. However, with regard to stipulating red lines, governments continue to benefit from a unique combination of material and symbolic power sources.
  • In order to move debates forward and make headway, states need to acknowledge the contributions of non-state actors and draw on their expertise and input for implementing security-enhancing norms and policies.
  • Building confidence and creating stability in the use of Information and Communications Technologies (ICTs) requires public actors to live up to their traditional roles as standard-setters and enforcers of norms and take on additional roles, e.g. as sparring partners of non-state initiatives or meta-level orchestrators of normative responsibilities.