Experts: Imperative That States Focus on International Norms Governing Cyberspace

States need to further focus on international norms regulating activities in cyberspace, emphasises a new volume published by the NATO Cooperative Cyber Defence Centre Excellence. Acceptable behaviour has to be based on clear understanding of international law and agreements, concludes International Cyber Norms: Legal, Policy & Industry Perspectives.

“Cyberspace is not a lawless domain. Development of acceptable international norms can and should be a gradual process where we examine existing norms – both international law and politically binding instruments – to find common ground on basic questions that concern us all,” says Marina Kaljurand, Estonian Minister of Foreign Affairs and past National Expert to the UN Group of Governmental Experts. Lack of constructive debate hinders the social and economic benefits as well as security springing from information and communication technologies, the minister highlights.

“These are the rules of the game. States are moving at an incremental pace to identify the legal norms that not only limit their activities in cyberspace but sometimes enable them. This is in part because of the conflation of legal, policy, operational and ethical considerations,” explains Professor Michael Schmitt of the United States Naval War College and Director of the Tallinn Manual Process. “This book usefully serves to tease these important strands of normative consequence apart, thereby facilitating their further development in a complimentary manner,” Schmitt, also a Senior Fellow at the NATO Cooperative Cyber Defence Centre of Excellence, says.

“Legally binding norms are difficult to agree upon, especially on a global level, whereas voluntary, politically binding norms may lack convincing enforcement mechanisms. Whichever type of norm states choose to support, it is time to start drawing ‘red lines’ between acceptable and non-acceptable behaviour,” highlights the book’s co-editor Anna-Maria Osula, an expert at the NATO Cooperative Cyber Defence Centre Excellence. “In addition to agreeing on and proposing norms, states need to follow them and make sure not to accept behaviour that does not comply.”

17 authors from industry, academia and policy backgrounds share their views on the development of international cyber norms in International Cyber Norms: Legal, Policy & Industry Perspectives. The book, co-edited by Anna-Maria Osula and Henry Rõigas, was launched with a discussion panel today.

All major world powers are in one way or another developing advanced offensive cyber capabilities whilst the development of the accompanying normative framework is slow. Building on the need to understand and develop norms that regulate state activities in cyberspace, the book addresses such vital questions as: How does the existing international law limit the offensive cyber activities of states? What are the necessary political arrangements to achieve international stability in cyberspace? What is the industry’s role and interests in developing international cyber norms? International Cyber Norms: Legal, Policy & Industry Perspectives offers legal, policy and industry perspectives while outlining how different disciplines define, prioritise and promote norms, and suggesting approaches for developing cyber norms.

The Tallinn-based NATO Cooperative Cyber Defence Centre of Excellence is a NATO-accredited knowledge hub, think-tank and training facility. The international military organisation focuses on interdisciplinary applied research and development, as well as consultations, trainings and exercises in the field of cyber security. The Centre’s mission is to enhance capability, cooperation and information-sharing between NATO, Allies and partners in cyber defence. Membership of the Centre is open to all Allies. The Czech Republic, Estonia, France, Germany, Greece, Hungary, Italy, Latvia, Lithuania, the Netherlands, Poland, Slovakia, Spain, Turkey, the United Kingdom and the USA have signed on as sponsoring nations. Austria and Finland have joined the Centre as contributing participants. The Centre is funded and staffed by these member nations.

An electronic version of International Cyber Norms: Legal, Policy & Industry Perspectives, edited by Anna-Maria Osula and Henry Rõigas of the NATO Cooperative Cyber Defence Centre of Excellence, is available at