28-29 Apr 2014
28-29 Apr 2014
Participation was invitation-based only
Swedish National Defence College, Stockholm
The objective of the workshop was to discuss under Chatham House rule the essence, relevance and role of norms in cyber security. Experts from various backgrounds such as policy, academia, technical and law focused on cyber norms of behaviour from the perspective of international relations.
The discussions examined e.g. what do norms mean in different contexts; what are cyber norms; what is their scope and authority; how are cyber norms articulated, agreed and implemented; what are the operative characteristics of cyber space which must be considered when seeking common standards of international behaviour and what is the relationship between political and legal norms, are the first of these the condition, or the consequence of the latter.
The workshop was organised in three parts – Abstract, Action and Agency – each following a set of guiding questions and tackling specific matters from different angles.
The first section – Abstract – began with a discussion of the idea of norms, then asked how norms can be substantiated in policy and moved on to discuss relevant characteristics of cyber space for norm development. These aspects were examined both from the “western” and “non-western” perspectives while specifically focusing on the role of international relations in norms’ development. The experts gave their views on a variety of issues such as the functions of different norms, synergy between behaviours that are legally permissible and what are politically correct, peculiarities of norm life cycle, sources of authority of norms, norm entrepreneurs and the state of art of international discussions on cyber norms of behaviour. The “western” standpoint was compared with interpretations on what are (cyber) norms from Russian and Chinese point of view. Whilst generally agreeing on the need of norms in cyber space, one of the conclusions of the panels was echoed in an understanding that we are currently missing a uniform approach to what is a norm, what are the principle aspects influencing the emergence of norms and what is their source of authority.
The second section – Action – examined the mechanics of norm development in cyber space, discussing opportunities and obstructions. The first half of the discussion scrutinised the role of trust in developing norms. The panellists focused on three different angles: the role of protection of individual fundamental rights in understanding cyber security, trust and confidence building measures and their role in developing cyber norms of behaviour as well as emerging applications of “digital trust” as examples of managing communities without the need for government. The experts shared the opinion that trust should be seen as vehicle to make progress but at the same time it should be kept in mind that different contexts require tailored approaches. The second half of this section pointed out the relevance of understanding the global variety of approaches to data protection and cyber sovereignty as underlying bases for taking the norms’ debate further. The discussions underlined that different national approaches can be deconstructed and analysed on a cultural level and thereby enable a better understanding of the different goals of state actors as well as ameliorate further cooperation. Despite agreeing on the complexity of the central role of data in various domains and the abundance of involved actors, it was proposed that an alternative approach to shaping norms of behaviour in cyber space could be based on developing systemic resilience across national trust communities.
The third and final session, Agency, asked how and where cyber norms might best be developed, taking into account the views of international organisations, national governments and the commercial/technological sector. After reaching a conclusion that the governance of cyber space is challenged by the need for an unprecedented level of co-operation between an unprecedented variety of participants, the question was raised whether the current governance mechanisms would be up to this challenge. In search of the best medium or platform for international cyber norms’ development, several issues were raised. For example, the interests of different nation states in developing norms were coupled with a critical analysis of the effectiveness of these states in taking further the discussion on cyber norms of behaviour. The idea of including neutral players in the discussion was challenged by questions of which actors could be deemed as neutral. Finally, the increasing role of industry in norms’ building was underlined together with comparing different practices and requirements of the commercial/technological sector in contributing to the multi-stakeholder governance model of cyber space.
The Stockholm event was followed up by a workshop on “Cyber Norms Development” held on the 3rd of June in Tallinn as part of the CyCon conference.