International Cybersecurity Norm Development: The Role of States

Traditionally the exclusive purview of states, international standard-setting in the context of cybersecurity has seen a considerable influx of non-state actors. Indeed, following the non-consensus outcome of the 2017 edition of the United Nations Group of Governmental Experts (UNGGE) on Developments in the Field of Information and Telecommunications in the Context of International Security, norm development processes sponsored by non-state entities seem to have effectively replaced state-led endeavors (at least ad interim). Non-alignment of interests as well as different political and cultural value systems appear to undermine opportunities for meaningful security-enhancing multilateral cooperation. Yet, rather than painting a gloomy picture of the demise of sovereign authority in matters related to international cybersecurity, this paper uses the non-consensus outcome of the 2017 edition of the UNGGE as an opportunity to reflect on alternative strategies for states to advance efforts on behavior-guiding rules of the road. Specifically, this paper asks: Post-2017, what avenues can states pursue to move forward discussions on international norms geared towards increasing the security and stability of cyberspace? Based on a qualitative research design, the paper argues that states have a number of different options at their disposal to continue normative deliberations and bring order into the seeming chaos of cyberspace.