‘The Resurrection of International Cyber Norms? Analyzing Governmental Statements on Cyber Operations Targeting Health Infrastructures during the COVID-19 Pandemic’ at the European Consortium for Political Research General Conference


The European Consortium for Political Research (ECPR) is a professional associating supporting the advancement of political science. The General Conference is Europe’s largest annual gathering of political scientists from around the globe. Over the course of five days, it brings together scholars from across all regional and national borders and all sub-disciplines of political science, providing a forum for rich discussion and the furtherment of research.


Alexandra Paulus is presenting a paper that she co-authored with Bruna Toso de Alcantara, doctoral candidate at Universidade Federal do Rio Grande do Sul, Brazil, and a fellow at the Humboldt Institut für Internet und Gesellschaft at the panel “COVID-19 in International Relations”. In their paper, they evaluate whether the pandemic has triggered a “resurrection” of international cyber norms debates by analyzing governmental statements on cyber operations targeting health infrastructures since the outbreak of the Covid-19 pandemic.


Paper abstract: The COVID-19 pandemic is transforming society’s digital behavior, aggravating previous cybersecurity challenges, and creating new ones. One emerging challenge is the widening attack surface, including of health infrastructures. The ensuing cyber operations targeting health infrastructures and pandemic response entities have pressured states to take actions to secure their populations. One policy instrument to prevent or mitigate cyber conflict is devising international cyber norms, rules for responsible state behavior in cyberspace. Before the outbreak of the pandemic, the cyber norms debate had been characterized as having reached a dead end, but following the recent widely covered attacks on the health sector, many states and collective entities have published statements in which they negotiate established or nascent cyber norms proposals. In this paper, we analyze whether this constitutes a resurrection of cyber norms. We examine 14 statements, published between April 17, 2020, when the US published the first statement on the issue, and July 20, when Russia made the (at the time of writing) most recent statement. Among them are eight national statements, by Australia, Canada, China, Estonia, New Zealand, UK, US, Russia, and five collective statements, by the EU (High Representative and the President of the Commission), a Joint OEWG Report Proposal from Australia, Czech Republic, Estonia, Japan, Kazakhstan, and the US, NATO, the Parliamentary Assembly of the Mediterranean, and World Health Assembly. In our analysis, we focus, firstly, on the content of states’ pronouncements: Which actions do they condemn? Do they make a normative statement? If they make a normative statement, we secondly examine their normative point of reference. The latter can range from existing cyber norms framework like the 2015 United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (UNGGE), the Paris Call for Trust & Security in Cyberspace, the Tallinn Manuals, or the Shanghai Cooperation Organization's International Code of Conduct for Information Security to new and emerging norms, for instance, those currently being elaborated in the context of the United Nations Open-Ended Working Group (OEWG). And thirdly, which patterns and alignments evolve? We use discourse analysis to identify key nodal points and fixed meanings identifiable in these statements.


Registered conference participants can watch the presentation live here.

Read the conference program here.