Cyberspace has turned into the “fifth dimension of conflictuality” and, as such, has been sanctioned both by countries’ national cyber security strategies and by international organizations alike. In particular, NATO recognizes cyberspace as a domain for military operations wherein it is possible to trigger collective defense mechanisms in the event of hostile actions. The militarization of cyberspace has therefore been reached — not only through the application of strategic concepts — but also through operational activities conducted with the tools made available by the digital domain’s “military box”.
The hybrid nature of cyberspace contributes to undermining international stability and security, since, as pointed out by various authors, it is impossible to distinguish between civil and military or virtual and real in cyberspace. In this regard, Joseph Nye highlighted how “in the classic duality between war and peace, cyber usually fall into a ‘gray zone’”.
Nye’s gray area is symptomatic of a fundamental gap: the lack of internationally shared rules applicable to the digital dimension. This gap becomes evident if we consider the growing use of cyber-attacks against essential entities (i.e., critical infrastructure) as well as the constant use of cyber capabilities to achieve political and military objectives.
In 2014, Henry Kissinger stated that “It is difficult to assess national capabilities, vulnerabilities are multiplying, and there is no clear distinction between war and peace. These new technologies are outpacing regulation, strategy and doctrine, and there no shared interpretations or understandings of cyber capabilities. Moreover, it is highly implausible that countries with different histories and cultures will arrive independently at the same conclusions about the nature and permissible uses of their new intrusive capacities”.
In light of this, the need to develop appropriate diplomatic initiatives able to preserve international stability and security is evident. The basic question, then, is whether diplomacy can play a role in cyberspace. To answer this question, it is first of all necessary to define what is meant by diplomacy. As Wight put it, diplomacy can be defined as "the attempt to fix conflicting interests through negotiation and compromise".
This definition, which reflects the position of the English School, places diplomacy at the center of international politics as it is understood as “a central institution in the definition and maintenance of international society”. In fact, according to Bull, there are five main functions of diplomacy: 1) facilitating communication in world politics, 2) negotiating agreements, 3) gathering intelligence and information from other countries, 4) avoiding or minimizing tensions in international relations, 5) demonstrating the existence of a society of states. We can therefore define cyber diplomacy as “the use of diplomatic resources and the exercise of diplomatic functions to guarantee national interests in relation to cyberspace. These interests are generally identified in national cyberspace or cybersecurity strategies, which often include references to the diplomatic agenda”.
All these features can be attributed to traditional diplomatic activities; however, the question remains as to whether "old tools can be used for new games". In particular, as demonstrated by the various ongoing attempts to create an internationally valid legal framework, the underlying problem of cyber diplomacy revolves around the use — or implementation — of rules (mostly preexisting ones) that will actually lead to the desired outcome if they were to be broken in cyberspace. Recent United Nations-brokered initiatives seem to have somewhat limited these obstacles. However, this remains an “open issue”: what happens if, in the event of a cyber-attack, the international community is called upon to respond in line with the legal framework of international law?
In light of these considerations, an appropriate cyber diplomacy agenda should be based on concrete and achievable objectives, such as the ability to ensure effective and efficient multilateral agreements around rules and norms for responsible behavior recognized by state and non-state actors in cyberspace.
These initiatives are especially relevant if we consider the technological developments which, in the near future, will be able to subvert the current “war dynamics” in cyberspace. In fact, while cyber-attacks are likely to increase in complexity and make accountability and attribution increasingly problematic, responses and defensive actions (both political and military) will equally become more robust.
In conclusion, a further element of reflection might be taken into account when we analyze the issue of cyber diplomacy: the current state of the art of diplomatic initiatives in the cyber field abounds with numerous (and sometime redundant) multilateral initiatives. However, in the near future, state-centric sovereignty in the digital domain will become the “normal approach”. As such, cyber diplomacy will have to successfully adapt classic diplomatic tools to govern technological trends and, above all, it will have to understand which (state or nonstate) actors will play a key role in providing the tools influencing the stability of the international order.