Project

Cyber Accountability

Improving cyber accountability and deterring malicious cyber activity

About Project

Malicious cyber operations are omnipresent and current approaches to “cyber deterrence” fall short. To help deter cyber incidents and foster accountability, already accepted international norms and law need to be effectively implemented.

The Cyber Accountability project is examining past experiences addressing other international threats and risks to identify lessons learned in the area of accountability that can be applicable to cyber. By applying lessons from other domestic and international efforts, the project will provide policymakers with both legal and technical expertise on accountability in the cyber domain, as well as perspectives from government, civil society, and industry on potential paths to better address cyber threats. This project is being implemented by regular engagement with other stakeholders, a webinar series, and production of a research report.

Research & Writing

Project Note

Who Answers for Cyberattacks? A Singapore Roundtable Explores Solutions

Discussing Indo-Pacific perspectives about cyber accountability.
November 10, 2025

Commentary

India-Pakistan Cyber Skirmishes and the Challenge of Attribution

As cyber operations play a growing role in the India-Pakistan rivalry, misattribution threatens to undermine stability.
October 7, 2025

Commentary

Assessing Cyber Risks and Resilience in India and Pakistan

Taking stock of the threats, opportunities, and mitigation measures in India and Pakistan’s civilian cyber and digital ecosystems.
September 25, 2025

Commentary

Cyber Quicksand? Uncharted Risks and Escalatory Dynamics in a Future India-Pakistan Crisis

Offensive cyber operations introduce a layer of strategic ambiguity and misperception that could destabilize deterrence in South Asia.
September 3, 2025

Commentary

Cyber Diplomacy 2.0: From Process to Impact

Assessing outcomes from the final session of the UN’s cyber working group.
August 4, 2025
DNS Blocking

Commentary

Who Controls Your Internet? The Debate Over DNS Blocking

DNS blocking is becoming a default cybersecurity tool, but its simplicity masks serious risks to transparency, access, and digital rights.
August 1, 2025

Commentary

How the United States and India can Promote Responsible Behavior in Cyberspace Through the Quad

The US and India should position the Quad as a critical norm builder and a pillar of cyber stability.
July 2, 2025

Commentary

How Does International Law Byte into Pakistan’s Cyber Governance?

Pakistan’s cybersecurity strategy reflects a core tension: protecting state sovereignty while respecting international norms.
June 24, 2025

Commentary

Protecting Critical Infrastructure in South Asia: Cyber Threats and Solutions

The vulnerability of critical infrastructure to natural hazards and environmental degradation or even deliberate attacks is a reality that cannot be ignored.
June 14, 2025

Project Note

Cyber Accountability in Motion: Insights from Bangkok

Supporting cyber capacity-building and resilience in Southeast Asia.
May 13, 2025

Commentary

Cyber and Climate Threats: Shared Risks, Resilience, and Response Strategies

How cyber and climate risks intersect in the Caribbean—and why resilience strategies must evolve.
March 4, 2025

Policy Memo

Confront the Cybersecurity Challenge

The cyber threat landscape is evolving faster than ever, and the impact of cyber operations on personal, national, and international security must not be understated.
November 22, 2024

Issue Brief

Accountability in Cyberspace: Lessons from and for Latin America

Outlining the regional approaches, challenges, and solutions to the cyber accountability question in Latin America.
October 16, 2024

Issue Brief

Cyber Accountability Building

Empowering stakeholders to take an active role in cyber accountability processes through capacity building.
October 7, 2024

Issue Brief

Deterrence and Accountability

Exploring the mutually reinforcing and conflicting aspects of deterrence and accountability in cyberspace.
September 30, 2024

Commentary

Old Tactics, New Targets: Unraveling Lebanon’s Pager Attacks

Amid deep anxiety about the future of cyberwar, Stimson experts present a measured analysis of the pager attacks in Lebanon.
September 25, 2024

Chapter

The European Union General Data Protection Regulation

Drawing inspiration from the European Union’s large-scale data privacy and digital rights regulation: the General Data Protection Regulation (GDPR).
September 24, 2024

Chapter

The International Telecommunications Union (ITU) and Cyber Accountability

Tracing how activities of the International Telecommunications Union (ITU) foster cyber accountability.
September 24, 2024

Chapter

Is There A Space Skeleton Key for Unlocking Accountability in Cyberspace?

A look at the potential of space governance and capacity-building initiatives to enhance accountability in cyberspace.
September 20, 2024

Chapter

The Remarkable Story of the Montreal Protocol with Lessons for Cyberspace

Learning from the large-scale global effort that helped reverse atmospheric ozone depletion
September 16, 2024

Chapter

The Cyber World and Human Rights: Perspectives on International Accountability

Strengthening human rights law in the digital domain.
September 13, 2024

Chapter

Can the African Peer Review Mechanism Effectively Govern Cybersecurity and Accountability?

Championing cyber governance and sustainable development in Africa through peer review and capacity building.
September 12, 2024

Chapter

Market Incentives: The Insurance Industry and Cyber Accountability

The evolving risks and incentives in the insurance industry – and their emerging role for cyber accountability.
September 9, 2024

Chapter

Private Actors, State Responsibility

What lessons does the private security industry hold for regulating private sector actors in cyberspace?
September 6, 2024

Chapter

The Implementation of UN Security Council Resolution 1540

August 23, 2024

Chapter

Reimagining Cyber Arms Control

August 22, 2024

Project Note

Talking Accountability at the United Nations

Stimson’s Cyber Program presented the findings of its multi-year study on cyber accountability at a side event of a United Nations Open-Ended Working Group (OEWG)
July 24, 2024

Report

Advancing Accountability in Cyberspace

Findings from a two-year research project on improving international cyber accountability and deterring malicious cyber behavior.
July 8, 2024

Commentary

US Department of State Releases International Cyberspace and Digital Strategy

Observations on the new U.S. International Cyberspace and Digital Policy Strategy, barriers to implementation, and a possible path forward
June 25, 2024

Project Note

Validating the Research: Stimson Wraps Up Successful Workshops on Cyber Accountability

Stimson’s Cyber Program concludes a series of research validation activities ahead of launching a major report on cyber accountability.
May 8, 2024

Commentary

Narrowing the Gender Gap in Cyber Security

From participation gaps to differentiated threats and challenges in accessing technology, cyber (still) has a gender problem.
March 8, 2024

Commentary

False Alarms: Reflecting on the Role of Cyber Operations in the Russia-Ukraine War

Discussing the changing role of cyber operations in the Russia-Ukraine war, their implications for international law, and measuring harm.
February 22, 2024

Project Note

Building Momentum to Stop Cyber Harm

Stimson joined with States and stakeholders in London to launch a new process for addressing spyware, ‘hackers for hire’, and other intrusive cyber threats.
February 13, 2024

Project Note

Taking [some of] the Wicked out of the Cyber Problem

January 23, 2024

Project Note

Clue, Monopoly, or Risk?

Stimson co-hosted a side event about cyber accountability on the margins of a recent meeting for the UN’s cyber working group
January 16, 2024

Issue Brief

Whodunit in Cyberspace: The Rocky Road from Attribution to Accountability

In the long run, a transparent, robust, and broadly accepted attribution process is needed to hold malicious actors accountable for cyber offenses.
December 12, 2023

Commentary

Discord and diplomacy: reviewing outcomes from the UN’s cyber working group

Key developments from the UN’s working group session on international cyber peace and security and its implications for cyber accountability.
August 14, 2023

Project Note

Fostering Accountability in Cyberspace

This report summarizes key themes of discussion from a recent workshop on “Fostering Accountability in Cyberspace”.
July 3, 2023

Project Note

Stimson’s Cyber Program Convenes Experts to Discuss Cyber Accountability

Stimson’s new cyber program recently held two events that brought together the diplomatic community, industry, academia, and civil society for exploratory discussions on deterrence, transparency, and accountability.
May 24, 2023

Commentary

Striking the Right Balance

The UN’s cyber working group met in March amid geopolitical tension and rising cyber threats. How can it balance expectations and political realities?
April 14, 2023

Remarks

Cyber Threats to International Peace & Security

UN talks on international cyber security should consider the digital risks facing other domains, learn from other threat areas, and consider gender
March 3, 2023

Remarks

Stimson Center Statement on Learning from Other Efforts

UN cyber discussions should look broadly for lessons in managing cyberspace via agreed models – ranging from points-of-contact to accountability.
December 6, 2022

Remarks

What’s the Best Process? International Community Needs to Recommend Approaches to Implementation of Cyber Norms and Law

At the July 2022 Stakeholder Meeting of the UN Cyber Open-ended Working Group, Stimson Calls for Guidance on Implementation and Help in Capacity Building
August 5, 2022

Remarks

Statement at the Multi-stakeholder Meeting of the New UN Open-ended Working Group on Cyber, December 2021

Stimson encourages the new 2021-2025 OEWG on cyber to support research and stakeholder collaboration in progressing accountability in cyberspace.
January 27, 2022

Commentary

Incentivizing Good Governance Beyond Regulatory Minimums

This article was originally published in the Journal of Critical Infrastructure Policy
December 15, 2021

Remarks

Stimson Center Statement to the UN Open-ended Working Group on Cybersecurity as It Completes its Work, March 2021

The UN needs to fast track its work on ICT security. The UN is a thoughtful body that generally works via consensus. ICT risks, however, evolve quickly along with States’ and criminals’ threatening capabilities. These capabilities have increasingly been exercised recently. States and individuals are now feeling forced to react to the many cyber incidents being experienced.
March 18, 2021

Policy Memo

Cyber Risk: Lead, Manage, Don’t Accept

Cyber intrusions are endangering American security. We can be more secure if the Biden Administration takes bold leadership in two areas.
December 17, 2020

Remarks

Stimson Center Statement to the UN Open-ended Working Group on Cybersecurity, December 2019

Stimson advises the UN to look outside the cyber realm and assess past and innovative approaches working to manage international security risks as it looks to promote cyber security
March 27, 2020

Policy Paper

Prioritizing Actions for Managing Cybersecurity Risks

Considering cyber risks to the civil nuclear industry and how to address them
February 6, 2020

Sub-Projects

Cybersecurity in the Indo-Pacific

In Focus