Between Strategic Autonomy and International Norm-setting
The EU's Emergent "Cyber-Sanctions" Regime
According to the 2016 EU Global Strategy (EUGS), today's world is characterized by an increased strategic competition and rising threats to multilateralism and a rules-based order. In this fast-evolving environment, the EU has shifted from its traditional “values-based” approach in foreign policy to a “principled pragmatism”. This holds that the EU should solidify relations with countries with shared values, while also engaging strategically with rivals. The EU's goal is to protect its strategic interests in the world marked by the US-China rivalry, a confrontational relationship with the Trump administration, and Russia's growing ambitions in their shared neighborhood. The present chapter examines some aspects of the EU's efforts to secure its autonomy in an emergent terrain for international competition: cyberspace. The analysis will begin with an explanation of the broader context for the EU's approach to cybersecurity, which should be understood as part of the Union's longstanding pursuit of “strategic autonomy” in an increasingly competitive geopolitical environment. It then offers a description of deterrence theory and its application to cyberspace, before turning to the development of the EU Cyber Diplomacy toolbox and targeted restrictive measures in response to cyberattacks. It will then seek to assess the deterrence potential of restrictive measures on the basis of some generic attributes of the concept of deterrence identified in rich theoretic contributions on deterrence theory and cyberspace. It concludes that while sanctions might appear to be ineffective and non-aligned with the operational characteristics of the cyber domain, their potential for establishing good practices should not be discarded. They should instead be used as a vehicle for promoting and informing the international discourse on the norms of responsible state behavior in cyberspace.