Cyber & Emerging-Domain Norms

cyber-norms measures structural power over the rules of the digital security domain — who authors the frameworks others operate under, and who provides cyber-protection to others on terms. The structural question is: who sets the rules of the cyber domain, and who shelters others within them? — not who has the strongest offensive or defensive capability of their own. Capability is the necessary condition; rule-setting is the structure.

Cyber is not a Strange category, but mapped onto Security it splits along her exact structural/relational line:

• Structural power "means rather more than the power to set the agenda of discussion or to design (in American academic language) the international regimes of rules and customs that are supposed to govern international economic relations" (Strange 1994, p.25) — norm authorship is one face of the structural act.
• Knowledge-structure overlap (declared, not double-claimed): "whoever is able to develop or acquire and to deny the access of others to a kind of knowledge respected and sought by others; and whoever can control the channels by which it is communicated to those given access to it, will exercise a very special kind of structural power" (Strange 1994, p.30).
• Provision test for the defensive component: the security structure is "the framework of power created by the provision of security by some human beings for others" (Strange 1994, p.45).

Offensive capability is coercive sheer power — relational power, "the power of A to get […] B to do something they would not otherwise do" (Strange 1994, p.24; source reads "get to B") — not the structure.