The NATO Cooperative Cyber Defense Center of Excellence (CCDCOE) published a new book with 17 authors sharing their views on the development of international cyber norms, NATO said Wednesday.

The book, International Cyber Norms: Legal, Policy, & Industry Perspectives, focuses on how to understand and develop norms regulating behavior in cyberspace when major world powers are developing advanced offensive cyber capabilities. Questions covered include: How does the existing international law limit the offensive cyber activities of states? What are the necessary political arrangements to achieve international stability in cyberspace? What is the industry’s role and interests in developing international cyber norms?


This publication “offers legal, policy and industry perspectives while outlining how different disciplines define, prioritise and promote norms, and suggesting approaches for developing cyber norms,” the CCDCOE said in a statement.

Book contributors Michael Schmitt, Director of the Tallinn Manual Process and Professor at the U.S. Naval War College, and Marina Kaljurand, Estonian Minister of Foreign Affairs, are set to discuss their views in the context of the publication launch event Friday in Tallinn, Estonia.

Based in Tallin, Estonia, the CCDCOE is a NATO- accredited knowledge hub based that focuses on interdisciplinary applied research and development concerning cyber security. It includes consultations, training, and information-sharing among NATO members, allies, and partners in cyber defense.

International Cyber Norms is the result of a series of workshops the CCDCOE organized from 2014-2015, book editors Anna-Maria Osula and Henry Rõigas note in the introductory chapter.

The first several chapters focus on understanding the role of legal norms: in chapter two Michael N. Schmitt and Liis Vihul overview existing international legal norms regulating state behavior in in a cyber context; in chapter three Sean Watts specifically analyzes cyber law development through the Law of War Manual released by the U.S. Defense Department; and chapter 4 by Russel Buchan focuses on the legality of cyber espionage.

The next section looks at politically binding cyber norms. Chapter five includes Toni Erskine and Madeline Carr introducing the topic as it relates to the nature of cyber norms from a political science theoretical perspective; chapter six has Marina Kaljurand share thoughts from her experience on the United Nations Group of Government Experts and Estonian experience; chapter 7 by Patryk Pawlak has a discussion of Confidence-Building Measures as a tool in contemporary cyber diplomacy; chapter 8 involves Paul Meyer looking at cyber norms from a comparative perspective in relation to security police of outer space; and chapter 9 has Greg Austin provide a comprehensive look at the evolution of China’s motivations in cyber norm development.

The final book section focuses on private sector views of cyber norms. Chapter 10 includes a discussion between Symantec’s [SYMC] Ilias Chantzos with Shireen Alam on how they see cyber norms as part of a broader norm-based strategy, the industry role in this, and advocating for the principle of technological integrity; chapter 11 involves Intel’s [INTC] Claire Vishik, Mihoko Matsubara, and Audrey Plonk advocate for a common ontology to support these discussions which are viewed as only one part of the equation.

The publication also includes an appendix with six cybersecurity norms proposed by Microsoft [MSFT], aimed at limiting conflict.