"To be fair," there are norms about how intelligence services behave. That we, the proletariat, aren't aware of them doesn't make them any less real. That they've either changed or that we've only just discovered what they are doesn't say anything about what they are or used to be.
"Norms" don't necessarily make things objectively or even subjectively better. They just make them standard. Asking for norms will get you absolutely nothing, even if you get what you ask for: They'll just establish what they're already doing as normal, and continue to not tell you about the new things they start doing. Because that's what intelligence is; if they told people what they were doing, for better or worse, people would make it harder for them to do.
The norms in question are those of cyber attacks. This includes but is not limited to intelligence operations. The SONY attack, for example, was not an intelligence operation. The downing of the Syrian airforce was not an intelligence operation. Nor was Stuxnet or the the Georgia cyberattack.
Norms are important because they are precursors to law (in this case international law). Norms create ground upon which a country can accuse another, a ground upon which you can achieve consensus among many parties, and norms set expectations of behavior that if loosely followed every country can benefit from.
"Norms" don't necessarily make things objectively or even subjectively better. They just make them standard. Asking for norms will get you absolutely nothing, even if you get what you ask for: They'll just establish what they're already doing as normal, and continue to not tell you about the new things they start doing. Because that's what intelligence is; if they told people what they were doing, for better or worse, people would make it harder for them to do.