Increasing International Cooperation in Cybersecurity and Adapting Cyber Norms

The rapid development of states’ use of information and communications technology (ICT) necessitates a cooperative approach to developing strategies to avoid threats in cyberspace. Cyber threats can range from large attacks by hostile governments to infiltration of private enterprises by criminal organizations, and can cost billions of dollars, resulting in significant impacts on the global economy. Therefore, legislation must be comprehensive to handle all types of cyberattacks. In 2016, the European Parliament released the NIS Directive to provide general guidelines for cybersecurity in the EU, but even more direct laws must be enacted to protect cybersecurity. To start, major actors in cyberspace, such as the U.S. and Russia must convene to resolve disagreements and establish rules for cyberspace in a nonaggression pact. Also, the UN should gather experts, the UN GGE, and begin enforcing cybersecurity norms. Additionally, countries should be required to report any discovered vulnerabilities. Rules for cyberspace should be developed from the bottom upward, in order to best reach consensus. Finally, all governments should commit to work together on preventing cybercrime. As more long-term goals, countries should consider convening an international court for cyber events and passing international laws concerning cyberspace and cyber weapons. In order to avoid economically and socially catastrophic consequences, the international community must take concrete actions to combat cyberattacks. This article comes from the Council on Foreign Relations, which is an independent and nonpartisan think tank dedicated to identifying areas of improvement in international cooperation. Therefore, it provides a unique outside perspective into global cybersecurity policy and how it can be strengthened. Rather than a biased opinion of an executive or a corporation, this article gives a levelheaded evaluation of cyber policy on the global stage and provides concrete recommendations for governments to consider in combating cyberattacks. This could stimulate interesting discussions about the role of the international community in regulating countries’ cybersecurity policies.