A dynamic panel of cyber security experts engaged Program on Cyber Security participants for a timely discussion on global voluntary norms and responsible state behavior in cyberspace. 

The discussion, moderated by Marshall Center Professor Scott Handler, focused on the 11 voluntary norms for responsible state behavior first adopted by the UN in 2015. These norms, while not legally binding, represent international consensus on how countries should act to reduce the risk of conflict and miscalculation online. They cover everything from protecting critical infrastructure to sharing threat information and avoiding harmful cyber operations. 

Kimberly Raleigh, a senior policy advisor at the U.S. Department of State’s Bureau of Cyberspace and Digital Policy, shared her personal connection to the norms process, having helped draft several of the original recommendations. “These 11 norms are still remarkable,” she said. “They came from a global process of consensus—and we haven’t had new ones adopted since.” 

The panel then turned to the practical side of implementing these standards. Jamila Ade, who heads Nigeria’s Cyber Crime Unit at the Federal Ministry of Justice, emphasized the importance of clearly identifying what needs protection.  

“You cannot protect what you have not designated as critical infrastructure,” she said. Ade also highlighted regional capacity-building efforts by the Economic Community of West African States to help governments prioritize and safeguard vital systems. 

Building on that foundation, Mika Kerttunen, director of the Cyber Policy Institute in Finland, cautioned against the risks of misattributing cyber incidents. His extensive experience working on cyber norms in UN forums shaped his view. “Every word in a norm matters,” he said. “If we’re not gathering all relevant information before attributing a cyber incident, we’re shooting from the hip, and that’s dangerous for diplomacy.” 

Handler closed the session by tying the conversation back to the broader goals of cyber strategy and international law. “Norms can shape behavior even before becoming enforceable law,” he said. “They’re an essential first step in building responsible state behavior in cyberspace.” 

The expert-led panel discussion was part of the broader PCSS curriculum, which runs through May 15 and brings together cyber professionals from around the world to strengthen their understanding of cybersecurity frameworks, strategy development, and cross-sector cooperation. 

For more updates on the PCSS program, follow the Marshall Center on LinkedIn, X, and Facebook. 

---- 

The Program on Cyber Security Studies is a three-week, policy-focused course that equips mid- to senior-level leaders with the tools to navigate today’s cyber challenges. Participants gain a strategic understanding of cyber risk, governance, and emerging technologies, while exploring how national and international frameworks shape cyber policy and cooperation. Designed to bridge the gap between technical experts and decision-makers, the course builds a global network of professionals working to strengthen cyber resilience across sectors and borders.