Global Code: Power and the Weak Regulation of Cyberweapons

  • Tim StevensEmail author


This chapter renders explicit what is submerged in previous analyses of cyberweapons regulation and governance: the operations of power in shaping this field of politics and policy. It addresses nascent attempts to regulate cyberweapons and explores the operations of power in the global information-technological assemblage that shape their development, possession and use. First, a short preamble sets out the conceptual foundations of the chapter in terms of both regime theory and power analysis in International Relations. There follow four outline case studies, each focusing on an aspect of cyberweapons regulation and governance previously established as problems for the development of a global cyberweapons regime. The first concerns productive power and the role of the NATO Tallinn Manual Process in constructing cyberweapons as legitimate military instruments. The second is the role of US structural power in incentivising cyberweapons markets, which undermines multilateral attempts to regulate dual-use technologies associated with cyberweapons. The third examines the Internet as a source of institutional power, arguing that the design of the Internet provides affordances for cyberweapons. The fourth addresses compulsory power and diplomatic relations between the great powers, which resolve to differing interpretations of sovereignty that constrain the emergence of a global cyberweapons regime.


Cybersecurity Cyberweapons Power Global governance Security regulation Regime Nonregime 


  1. Abbott, K. W., Keohane, R. O., Moravcsik, A., Slaughter, A.-M., & Snidal, D. (2000). The Concept of Legalization. International Organization, 54(3), 401–419.CrossRefGoogle Scholar
  2. Ablon, L., Libicki, M. C., & Golay, A. A. (2014). Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar. Santa Monica, CA: RAND Corporation.Google Scholar
  3. Arimatsu, L. (2012). A Treaty for Governing Cyber-Weapons: Potential Benefits and Practical Limitations. In C. Czosseck, R. Ottis, & K. Ziolkowski (Eds.), Proceedings of the 4th International Conference on Cyber Conflict; 5–8 June, Tallinn, Estonia (pp. 91–109). Tallinn: NATO CCD COE Publications.Google Scholar
  4. Balzacq, T., & Dunn Cavelty, M. (2016). A Theory of Actor-Network for Cyber-Security. European Journal of International Security, 1(2), 176–198.CrossRefGoogle Scholar
  5. Barnett, M., & Duvall, R. (2005). Power in Global Governance. In M. Barnett & R. Duvall (Eds.), Power in Global Governance (pp. 1–32). Cambridge: Cambridge University Press.Google Scholar
  6. Barrett, E. (2017). On the Relationship Between the Ethics and the Law of War: Cyber Operations and Sublethal Harm. Ethics and International Affairs, 31(4), 467–477.CrossRefGoogle Scholar
  7. Barzashka, I. (2013). Are Cyber-Weapons Effective? RUSI Journal, 158(2), 48–56.CrossRefGoogle Scholar
  8. Betz, D. J., & Stevens, T. (2011). Cyberspace and the State. London: Routledge.Google Scholar
  9. Booth, K., & Wheeler, N. J. (2008). The Security Dilemma: Fear, Cooperation and Trust in World Politics. Basingstoke: Palgrave Macmillan.Google Scholar
  10. Boothby, B. (2016). Cyber Weapons: Oxymoron or a Real World Phenomenon to Be Regulated? In K. Friis & J. Ringsmose (Eds.), Conflict in Cyber Space: Theoretical, Strategic and Legal Perspectives (pp. 165–174). London: Routledge.Google Scholar
  11. Bourne, M. (2012). Guns Don’t Kill People, Cyborgs Do: A Latourian Provocation for Transformatory Arms Control and Disarmament. Global Change, Peace and Security, 24(1), 141–163.CrossRefGoogle Scholar
  12. Bourne, M. (2018). Powers of the Gun: Process and Possibility in Global Small Arms Control. International Politics, 55(3–4), 441–461.CrossRefGoogle Scholar
  13. Bourne, M. (2019). Powers of the Gun: Process and Possibility in Global Small Arms Control. In N. Hynek, O. Ditrych, & V. Stritecky (Eds.), Regulating Global Security. Basingstoke: Palgrave Macmillan.Google Scholar
  14. Buchanan, B. (2016). The Cybersecurity Dilemma: Hacking, Trust, and Fear Between Nations. New York: Oxford University Press.Google Scholar
  15. Carr, M. (2015). Power Plays in Internet Governance. Millennium: Journal of International Studies, 43(2), 640–659.CrossRefGoogle Scholar
  16. Clough, J. (2014). A World of Difference: The Budapest Convention on Cybercrime and the Challenges of Harmonisation. Monash University Law Review, 40(3), 698–736.Google Scholar
  17. Collins, S., & McCombie, S. (2012). Stuxnet: The Emergence of a New Cyber Weapon and Its Implications. Journal of Policing, Intelligence and Counter Terrorism, 7(1), 80–91.CrossRefGoogle Scholar
  18. Dalla Guarda, N. (2015). Governing the Ungovernable: International Relations, Transnational Cybercrime Law, and the Post-Westphalian Regulatory State. Transnational Legal Theory, 6(1), 211–249.CrossRefGoogle Scholar
  19. Danks, D., & Danks, J. H. (2016). Beyond Machines: Humans in Cyberoperations, Espionage, and Conflict. In F. Allhoff, A. Henschke, & B. J. Strawser (Eds.), Binary Bullets: The Ethics of Cyberwarfare (pp. 177–197). New York: Oxford University Press.CrossRefGoogle Scholar
  20. Deibert, R. J. (2003). Black Code: Censorship, Surveillance, and the Militarisation of Cyberspace. Millennium: Journal of International Studies, 32(3): 501–530.CrossRefGoogle Scholar
  21. DeNardis, L. (2012). Hidden Levers of Internet Control: An Infrastructure-Based Theory of Internet Governance. Information, Communication and Society, 15(5), 720–738.CrossRefGoogle Scholar
  22. Denning, D. (2000). Reflections on Cyberweapons Controls. Computer Security Journal, 16(4), 43–53.Google Scholar
  23. Dimitrov, R. S., Sprinz, D. F., DiGiusto, G. M., & Kelle, A. (2007). International Nonregimes: A Research Agenda. International Studies Review, 9(2), 230–258.CrossRefGoogle Scholar
  24. Dipert, R. (2014). The Essential Features of an Ontology for Cyberwarfare. In P. A. Yannakogeorgos & A. B. Lowther (Eds.), Conflict and Cooperation in Cyberspace: The Challenge to National Security (pp. 35–48). Boca Raton, FL: Taylor and Francis.Google Scholar
  25. Dittmer, J. (2017). Diplomatic Material: Affect, Assemblage, and Foreign Policy. Durham, NC: Duke University Press.CrossRefGoogle Scholar
  26. Egelman, S., Herley, C., & van Oorschot, P. C. (2013). Markets for Zero-Day Exploits: Ethics and Implications. In Proceedings of the 2013 New Security Paradigms Workshop; 9–12 September, Banff, Canada (pp. 41–46). New York: Association for Computing Machinery.Google Scholar
  27. Farrell, H., & Glaser, C. L. (2017). The Role of Effects, Saliencies and Norms in US Cyberwar Doctrine. Journal of Cybersecurity, 3(1), 7–17.Google Scholar
  28. Floridi, L. (2014). The Latent Nature of Global Information Warfare. Philosophy and Technology, 27(3), 317–319.CrossRefGoogle Scholar
  29. Foucault, M. (1995 [1975]). Discipline and Punish: The Birth of the Prison. New York: Vintage Books.Google Scholar
  30. Grigsby, A. (2017). The End of Cyber Norms. Survival, 59(6), 109–122.CrossRefGoogle Scholar
  31. Grusin, R. (Ed.). (2015). The Nonhuman Turn. Minneapolis: University of Minnesota Press.Google Scholar
  32. Hansen, L., & Nissenbaum, H. (2009). Digital Disaster, Cyber Security, and the Copenhagen School. International Studies Quarterly, 53(4), 1155–1175.CrossRefGoogle Scholar
  33. Hayden, M. V. (2016). Playing to the Edge: American Intelligence in the Age of Terror. New York: Penguin Press.Google Scholar
  34. Hinck, G. (2018, January 5). Wassenaar Export Controls on Surveillance Tools: New Exemptions for Vulnerability Research. Lawfare. Accessed March 8, 2018.
  35. Hurel, L. M., & Lobato, L. C. (2018). Unpacking Cybernorms: Private Companies as Norms Entrepreneurs. Journal of Cyber Policy, 3(1), 61–76.Google Scholar
  36. Hynek, N. (2017). Regime Theory as IR Theory: Reflection on Three Waves of ‘Isms’. Central European Journal of International and Security Studies, 11(1), 11–30.Google Scholar
  37. Inkster, N. (2016). China’s Cyber Power. London: Routledge.Google Scholar
  38. Jarvis, L., Macdonald, S., & Whiting, A. (2017). Unpacking Terrorism Discourse: Specificity, Status, and Scale in News Media Constructions of Threat. European Journal of International Security, 2(1), 64–87.CrossRefGoogle Scholar
  39. Jenkins, R. (2013). Is Stuxnet Physical? Does It Matter? Journal of Military Ethics, 12(1), 68–79.CrossRefGoogle Scholar
  40. Koh, H. H. (2012, September 18). International Law in Cyberspace. Speech to USCYBERCOM Inter-Agency Legal Conference. Fort Meade, MD.Google Scholar
  41. Krutskikh, A., & Streltsov, A. (2014). International Law and the Problem of International Information Security. International Affairs [Mezdunarodnaia zhizn], 60(6), 64–76.Google Scholar
  42. Lantis, J. S., & Bloomberg, D. J. (2018). Changing the Code? Norm Contestation and US Antipreneurism in Cyberspace. International Relations, 32(2), 149–172.CrossRefGoogle Scholar
  43. Libicki, M. C. (2009). Cyberdeterrence and Cyberwar. Santa Monica, CA: RAND Corporation.Google Scholar
  44. Libicki, M. C., Ablon, L., & Webb, T. (2015). The Defender’s Dilemma: Charting a Course Toward Cybersecurity. Santa Monica, CA: RAND Corporation.Google Scholar
  45. Limnéll, J. (2016). The Cyber Arms Race Is Accelerating: What Are the Consequences? Journal of Cyber Policy, 1(1), 50–60.CrossRefGoogle Scholar
  46. Lin, H. (2016). Governance of Information Technology and Cyber Weapons. In E. D. Harris (Ed.), Governance of Dual-Use Technologies: Theory and Practice (pp. 112–157). Cambridge, MA: American Academy of Arts and Sciences.Google Scholar
  47. Lindsay, J. R. (2013). Stuxnet and the Limits of Cyber Warfare. Security Studies, 22(3), 365–404.CrossRefGoogle Scholar
  48. MacKenzie, D., & Pottinger, K. (1997). Mathematics, Technology, and Trust: Formal Verification, Computer Security, and the US Military. IEEE Annals of the History of Computing, 19(3), 41–59.CrossRefGoogle Scholar
  49. Mazanec, B. M. (2015). The Evolution of Cyber War: International Norms for Emerging-Technology Weapons. Lincoln, NE: Potomac Books.CrossRefGoogle Scholar
  50. McCarthy, D. R. (2015). Power, Information Technology, and International Relations Theory: The Power and Politics of US Foreign Policy and the Internet. Basingstoke: Palgrave Macmillan.CrossRefGoogle Scholar
  51. Meyer, P. (2011). Cyber-Security Through Arms Control: An Approach to International Co-operation. RUSI Journal, 156(2), 22–27.CrossRefGoogle Scholar
  52. Ministry of Defence. (2013). Cyber Primer. London: Ministry of Defence.Google Scholar
  53. Muller, L. P. (2016). How to Govern Cyber Security? The Limits of the Multi-stakeholder Approach and the Need to Rethink Public-Private Cooperation. In K. Friis & J. Ringsmose (Eds.), Conflict in Cyber Space: Theoretical, Strategic and Legal Perspectives (pp. 116–129). London: Routledge.Google Scholar
  54. Murphy, H., & Kellow, A. (2013). Forum Shopping in Global Governance: Understanding States, Business and NGOs in Multiple Arenas. Global Policy, 4(2), 139–149.CrossRefGoogle Scholar
  55. Nadelmann, E. A. (1990). Global Prohibition Regimes: The Evolution of Norms in International Society. International Organization, 44(4), 479–526.CrossRefGoogle Scholar
  56. NATO. (2014, September 5). Wales Summit Declaration. Press Release. Accessed March 9, 2018.
  57. NATO. (2016, July 8). Cyber Defence Pledge. Press Release. Accessed March 9, 2018.
  58. Nocetti, J. (2015). Contest and Conquest: Russia and Global Internet Governance. International Affairs, 91(1), 111–130.CrossRefGoogle Scholar
  59. Nye, J. S., Jr. (2014). The Regime Complex for Managing Global Cyber Activities. Waterloo, ON: Centre for International Governance Innovation.Google Scholar
  60. Office of the Director of National Intelligence (ODNI). (2017, January 6). Assessing Russian Activities and Intentions in Recent US Elections. Intelligence Community Assessment. Accessed March 8, 2018.
  61. Prunkun, H. (2008). ‘Bogies in the Wire’: Is There a Need for Legislative Control of Cyber Weapons? Global Crime, 9(3), 262–272.CrossRefGoogle Scholar
  62. Pyetranker, I. (2015). An Umbrella in a Hurricane: Cyber Technology and the December 2013 Amendment to the Wassenaar Arrangement. Northwestern Journal of Technology and Intellectual Property, 13(2), 153–180.Google Scholar
  63. Rathmell, A. (2003). Controlling Computer Network Operations. Studies in Conflict and Terrorism, 26(3), 215–232.CrossRefGoogle Scholar
  64. Rid, T. (2013). Cyber War Will Not Take Place. London: Hurst and Company.Google Scholar
  65. Rid, T., & McBurney, P. (2012). Cyber-Weapons. RUSI Journal, 157(1), 6–13.CrossRefGoogle Scholar
  66. Schmitt, M. N. (Ed.). (2013). Tallinn Manual on the International Law Applicable to Cyber Warfare. Cambridge: Cambridge University Press.Google Scholar
  67. Schmitt, M. N. (Ed.). (2017). Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations. Cambridge: Cambridge University Press.Google Scholar
  68. Slayton, R. (2016). What Is the Cyber Offense-Defense Balance? Conceptions, Causes, and Assessment. International Security, 41(3), 72–109.CrossRefGoogle Scholar
  69. Smeets, M. (2018). A Matter of Time: On the Transitory Nature of Cyberweapons. Journal of Strategic Studies, 41(1–2), 6–32.CrossRefGoogle Scholar
  70. Sofaer, A. D., & Goodman, S. E. (2000). A Proposal for an International Convention on Cyber Crime and Terrorism (Working Paper). Stanford, CA: Stanford University.Google Scholar
  71. Stevens, T. (2016). Cyber Security and the Politics of Time. Cambridge: Cambridge University Press.Google Scholar
  72. Stevens, T. (2017). Cyberweapons: An Emerging Global Governance Architecture. Palgrave Communications, 3. Scholar
  73. Stone, J. (2013). Cyber War Will Take Place! Journal of Strategic Studies, 36(1), 101–108.CrossRefGoogle Scholar
  74. Střítecký, V., & Hynek, N. (2018). Comparing Global Security Regimes: A Power-Analytical Synthesis. International Politics, 55(3–4), 503–517.CrossRefGoogle Scholar
  75. Taylor, M. (2012). Terrorism and Affordance: An Introduction. In M. Taylor & P. M. Currie (Eds.), Terrorism and Affordance (pp. 1–17). London: Continuum.Google Scholar
  76. US Department of Defense. (2015a). Cyber Strategy. Washington, DC: Department of Defense.Google Scholar
  77. US Department of Defense. (2015b). Law of War Manual. Washington, DC: Department of Defense.Google Scholar
  78. US Government. (2017). Vulnerabilities Equities Policy and Process for the United States Government. Accessed March 8, 2018.
  79. von Heinegg, W. H. (2015). International Law and International Information Security: A Response to Krutskikh and Streltsov. Tallinn: CCD COE Publications.Google Scholar
  80. Zeng, J., Stevens, T., & Chen, Y. (2017). China’s Solution to Global Cyber Governance: Unpacking the Domestic Discourse of ‘Internet Sovereignty’. Politics and Policy, 45(3), 432–464.CrossRefGoogle Scholar
  81. Zetter, K. (2014). Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon. New York: Crown Publishers.Google Scholar

Copyright information

© The Author(s) 2019

Authors and Affiliations

  1. 1.King’s College LondonLondonUK

Personalised recommendations