What are the ‘rules of the road’ for cyberspace, and who sets them? The question has risen in prominence and priority as cyber threats have grown more severe. A lack of clarity about acceptable behaviour enables destabilising cyber activity, such as the recent Microsoft Exchange hack by suspected state-sponsored actors and the persistent ransomware attacks targeting hospitals around the world. …