In this article, I investigate why international law and norms have failed to keep cyberspace peaceful. The problem comes mainly from their failure to address what non-state actors, such as individual hackers and technology firms, do in cyberspace. Created by the extensive input of government officials decades ago with heavy focus on states as primary actors of international politics, international law is incoherent with the dominance of non-state actors as de facto operators of cyberspace. The critical problem shared by international law and institutions of having no “teeth” to penalize non-state violence extends to cyberspace. As a result, noncompliance with international law has become practical, and it has even bolstered the private sector, especially major technology firms, to assert themselves in the legal void, leverage their digital products to reshape norms, and become norm entrepreneurs in the business of digital defense. However, the multiplication of norm entrepreneurs has accelerated in an uncoordinated manner, and the way they built their interests does not neatly align with those of the states. While some norms of cyberspace behavior have been accepted, many others remain contested. In the meantime, norm discourse in diplomatic venues, including in multilateral debates at the United Nations, has become highly undemocratic, dominated by a small mix of great powers and active middle powers that are also split over what norms should guide state and nonstate behaviors.
This article investigates why states have launched so few cross-domain operations—in this case, operations between cyber and military domains—when they have launched so many cyberattacks. I explore a set of five hypotheses for why most cyberattacks do not occur at the same time as military strikes. My analysis reveals that of the five, two are compelling. First, state attackers make strategic decisions not to “cross the domain” for organizational reasons that are based on the internal division of labor. Second, many cyberattackers face significant technical challenges with cross-domain operations even if their cyber and military forces are integrated. The other three reasons are not as persuasive, including fear of conflict escalation, international law applied to cyberspace, and norms of cyberspace behavior.
Given several possible strategic scenarios for East Asia, I argue that the region is likely to be divided by China’s growing power and the American presence along with its allies. The bipolar system in Asia will be relatively stable, however, because of conventional military balance, nuclear deterrence, and economic interdependence.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.