In recent years, countries have become increasingly concerned about the immediate and future threats to their critical services and infrastructures that could result from the misuse of information and communications technologies (ICTs). As such, countries have placed the development of normative standards guiding state behaviour in cyberspace at the top of their foreign policy agendas. Yet, despite broad international consensus regarding the basic principles to limit the misuse of ICTs in the digital age and to constrain state behaviour, the key tenets have been consistently violated.
All evidence suggests that states are not following their own doctrines of restraint and that each disruptive and destructive attack further destabilizes our future. States have turned a blind eye and have shirked their responsibility for curbing or halting cyber attacks originating from their own territories. Disruption or damage (or both) of critical infrastructures that provide services to the public has become customary practice — the “new normal.” And this intentional misuse of ICTs against critical infrastructures and services has great potential to lead to misperception, escalation and even conflict.
This paper offers five standards of care that can be used to test individual states’ true commitment to the international norms of behaviour. Only with a concerted and coordinated effort across the global community will it be possible to change the new normal of “anything goes” and move forward to ensure the future safety and security of the Internet and Internet-based infrastructures.