Date of Conferral





Public Policy and Administration


Michael B. Knight


Unregulated state cyberattacks are an urgent threat to international peace and security because of the costs they impose and the devastating effects they can create. However, international norms governing state cyberattacks (international cybersecurity norms) have not yet emerged. The lack of meaningful consequences for state cyberattacks, and the high rewards derived from them, incentivize states to engage in this new form of hostile conduct (cyberconflict). The problem addressed in this modified Delphi study was the persistent struggle between authoritarian and democratic states over competing international cybersecurity norms that cause cyberconflict to remain unregulated. Kingdon’s multiple streams framework was used as a theoretical lens to examine the norm emergence process. Data were collected from a panel of experts in international cybersecurity norms. Three rounds of online questionnaires were administered, with participant feedback between rounds, to build a consensus opinion. Six participants completed all rounds. Terms and phrases of participants were used to create codes, and related codes were grouped to reveal patterns and develop themes. The panel did not establish strong consensus (Kendal’s W ≥ .75) regarding the ranking of the issues but defined the points of disagreement and reached a weak consensus on the top three issues: problem nature, attribution, and threat perception. Findings may inform positive social change through future efforts to create the conditions necessary for international cybersecurity norms to emerge, thereby contributing to international peace and security.