New Norms and Policies in Cyber-Diplomacy

The conference presentation discusses the challenges of cybersecurity and the need for greater engagement between the policy and technology communities. It emphasizes the importance of consequences for violating norms and the need for qualified cybersecurity personnel in government.

• There is a disconnect between the policy and technology communities in cybersecurity.
• Greater engagement is needed between these communities to address cybersecurity challenges.
• Consequences are necessary for violating norms in cybersecurity.
• Qualified cybersecurity personnel are needed in government.
• There are practical challenges to bringing on board talent in government.
• Escalation is a concern in cybersecurity.
• Kinetic weapons are unlikely to be used in response to cyber attacks.

The speaker shares an anecdote about the challenge of getting people to write rules for a community they don't understand or for devices they don't know. They highlight the need for technical experts to inform policy decisions in cybersecurity.

After the last round of the UN sponsored consultations on international cybersecurity collapsed in 2016, the international situation in cyber diplomacy has been in flux: will there be other UN rounds of discussion? Will private sector-organized initiatives claim a role? And what norms and rules of behavior in cyberspace for state and (and non-state actors) will be agreed? The Global Commission on the Stability of Cyberspace has been working on these issues, and at Black Hat some of its members will discuss the new norms (e.g. safeguarding the critical infrastructure of the Internet, protecting electoral systems from attack, etc.) as well as provide insight into some of the current thinking of the Commission, as well as government, international organizations, and major corporations working on the subject worldwide.