Over the last few years, the international community has devoted much attention to the topic of "international cyber norms". However, there appears to be a fundamental tension between these norm-development efforts and their real-world application as effective tools to reduce cyber risk and deter or prevent malicious state and non-state actors. Furthermore, in the current geopolitical climate, a broad agreement on global cyber norms seems improbable, as suggested by the lack of consensus in the course of the UN GGE 2017 process. In the meantime, government officials tasked with developing and deploying cybersecurity policy and law face day-to-day challenges and are operating on a different track. Questions continuously arise with respect to the role of the state in formulating cybersecurity standards, information sharing, active defense and privacy protection. These questions are dealt with mostly in the "civilian" cybersecurity sphere and are occurring largely under the radar of the global "international cyber norms" community. Against this backdrop, the paper suggests a shift in the approach to cyber norms. Its central thesis is that, at this juncture, rather than attempting to create a set of pre-defined aspirational norms aimed at achieving global stability, the international community should pay greater attention to discussions that are already occurring between cybersecurity regulators/authorities and should proactively support such discussions.