Cyber security norms in the Euro-Atlantic region

This chapter aims to contribute to the debates by examining the emergence of cyber security norms in the European and North Atlantic area and the potential for such norms to be diffused to other world regions. It seeks to define what cyber security norms are and to categorise them. The chapter looks at how norms have been tentatively established in the Euro-Atlantic area through the European Union and North Atlantic Treaty Organisation. These organisations, it is argued, have acted as 'norm entrepreneurs' by building support for cyber security standards within and on behalf of their member states. The chapter also looks at norm diffusion – the process by which norms are re-established, and to some extent redefined, in different social, cultural and regional contexts. It discusses that while cyber security norms are in an early stage of development globally, there has been significant normative progress within the Euro-Atlantic region.