With so much attention centered on the very brief trial balloon of a “Cyber Security unit” and U.S.-Russia cyber relations, it’s easy to forget that for much of the past decade U.S. foreign policy has paid equal—if not greater attention—to the U.S.-Sino relationship in cyberspace. From the widely publicized hacking of U.S. economic interests by members of the People’s Liberation Army to the broader risk of war from inconsistent understandings of the relevant rules of behavior in the cyber domain, U.S. foreign policy emphasized the significant risks posed by the behavior of China and its proxies. The U.S. solution? To obtain Chinese acceptance of (and conformance to) various “cybernorms” – shared expectations of proper behavior in cyberspace.
In a published piece for the Hoover Institution's Aegis Paper Series, I explore the concept of cybernorms and explain how the United States has pursued different norms to advance its interests in changing Chinese behavior in cyberspace. Specifically, my paper compares and contrasts U.S. efforts to achieve two norms: (1) the U.N. Group of Governmental Experts’ consensus that international law applies in cyberspace; and (2) the U.S.-China understanding that neither State would pursue cyber-espionage for commercial advantages. In contrast to prior studies that focus only on the behavior a norm requires, this paper employs a broader, process-based analysis. It thus ties a norm’s success (or failure) to more factors than what it says, an approach that may help explain events like the U.N. Group of Governmental Experts' failure last month to agree on how international law actually applies to cyberspace. Taken together, my analysis offers a new framework for strategizing about the potential risks and rewards of pursuing different normative processes, whether in U.S. efforts to impact China’s behavior in cyberspace or vice-versa.