Reimagining Cyber Arms Control

International agreements have demonstrated varying degrees of success in regulating conventional arms sales, providing a foundation for the potential expansion of such frameworks to cyber arms control. This paper examines the applicability of existing arms trade regulations to the cyber domain, focusing on key challenges related to definitions, compliance, and international consensus. First, the study reviews the United Nations Arms Trade Treaty (ATT), highlighting its emphasis on regulating behavior and outcomes rather than specific technologies. A critical provision of the ATT requires governments to assess the likelihood of exported arms being used for malicious purposes, a principle that could inform cyber arms governance. Next, the paper analyzes the Wassenaar Arrangement, emphasizing its toolbox approach to policy implementation, which allows for flexible, state-specific measures. Additionally, the surveillance-related amendments within Wassenaar provide insights into managing dual-use technologies in cyberspace. Based on these analyses, this paper advocates for a cyber arms control framework that incorporates behavior-based regulation, adaptable policy mechanisms, and the inclusion of nongovernmental stakeholders to enhance global cybersecurity governance.