Cyber security is a relatively new international problem. A decade ago, it received little attention as an international issue, but since 2013 the Director of National Intelligence has named cyber security risks as the biggest threat facing the USA. Although the exact numbers can be debated, various non-profit organisations have listed hundreds of state-sponsored attacks by a score of countries in the past decade. Many observers have called for laws and norms to manage the growing cyber threat. In this paper the author outlines the key normative restraints on cyber conflict. The author draws on the development of international norms in recent history to offer insights into the formation of normative restraints in the cyber realm.