Norms: From Articulation to Implementation

The global dialogue on cybersecurity norms is evolving from a conceptual discussion about nation-states’ rights and responsibilities toward an articulation of norms of state and industry behavior. Stakeholders from governments, the private sector, academia, and civil society are putting forward myriad norms proposals, addressing a range of challenges caused by exploitation of information and communications technology (ICT) systems. These proposals vary in their prescriptions. For example, most norms proposals from governments and international organizations recognize that nation-states should not permit malicious cyber activity to emanate from their territory and that critical infrastructures should not be targeted by cyber attacks in times of peace. However, only some proposals have acknowledged that nation-states should not compromise the ICT supply chain, and only a few recognize the need for public/private sector collaboration on norms.