In 1998, the Russian Federation's delegation to the United Nations made a proposal to the First Committee on Disarmament and International Security to consider the question of information and telecommunications technology (ICT). This marked the first time the body formally addressed the long-term role these technologies would have on the global community.
The proposal emphasized two key framing choices that remain relevant today: a focus on both security and stability, and a clear linkage between ICT and other threat domains, particularly weapons of mass destruction (WMD). Although later discussions diluted references to WMD, the proposal highlighted policymakers’ early recognition of the cross-domain effects of cyber technologies.
States have turned to a few different methods to pursue accountability and deterrence in cyberspace. This paper will outline three below. Importantly, these are not mutually exclusive pathways – in fact, in most cases successful deterrence and accountability necessitate some combinations of all three methods. In cyberspace, we can't easily rely on traditional deterrence – we need robust and multifaceted ways of influencing actors to prevent them from engaging in malicious behaviour. This paper outlines three primary ways we can do so:
- Shape the normative environment;
- Punish bad behaviour; and
- Deny bad behaviour
