Three things you need to know aboutnbspCyber Power

Upon the UK’s unveiling of its National Cyber Strategy last year, one particular term was brought to the surface, that has subsequently caught the eye of analysts and players in the industry space: the notion of ‘cyber power’.

 

Encompassing more than the notions or strength or even domination, the concept of cyber power recognises the importance of cyber defence, partnerships and the softer aspects of cyber power such as diplomacy and technology leadership. Furthermore, it is important that government, industry and academia all work towards joint goals in this space – they all have a role to play in realising a nation’s cyber power ambitions.

 

That ambition, in essence, is to project and promote national interests in and through cyberspace, and to influence the behaviour of other actor nations to align with our own strategy.

 

However, far from it being a solely aggressive tactic, cyber power has its roots in best practice cybersecurity, and the need to have good defences in place before going on expeditions and trying to enact that aforementioned ‘influence’. Therefore, while the term does indeed extend to military frontiers, true cyber power also embraces every contributing factor that needs to be optimised to make a country secure, innovative and – above all – responsible.

 

Rewinding slightly, the concept of cyber power first originated as an via Harvard professor, Joseph Nye, in his May 2010 paper entitled ‘Cyber Power’. Published through the university’s Belfer Center, that same institution has been responsible for the evolution of its meaning and understanding ever since; resulting a reintroduction of the term in 2019 courtesy of Jeremy Fleming. Two years later, and the concept has become widely accepted as an opportunity, as well as a threat, throughout the UK’s national cyber community, with cyber power considerations firmly embedded into the UK’s National Cyber Strategy.

 

This inclusion of the term is poignant as the Strategy itself was an evolution from the country’s former National Cybersecurity Strategy. As such, cyber power, too, was confirmed to have extended out beyond its foundations of, solely, ‘security’.

 

As part of a broader ‘cyber’ (not cybersecurity) strategy, cyber power is now inclusive of all its incumbent parts. All of those elements that dictate whether a country is driven by technology; has the capacity to deliver innovation; is targeting education towards this capacity building; is incentivising industry to work towards governmental aims.

 

In this respect, cyber power in this guise reflects all aspects of influence and interest that ultimately results in national security in cyberspace:

 

This latter facet of collaboration is perhaps the hallmark of strong cyber power. It brings into play the importance of soft power – again, a culmination of society, infrastructure, education, business and decision makers working in a way that supports national interests. That attainment of soft power is critical to portraying a strong defence, to being more aggressive if needed, and to influencing tech standards in other parts of the world.

 

It's nothing new of course. Strong levels of national security have always relied on interconnected webs of information, ideas, innovation and expertise. It therefore makes absolute sense that cybersecurity is also dependent on this combination of factors and players… that it is dependent on strong cyber power.

 

This isn’t to say that the UK’s National Strategy reflects a situation where all parties are already singing from the same hymn sheet, however. Rather, it’s a projection of where the country would like to get to, having learned from situations in other countries. For example, the seemingly uncontrollable role of big tech (huge social media companies and global applications) in the US isn’t always going to pull in the same direction as governmental strategy from a security perspective. If anything, sometimes industry can work against this aim to channel skills and innovation towards national interest. Similarly, the skills, outlook and insight of academics are also needed to help inform optimum strategy and policy.

 

Harnessing and connecting all three is the best route to true cyber power, as it pulls the country in the same direction in terms of image, influence and ultimately defence.

 

Perhaps the most significant aspect of modern-day cyber power, however, is the requirement for responsibility. At its heart, a nation’s approach to cyber power should reflect its social value and data ethics goals, as well as its approach to sustainable security and cross-sector collaboration.

 

Even in the most blatant sense, the way in which vulnerabilities are disclosed needs to be in the country’s best interest, or with a view to stoking an appropriate response; rather than one based around fear, anger or potential chaos. In a lot of nations, we’re seeing the rise of bug bounty programmes to incentivise that level of responsible disclosure, and the encouragement of closer collaboration between private and public when it comes to intelligence sharing.

 

Cyber now impacts almost every aspect of life - from military events, to simple, daily social interactions. Cyber power is therefore an effective ‘rules of the road’ for what a nation deems acceptable when it comes to cyber as a whole.

 

Additionally, responsible cyber power also means governments adhering to their own rules. For example, when a country does employ more offensive cyber capabilities, they must do so in accordance with the law and be consistent with a strong ethical framework.

 

We’ve seen in the past how digitisation can get away from us. Look at the internet, as a prime example. To this end, cyber power is a reflection of rules, logic, accountability and collaboration from all sects of society, as countries continue to use technology for national advantage. For the UK, it’s a hugely positive sign that a formal strategy has been formulated with this responsible and all-encompassing array of soft power factors in mind.

 

As they continue, discussions within the industry on the topic of cyber power, will help the UK continue to lay the foundations for remaining resilient and responsible in cyberspace.