Several analysts, including Mike Schmitt and Liis Vihul at Just Security and Arun Sukumar at Lawfare, have highlighted (here and here) the collapse of the 2017 Group of Government Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (GGE). The GGE was unable to reach consensus on a report that would have advanced the conversation about the ways in which international law applies to cyber activities. In the wake of this failure, Homeland Security Adviser Tom Bossert indicated that the U.S. government plans to work with smaller groups of like-minded partners to develop and shape cyber norms. This seems like a reasonable approach, but there are steps the United States can pursue unilaterally as well. In particular, the Department of Justice and the FBI should continue to assertively investigate and indict individuals—including state actors—who engage in cyber activities that the U.S. Government ultimately would like to see the international community characterize as wrongful.

Ashley S. Deeks, Moving Forward on Cyber Norms, Domestically, Lawfare (July 10, 2017).