The Council on Foreign Relations is launching a new set of Policy Briefs on cybersecurity policy – it published my contribution today. My brief responds to recent suggestions that the U.S. should promote norms to better secure cyberspace. This is a laudable objective. However, my brief uses findings from political science to argue that it will be hard for the U.S. to shape norms without making major changes to other aspects of their policy.
Why would the U.S. want to create norms to foster cybersecurity?
There are two plausible reasons. First, as Admiral Michael Rogers, the head of the NSA and Cyber Command has argued, norms create a basic structure for international political relations. If, for example, the U.S. is to deter cyberattack from other countries, and vice versa, all the countries involved need to reach a common agreement on basic questions such as what cyberattacks are, when they are acceptable and when not acceptable, and so on. Creating this kind of common understanding takes a lot of hard work building common norms of acceptable and unacceptable behavior, as Emanuel Adler’s research on arms control during the Cold War demonstrates.
Read the full piece at The Washington Post.