Securing Cyberspace 2024

The programme included high-level speakers from more than 20 countries and covered topics including international law and norms, responsible use and development of tools and technologies – including AI – and the responsibility of states in conducting and responding to cyber operations and incidents. The event was part of RUSI’s ongoing Global Partnership for Responsible Cyber Behaviour (GP-RCB) work. This initiative is dedicated to mapping practical understandings of responsible cyber behaviour (RCB) by conducting evidence-based research and connecting experts from different sectors and regions to reflect the diversity of views on the topic. Except for keynote speakers and the final discussion, we have not attributed panel speakers’ remarks.

Introduction: A Global Perspective on RCB

In an increasingly volatile and interconnected global landscape, malicious activities within cyberspace present an ever-growing threat to international stability and security. From cybercrime and the misuse of emerging technologies to the proliferation of commercial hacking tools and state-sanctioned cyber operations, the challenge is multifaceted. Over the past two decades, governments worldwide have engaged in multilateral negotiations to develop norms that guide RCB. While progress has been made – as reflected in the 11 non-binding norms on responsible state behaviour in cyberspace reaffirmed by UN members in 2021 – difficulties remain in achieving international consensus on how responsibility is understood and operationalised.

In an environment where influence and control lie beyond the sole purview of government authorities, a comprehensive, whole-of-society approach to RCB is necessary. This entails fostering cross-regional dialogue and multistakeholder collaboration to advance diverse, transparent and inclusive understandings of responsibility. This includes the need to widen global conversations on RCB to stakeholders beyond the state, in ways that reflect the many nuances of how and where responsibility is enacted. Key dimensions of this relate to how responsibility is understood internationally, domestically and operationally across different cultural, political and geographical contexts.

To promote debate and help foster a collective understanding of responsibility in cyberspace, the GP-RCB is focused on mapping practical understandings of RCB by conducting and delivering evidence-based research. It does this by connecting experts from different sectors and regions to reflect upon the diversity of views on the topic, providing an international platform that brings together more than 80 scholars, experts, think tanks and other academic institutions for dialogue, debate and research.

The inaugural Securing Cyberspace Conference, organised by RUSI and the GP-RCB, took place on 9 October 2024 at 61 Whitehall in London, convening global experts from academia, industry, government and civil society to explore challenges under the theme “Responsible Cyber Behaviour in Practice: A Global View”. Marking the first anniversary of the GP-RCB, the conference underscored the importance of diverse, inclusive dialogue in shaping the future of cyberspace governance. It aimed to bridge regional perspectives by connecting the research community, showcasing ongoing research, and facilitating insight on what RCB looks like across different operational contexts.

A Special Message from Izumi Nakamitsu

Ahead of the conference, RUSI received a “special message” from UN Under-Secretary-General and High Representative for Disarmament Affairs Izumi Nakamitsu that underscored the urgency of advancing global dialogues on RCB. In her message, Nakamitsu emphasised the importance of perseverance in face of geopolitical challenges, remarking that “Some may be tempted to conclude that the circumstances of the moment are not conducive to progress, but, in fact, it is precisely in moments like these that we must redouble our efforts in support of the framework for responsible state behaviour in the use of ICTs [Information and Communication Technologies].” The statement resonated with the overarching theme of SC2024, which saw experts address the complexities of advancing RCB in a world where political tensions and culturally divergent understandings of responsibility persist.

The Conference Programme

The conference was made up of a mix of session formats. Following a ministerial opening, SC2024 began with two panels: one reflecting on the viability of multilateralism in advancing international cyber security commitments in an increasingly tense geopolitical context; and the other on state responsibility in the development of capabilities and conduct of cyber operations. Panel discussions were followed by workshops covering three dimensions of responsibility: international, domestic and operational. During the workshops, participants engaged with thought leadership, diverse perspectives and cross-sectoral collaboration to map diverse and practice-based understandings of RCB. The conference closed with a panel on innovative research and critical perspectives on ensuring RCB, which highlighted evolving work by GP-RCB researchers, and a “fireside chat” reflection on how to connect the discussion on responsible AI with cyber security.

A UK View of RCB

Stephen Doughty MP, minister of state for Europe, North America and Overseas Territories in the Foreign, Commonwealth and Development Office, delivered the new government’s first speech on cyber security at SC2024. Doughty emphasised the critical importance of enhancing cyber security and fostering collaborative partnerships across UK sectors. He noted that “there is no national security, no economic security without cyber security”, underscoring the essential links between robust cyber measures and national stability. Acknowledging the increasing reliance on digital infrastructure in areas such as banking, healthcare and defence, the minister emphasised that, as “the stakes are higher than ever”, a unified response from all stakeholders is imperative, to counteract the escalating threats posed by state actors and criminal organisations.

In his address, the minister identified three key themes guiding the government’s approach to RCB: the necessity of partnerships; a commitment to RCB, including principles of transparency, inclusion and accountability; and the importance of a whole-of-society approach. He drew parallels with the successful collaboration that resulted in the cracking of the Enigma code during the Second World War, stating that “it’s only through solid, respectful, mutual, beneficial partnerships that we can fight back”, and emphasising how today’s cyber threats require unity. The minister underscored the need for transparency to build trust and facilitate cooperation, reflecting the UK’s aim of advancing responsibility through a holistic approach, fostering innovation, supporting underrepresented groups in technology, and engaging with global partners to combat cybercrime.

Panel 1: Fragmentation or Like-mindedness? Rethinking RCB in the Age of Minilateralism

UN negotiations on responsible state behaviour have provided an important framework for thinking about the applicability of international law in cyberspace, as well as creating a corpus of non-binding norms that can inform customary state practice. Notwithstanding such developments, current geopolitical divides and the elevation of cyber security within national security agendas have created a tense and protracted environment for the future of UN dialogues on this matter. In contrast to these larger forums, initiatives such as the Hiroshima Dialogue, the International Counter Ransomware Initiative and others have focused instead on promoting space for discussions of specific themes, and offering platforms for dialogue of the like-minded. In view of this, SC2024 invited government representatives and international experts to critically reflect on fragmentation and like-mindedness in global cyber security governance, specifically addressing the question of whether concrete discussions on RCB remain viable in an age of minilateralism – that is, in an age in which governments have sought to tackle international problems and pursue mutual goals in smaller groups.

A New Diplomatic Strategy?

The panel opened with a keynote address by James Lewis, Senior Vice President at the Center for Strategic and International Studies, which focused on the evolving diplomatic cyber landscape, particularly in the context of great power competition. Lewis argued that the era of international cooperation on cyber norms, which “peaked” in 2015, has ended, with global relations now driven by rivalry among major powers such as the US, China and Russia. This shift, according to Lewis, means that “responsible state behaviour must be balanced against the realities of competition”.

Lewis emphasised that the fragmentation of the international system, driven by geopolitical realignments, has heightened tensions and disrupted progress on collaborative frameworks for cyberspace. He pointed to the absence of structured dialogues between major powers as a critical factor exacerbating this fragmentation. “There are no regular negotiations or agreed framework for talks between the United States and China, much less with Russia, as was the case in the Cold War,” he remarked, underscoring the challenges this poses for fostering stability.

A critical takeaway from Lewis’s keynote was the importance of governments creating new engagement strategies to manage the growing risks in cyberspace and its governance. Lewis advocated for a new democratic diplomatic strategy that accepts fragmentation but focuses on creating accountability and engagement strategies with both neutral and adversarial states. As he noted, “fragmentation, while unavoidable, can be managed to reduce the chance of conflict and to lay the foundation for a more secure future”.

Panel Discussion

Subsequent panellists focused on providing insights into the different elements that shape governments’ decisions and incentives to engage in discussions on RCB. While panellists recognised the importance of multilateralism in fostering an inclusive platform where global voices can be heard – a sentiment embodied by institutions like the UN’s Open-Ended Working Group (OEWG) – such frameworks also faced the criticism that they were slow and at risk of creating echo chambers. Specifically, one panellist raised the issue of there being a “bloc mentality” in multilateral fora, an issue that had prompted countries such as Brazil to not only call for confidence-building measures across political divides in the OEWG, but also support the establishment of a permanent mechanism for regular institutional dialogue on cyber security in the UN. This view echoed broader concerns that, without a unified approach, disparate initiatives between great powers could fracture global cyber governance.

Minilateralism, on the other hand, was highlighted as indispensable for operationalising cyber security initiatives in diverse cultural and geographic regions. A panellist drew on Switzerland’s participation in the Pall Mall Process to counter the proliferation of commercially available cyber intrusion tools as an example of how smaller, focused coalitions can complement broader multilateral discussions. Panellists recognised that these coalitions allow for quicker action and sharper focus, especially in contexts where geopolitical divides slow down multilateral efforts.

The African context added further nuance to the global conversation, with one participant highlighting how, despite African states recognising the value of multilateral platforms, there is growing sentiment that these forums often overlook regional priorities. The panellist specifically identified the need for a “Common African Position” on cyber norms, as a reflection of the continent’s desire for its priorities to be acknowledged, something that the rigid voting structures of international organisations often undermine. Similar conclusions were drawn by a panellist focused on RCB in the Indo-Pacific, which has seen India – in the absence of a pan-regional organisation in its vicinity – participate in various minilateral engagements including the Quad and the I2U2 Group. The panellist specifically identified geopolitical polarisation as a factor driving India’s foreign policy towards minilateral engagements, where a lack of understanding or sense of cooperation between major powers inhibits efforts towards global consensus building.

Rather than seeing these frameworks as being in competition, the panel recognised that they are mutually reinforcing: multilateralism provides the foundation for discussion and consensus building, while minilateralism drives practical outcomes. The added difficulty in this process, noted in the panel discussion, is the reconciliation of domestic responsibility with discussions at the international level. Emerging from the panel discussion was a reflection about the different levers of control and accountability that states have been trying to employ in attempting to enact responsibility amid growing fragmentation. This includes questions of how and when governments employ dual-use surveillance capabilities – such as the Intellexa Alliance capabilities proliferated across the EU – to legitimately address organised crime and other national security threats. An example of good practice, as highlighted by one participant, is the Swiss Act on Private Security Services Provided Abroad, adopted in 2013, which requires that companies intending to provide such services from Switzerland notify the relevant domestic authorities in advance.

As the panellists noted, the global cyber diplomatic landscape is marked by both multilateralism and minilateralism, with increasing geopolitical tensions amplifying the relevance of both global and regional frameworks to shaping RCB. The discussion concluded that the key will be in harmonising these frameworks to create a resilient and adaptable global cyber governance architecture, ensuring that wider conversations remain inclusive and effective.

Panel 2: Responsible Use of Cyber Capabilities

The development and use of cyber capabilities have become an integral part of cyber statecraft. Countries have devised specific organisations (cyber forces and cyber commands), sought to pass legislation to enhance the reach of cyber operations, and allocated more government funding to acquiring cyber tools to support a suite of strategic/operational objectives. The second panel of the day therefore brought together a group of researchers and experts to discuss how states have sought to reconcile state responsibility with the development of capabilities for conducting offensive cyber operations, as well as the core elements that should guide states’ use, acquisition and development of such tools.

Keynote Address: The Dilemmas of Responsible Cyber Partnerships

This second panel was opened by investigative journalist Kim Zetter, whose keynote focused on the ethical and strategic dilemmas faced by liberal democracies in building and maintaining responsible cyber partnerships. Reflecting on the nearly 15 years since the discovery of the US-Israeli computer worm Stuxnet, Zetter highlighted the essential role of cyber capabilities in national security and foreign policy, while underscoring the lack of transparency involved. This relates to not only how states decide to deploy cyber tools to achieve their own objectives, but also what safeguards are in place to prevent their misuse by partners.

Zetter raised critical questions about the international push for “responsibility” in cyber operations, questioning whose definition of responsibility prevails in a fragmented global landscape. She pointed out that while the US and its allies often condemn as irresponsible acts such as economic espionage, other states – notably China – see no distinction “between espionage for national security purposes and espionage to support the communist party’s socio-economic goals”. This divergence complicates efforts to establish shared norms, because – as Zetter noted – “nations that argue about the need for cyber norms are often reluctant to sign into agreements that would hamper their options for deploying capabilities”.

Another central theme in Zetter’s address was the challenge of shared responsibility when liberal democracies assist partners in developing cyber capabilities. She pointed out that while the US and its allies frequently provide training and resources to other states, they often lack control over how these partners deploy their newfound capabilities. In challenging the audience to consider the ethical implications of providing capabilities to allies who may employ them in ways that diverge from democratic norms, Zetter asked whether “democratic states that design offensive cyber tools – and develop the skills and techniques for using them – have the right to dictate how other nations that they give them to use them”.

Zetter highlighted how wider national political interests can indirectly lead democracies to endorse surveillance practices that they would deem unacceptable at home. In her view, Israel’s granting of an export licence for the NSO Group’s Pegasus software to the UAE in the 2010s – a transaction that is widely viewed as having contributed to the UAE’s recognition of Israel’s sovereignty in 2020 – is an example of this. Zetter concluded:

Today, when we talk about what kinds of operations we engage in that go too far, we also have to talk about what concessions we are willing to make that support the cyber operations of other nations. Where do we draw the limits of acceptable cyber behaviour for ourselves, and for those whose activities we enable and therefore tacitly endorse?

Panel Discussion

The panel brought together experts to discuss how governments reconcile the use of offensive cyber capabilities with international norms and legal obligations. Central to discussions were the tensions between transparency, oversight and operational security, highlighting the growing complexity of defining “responsibility” in the development and use of cyber capabilities. The following themes were raised by panellists as they reflected upon how to define responsible use of cyber capabilities, and addressed the key elements that should guide states’ development of cyber tools.

Transparency as a Cornerstone of Responsible Cyber Operations

Panellists agreed that transparency is essential to the responsible use of offensive capabilities. One participant noted how a significant shift has occurred in recent years. The use of such capabilities used often to be veiled in secrecy. The declassification in 2019 of the US cyber operation “Glowing Symphony” against Islamic State was cited as a pivotal moment of change, where a transparency initiative gave the international community a granular, detailed account of a state-conducted cyber operation for the first time. Marking a departure from the hyperbolic discourse surrounding the destructive potential of cyber actions, this type of openness – while challenging, owing to the need for operational security – was viewed by participants as crucial to building international confidence in states’ cyber behaviour.

Measuring the Effects of Cyber Operations

The panellists also addressed the difficulties of measuring the effects of cyber operations, particularly in assessing unintended consequences. The complexity of cyber operations, combined with the often-blurred lines between state and non-state actors, complicates the evaluation of their impact. One panellist emphasised the importance of clearly defining “effects” of cyber actions in both operational and legal contexts to ensure accountability and adherence to international norms.

The Role of International Law and Due Diligence

The panel acknowledged the importance of international law in governing state behaviour in cyberspace, while also recognising its limitations. There was consensus that while international law provides a foundational framework, its application remains more rhetorical than practical. A critical challenge highlighted was the lack of harmonised principles for accountability and attribution across the international community. The panel called for states to engage in the development of rigorous due diligence, both legally and operationally, to ensure that cyber actions remain within the bounds of international legal standards.

Responsibility to Act

Panellists also discussed how government inaction in cyberspace – as distinct from widespread worries relating to government action and offensiveness – can constitute a form of irresponsibility. The most capable states, some panellists argued, have an obligation to take initiative, to be persistently engaged, and to contest malicious cyber activity. By doing so, states help shape the norms and rules that govern cyberspace over time. This approach challenges the traditional defensive postures that many states have adopted, where responsibility is seen as primarily reactive.

The Workshops: A Three-layered Approach to Unpacking RCB

To reflect upon responsibility through different conceptual lenses and contexts, participants in SC2024 were given the opportunity to deep dive into their respective fields of expertise across three separate workshops. These workshops aimed to provide participants with a platform to inform the future GP-RCB international research agenda by engaging with thought leadership, diverse perspectives and cross-sectoral collaboration. Based on the core themes and reflections that the GP-RCB had identified in its first year of unpacking framings of responsibility, the workshops were divided into a three-layered approach to responsibility: the international, domestic and operational levels of governance.

Track 1: International – The Road Ahead for UN Cyber Negotiations Post 2025

As the second OEWG mandate concludes in 2025, the future of UN cyber negotiations faces considerable uncertainty. This workshop invited participants to reflect on challenges and opportunities for sustaining international dialogue on responsible state behaviour in cyberspace. Discussions explored geopolitical divides, proposals for post-2025 frameworks, and the role of multistakeholder collaboration in shaping effective governance.

OEWG Challenges and Limitations

Discussions began by reflecting on the OEWG’s role as a platform for state dialogue on responsible behaviour in cyberspace. While participants acknowledged its contributions to maintaining discussions, they also identified a heavy focus on procedural aspects, rather than on achieving tangible outcomes. A recurring critique was the insufficient attention given to integrating international humanitarian law into discussions; participants argued that this gap limits the OEWG’s effectiveness in addressing pressing cyber-governance challenges.

Proposals for Post-2025 Mechanisms

The uncertain future after the expiry of the OEWG’s mandate in 2025 prompted discussions on potential solutions to sustain international dialogue. A permanent Programme of Action (PoA) emerged as a prominent proposal, offering the prospect of merging existing parallel mechanisms, such as the OEWG and the Group of Governmental Experts (GGE), into a streamlined and cohesive structure. Proponents argued that a PoA could reduce the inefficiencies of recurring negotiations, while fostering institutional stability and continuity in cyber governance.

Navigating Geopolitical Silos

Participants emphasised the difficulty of sustaining multilateral negotiations amid the increasing fragmentation of international relations. Geopolitical silos, marked by growing distrust and regional divisions, were seen as significant threats to progress on global cyber norms. Despite these challenges, there was consensus on the necessity of maintaining regular institutional dialogues to preserve minimal levels of trust and prevent the erosion of cooperative frameworks.

Multistakeholder Approaches

A key theme was the importance of broadening participation in cyber negotiations to include non-state actors. The inclusion of private sector representatives, civil society, and technical communities was highlighted as essential to capturing diverse expertise and perspectives. Such multistakeholder engagement was seen as a way to enhance the legitimacy of outcomes while addressing concerns that state-centric processes often overlook operational realities and broader societal impacts.

Trust Building and Accountability

Confidence-building measures and other approaches to building trust were identified as critical to fostering confidence among states. However, participants noted that the absence of robust verification mechanisms in cyberspace governance undermines the effectiveness of such measures. Breaches of international law were seen as particularly damaging to long-term cooperation. Greater accountability – through clearer enforcement mechanisms and a focus on transparency – was presented as essential for establishing a stable and reliable framework for cyber norms.

Track 2: Domestic – An Incident Responder Perspective on RCB

This workshop shifted the focus from international norms to the critical domestic responsibilities of technical operators such as computer emergency response teams (CERTs) and national cyber security agencies. Participants examined how these responders contribute to whole-of-government efforts to counter irresponsible cyber activities, and reflected on the unique perspectives they bring to defining and implementing responsible behaviour in cyberspace.

The Evolving Role of Incident Responders

The workshop opened by highlighting how the field of cyber security has grown from addressing isolated vulnerabilities to dealing with challenges of broader societal significance. Participants observed that cyber attacks increasingly impact entire countries, with economic, political and national security implications. This shift underscores the need for incident responders to balance technical expertise with an understanding of larger strategic and legal frameworks.

Legal Boundaries and Normative Principles

Discussions emphasised the importance of ensuring that incident responders operate within defined legal and normative boundaries. CERTs, in particular, were seen as pivotal to upholding principles such as respect for national sovereignty while mitigating cyber threats. Participants highlighted that deeper training on international legal frameworks could enhance their ability to act responsibly and effectively, especially when managing cross-border incidents.

Attribution as a Collaborative Endeavour

Attribution was identified as a complex task that requires a blend of technical analysis, intelligence sharing and diplomatic coordination. Participants shared lessons from past cases where attribution errors were corrected through collaboration among CERTs, intelligence agencies and other stakeholders. These examples demonstrated the value of multistakeholder partnerships in ensuring accurate and credible attributions.

Addressing Domestic and Cultural Nuances

The workshop explored how domestic values and circumstances shape approaches to RCB. In developing countries, motivations for adhering to international norms often align with economic development goals and digital transformation. In contrast, more developed nations may prioritise global influence and power dynamics. Participants noted that African countries often feel marginalised in global discussions, calling for greater inclusion and support in public–private partnerships. The need to balance cyber security with privacy rights was also highlighted as a key consideration in diverse domestic contexts.

Bridging Policy and Technical Spaces

Participants identified the gap between high-level policy discussions and technical operations as a persistent challenge. A recommendation emerged for governments to facilitate regular meetings between senior authorities and technical responders, enabling alignment of cyber security operations with legal frameworks. Such initiatives could foster stronger collaboration, ensuring that policy decisions translate effectively into operational practice.

Diverse Challenges in Operationalising Responsibility

The discussion concluded with an acknowledgment of the significant variability in national capacities and resources. While some countries have made progress in fostering collaboration among CERTs, private companies and governmental entities, others struggle to operationalise norms due to economic and infrastructural limitations. This disparity underscores the need for tailored approaches to implementing responsible cyber practices across different domestic contexts.

Track 3: Operational – Designing Principles for Responsible Cyber Operations

This session explored the guiding principles and doctrines for responsible cyber operations, moving beyond the growing institutional and technological capabilities states have developed for cyber competition. Participants focused on what operational norms and frameworks should inform states’ cyber activities, particularly in sub-threshold strategic contexts.

Beyond Legal Framing

One of the central tensions identified in the workshop was around the legal framing of responsibility. Participants noted that the conversation on responsibility often veers into overly legalistic discussions, focused primarily on adherence to international laws and norms, rather than on the intentions evident in operational behaviour. While adherence to international law is essential, an operational perspective on responsibility should also address recklessness and irresponsibility in cyber activities. This broader approach, according to its proponents, emphasises strategic oversight and the need to calibrate operations to avoid unintended consequences, tying actions to broader statecraft objectives, rather than to isolated missions.

Proportionality and Necessity

The principles of proportionality and necessity were underscored as cornerstones of responsible cyber operations. While these principles are derived from international law, their real-world application remains challenging, especially when operations risk affecting civilian infrastructure or infringing human rights. Participants stressed the need to differentiate between counter-force targeting and counter-value strategies, citing cases such as SolarWinds and NotPetya as examples of disproportionate and poorly calibrated operations.

Transparency, Accountability and Oversight

The importance of transparency and multilayered oversight was a recurring theme. Democratic states such as Canada and India were highlighted as examples of countries working to ensure that cyber operations align with principles of civilian control and oversight. Participants agreed that the key to achieving this balance lies in governments’ ability to manage multiple layers of authorisations for cyber campaigns. In the case of Canada, such a process involves the Ministry of Foreign Affairs and the Intelligence Commissioner working together to ensure a principled approach to the authorisation and oversight of cyber operations. However, participants noted that existing transparency mechanisms often fall short of addressing the strategic and campaign-level dimensions of cyber operations. Effective frameworks should integrate cyber operations into broader political and strategic contexts, rather than treating them as standalone actions.

Corporate Responsibility

The role of private companies in cyber operations was another critical discussion point. Technology and telecommunications firms often act as enablers or agents of state-sponsored operations, yet their accountability remains ambiguous. Participants emphasised the need for international principles that define the responsibilities of these actors and establish mechanisms to ensure they do not engage in reckless or irresponsible behaviour under the guise of state contracts.

Responsible AI and Cyber Security

The rapid expansion of generative AI models has heightened global interest in the disruptive implications of this technology to our societies, particularly regarding responsible and secure use. While AI has become integral to scaling cyber security solutions, discussions about responsible AI and RCB have often been siloed in separate communities. SC2024’s concluding fireside chat bridged this divide, featuring insights from Ollie Whitehouse, Chief Technology Officer at the UK’s National Cyber Security Centre, and Ciaran Martin, Professor of Practice in the Management of Public Organisations at the University of Oxford.

Avoiding Alarmism and Maintaining Perspective

A central theme of the discussion was the need for a balanced approach to AI. Martin urged against sensationalist narratives, emphasising that responsible discourse requires avoiding exaggerated fears about AI’s potential for harm. He also highlighted that, unlike other industries, “the cyber security industry, for once – and very counter culturally given its history – has reacted to AI threats relatively calmly”.

Whitehouse echoed this sentiment, noting that while adversaries are leveraging AI to enhance traditional techniques such as vulnerability scanning and social engineering, these developments do not represent a fundamental shift in cyber threat dynamics. The industry’s challenge lies in monitoring and preparing for the scaling of AI threats without succumbing to hype. As Whitehouse explained, “there is something for us to be mindful about, and something to be prepared for as that scales, but the punchline is: AI for cyber good is the thing that we should fixate on, not AI for doom”.

Proliferation and Preparing for the Future

The inevitability of AI’s proliferation was another key focus. Basic AI capabilities are expected to become widely accessible, including to malicious actors. According to Whitehouse, this reality requires the cyber security community to adopt proactive strategies to mitigate risks, while continuing to evolve defences. He noted that governments and private entities must collaborate to develop norms and regulations that promote responsible AI use.

Alongside institutional measures, cyber security professionals must adapt to adversaries’ evolving tactics. Both speakers highlighted the importance of fostering a culture of scepticism in relation to AI systems, teaching professionals and the public to critically evaluate AI outputs, rather than placing undue trust in them. In cyber security, this translates to ensuring that critical decisions remain under human oversight. AI can automate tasks and provide insights, but ultimate accountability must lie with humans, especially when national security is at stake.

Integrating AI into Cyber Security Frameworks

Martin emphasised the need to view AI and cyber security as interconnected parts of the same challenge, rather than as separate phenomena. Integrating AI into cyber security frameworks responsibly requires balancing the technology’s potential benefits against ethical considerations and the risks it poses. This approach includes retaining human judgement in decision-making processes, and ensuring that AI systems are tools rather than autonomous agents in critical security contexts.

The Future of GP-RCB Research

SC2024 explored RCB in its international, domestic and operational dimensions, identifying key challenges and future directions.

At the international level, discussions highlighted the persistent gap between the development of UN norms and their practical implementation, particularly in resource-constrained nations. Inclusive engagement, capacity building, and equitable partnerships were emphasised as essential for fostering global adherence to responsible principles.

Domestically, the role of technical actors such as CERTs was highlighted as central. Participants emphasised the need for robust legal understanding among responders, and stronger collaboration between policymakers and technical communities. Bridging the gap between policy and technical spaces was seen as critical to operationalising responsibility within national contexts.

Operationally, principles such as proportionality, necessity and accountability were identified as essential for responsible cyber operations. Participants called for greater transparency, strategic oversight, and accountability mechanisms, particularly in the involvement of private sector actors in state-directed cyber activities.

Across all tracks, the importance of three major themes emerged: bridging silos between disciplines; addressing the unique challenges of different national contexts; and strengthening collaboration between state and non-state actors. Discussions underscored the need for a holistic, integrated approach to RCB, encompassing legal, technical and operational considerations. The conference reflected a collective recognition that RCB requires a coordinated global effort, underpinned by consistent dialogue, inclusive governance and a strategic approach to tackling the evolving cyber threat landscape. These reflections will inform future research and engagement as part of the GP-RCB and wider research community, highlighting the necessity of a forward-thinking, collaborative framework to navigate the complexities of cyber security in the 21st century.

Sara Seppanen is a Research Analyst in the Cyber Team at RUSI.