Reports & Papers

Establishing norms for state behavior in cyberspace is critical to building a more stable, secure, and safe cyberspace. Norms are defined as “a collective expectation for the proper behavior of actors with a given identity,” and declare what behavior is considered appropriate and when lines have been crossed. Cyberspace is in dire need of such collective expectations. However, despite efforts by the international community and individual states to set boundaries and craft agreements, clear and established cyber norms for state behavior remain elusive. As early as 2005, the UN Group of Governmental Experts (GGE) and UN Open-Ended Working Group (OEWG) both aimed to create shared “rules of the road,” but fundamental disagreements between states and a lack of accountability and enforcement mechanisms have prevented these initiatives from substantively implementing cyber norms. As a result, the international community and individual states are left with no accountability mechanisms or safeguards to protect civilians and critical infrastructure from bad actors in cyberspace.

The U.S. is grappling with increasingly challenging transnational technology, policy, and security issues, which are complicated further by the economic and supply chain relationships with China. As the Biden administration and Congress look at developing policy solutions that will both reduce dependence on China and strengthen the United States’ resilience, it is important that these policies form a larger, holistic strategy that articulates the national security narrative clearly. 

The implications of the Schrems II decision have substantial short and long-term repercussions. This paper will seek to briefly explain the history of the Schrems cases, then outline the options available to decision makers seeking to enable transatlantic cooperation. The paper will also argue that short-term solutions such as the ones leveraged up till now will increasingly be unfeasible, and therefore present four proposals for consideration on how a revived data transfer ecosystem could be shaped through national and international tools and mechanisms.

The overarching question imparting urgency to this exploration is: Can U.S.-Russian contention in cyberspace cause the two nuclear superpowers to stumble into war? In considering this question we were constantly reminded of recent comments by a prominent U.S. arms control expert: At least as dangerous as the risk of an actual cyberattack, he observed, is cyber operations’ “blurring of the line between peace and war.” Or, as Nye wrote, “in the cyber realm, the difference between a weapon and a non-weapon may come down to a single line of code, or simply the intent of a computer program’s user.”

Despite a technically successful election with a record-breaking voter turnout,  U.S. institutions and procedures have not created the kinds of shared public consensus over the results of the 2020 election that they were supposed to. The authors write that the United States needs a dynamic stability, one that incorporates new forces into American democracy rather than trying to deny or quash them. This report is their attempt to explain what this might mean in practice

A well-resourced USDFC as a result of the BUILD Act will support U.S. companies and provide competitive alternatives for the Global South. Prioritizing U.S. support in the telecommunications sector will also help balance China’s growing strategic influence in cyberspace. However, reports suggest that the USDFC’s financial resources will be much less than originally planned. These resources are needed to level the playing field. This paper outlines why.