In 2021, US President Biden presented Russian President Putin a list of 16 critical infrastructure sectors that should be off-limits to hacking. But Russian cyberattacks do not appear to have slowed.
Because cyber space is the newest domain of conflict and cooperation, it lacks agreed upon rules and norms. The Atlantic Council brought together a group of leading experts to discuss pressing questions of cyber diplomacy.
What makes cyber diplomacy different from other kinds of diplomacy?
- The digital world is borderless and interconnected, and therefore cannot be managed by just one institution or organisation. States, companies, and organisations have a joint responsibility to step up and protect it.
- Cyber is still a relatively new area, so the rules aren’t yet defined and are being rapidly developed. At the same time, the stakes are incredibly high, as the internet, cybercrime, and misuse of digital technologies can have a dramatically negative impact on society.
How do agreed upon norms in cyberspace (or lack thereof) impact diplomatic approaches to cyber crises?
- Having a set of agreed-upon norms means that when nations break the rules they can be challenged and held accountable.
- However, in their current form, the norms of cyber space are unclear and lack consensus between states on their definitions. There’s also a need for capacity building to ensure all states can fully implement them.
How do countries balance freedom of offensive (or defensive) action in cyberspace with norms dictating avoidance of certain targets, tactics, or capabilities?
- In some ways, norms of cyber space should be no different from norms of conventional warfare.
- Under international humanitarian law, hospitals are off limits in times of armed conflict. Similarly, cyber attacks on critical infrastructure should be prohibited.
Why do some technology companies have cyber diplomacy teams (e.g., Microsoft) and some governments tech ambassadors (e.g., Denmark)?
- Much of cyber space is created by private companies. Achieving peace in cyber space will thus not be possible without non-state actors.
- Open communication between state actors and private companies is necessary to ensure the digital realm is protected and peaceful. Businesses want to prevent the misuse of their technology, while governments are driven by the need to ensure national security and safeguard citizens’ privacy.
What countries, companies, or non-governmental organisations (NGOs) handle cyber diplomacy exceptionally well? Which have room for improvement?
- Organisations which have created partnerships and actively collaborate with all stakeholders are performing best.
- The Open-Ended Working Group at the United Nations, which convened from 2019-2021, offers a good starting point to see which states and non-state actors have been particularly active in cyber discussions.