Op-Ed by Michael Chertoff, Latha Reddy, and Alexander Klimburg published in Project Syndicate on 16 December 2020.
In their article, they argue that: “Norms are not legally binding rules, where the exact wording is determinative. Rather, they are flexible instruments whose range of possible interpretations can be a strength, not a weakness. They exist precisely because it is often difficult to interpret how existing international law applies in cyberspace, and because most democracies want to avoid being bound by an international treaty that is certain to be inadequately worded and poorly monitored.
The SolarWinds case shows why: In cyberspace, there will always be new techniques devised to fall outside the scope of any specific text. But the attack also shows that considering more norms, even if only as subsidiaries to existing norms, could help clarify precisely which values the international community is trying to reinforce. A norms-based approach not hamstrung by incomplete definitions can facilitate a stronger response to counter and discourage malicious cyber activities. But political will is still needed to follow through and punish these apparent transgressions.
The best way to dissuade bad state actors is through collective action that can impose consequences and thus establish customary international law. Ultimately, norms exist to foster and support this type of response where appropriate, not to inhibit it. If we are going to prevent the recent surge in cyberconflict from spiraling out of control, such international action is urgently needed.”
Read the full article at Project Syndicate.