The contest of rules: US, China, Russia rival in setting the norms of behavior in cyberspace

//Alexandra Kulikova, program coordinator at the PIR Center in Moscow, discusses implications of and processes for creating soft law on ICT governance. 

The shift of cyberspace governance discussions towards a normative framework demonstrates states’ efforts to formulate ‘rules of the game.’ Recent multinational and bilateral agreements on cyberspace governance fall under the domain of non-binding soft law, in which norms agreed upon are not set in stone. As fundamental differences exist amongst individual state’s visions of cyber governance (for example views on state sovereignty in cyberspace), and with the uncertainties a rapidly developing cyberspace brings, hard laws often imply commitments that are difficult to honor. Non-binding agreements and norms leave room to maneuver as seen in the recent UN Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security report and talks between the US and China.

While the United Nation’s bureaucracy is typically perceived as ill paced for dynamic ICT governance, in June 2015 a major breakthrough occurred. Representatives from twenty countries formed the fourth Group of Governmental Experts (GGE) on Developments in the Field of Information and Telecommunications in the Context of International Security. The GGE agreed on a range of non-binding norms for state behavior as well as confidence and capacity building measures in cyberspace – something many were skeptical about. The agreements, reflected in the report published in August, outline some important commitments which states have refused to recognize since the late 1990s when the Russian Federation started promoting the norm building process through the creation of the UN GGE. These include, inter alia, the commitment to not attack each other’s critical infrastructure and cyber emergency response systems (CERTs and CSIRTs); to not knowingly allow illegal third party cyber activity from within their territory; to carry out due investigation on malicious activity before counteractions are taken; to assist in investigations of cyberattacks and cybercrime launched from the country’s territory; and to commit to peaceful use of ICTs as a cornerstone of peace and security in cyberspace and beyond. Building on the success of the previous UN GGE in 2013, which acknowledged the applicability of international law to cyberspace and encouraged future elaboration of norms and confidence building measures (CBMs), the current GGE managed to build upon and agree on some minimum conditions for international cyber stability.

Click here to read more.