Miriam Howe takes a look at the evolving concept of cyber power, and spotlights the interconnected and integrated ecosystem which underpins its growth across borders, governments and industry worldwide
We are well into the era of national strategies for cyber space. Here in the UK, the third national cyber strategy is due out at the end of 2021.
That it is a cyber strategy, as opposed to previous versions which focused on cyber security, reflects the fact that defensive or security cyber operations should be considered, from a national perspective, in the same context as other cyber operations. This subtle change comes in parallel with a resurgence of interest in cyber power, both from think tanks and across government.
For quite a subjective topic, it’s generally agreed that cyber power needs to start with national cyber defence and resilience. In more ways than one, a strong national cyber defence is a core tenet of projecting cyber power, particularly if it engages the whole ecosystem of industry and society.
In fact, nations with a strong brand associated with a secure digital economy, and with a national cyber agency that visibly leads the way, communicating best practices and showing how to secure emerging technologies, is a very strong projection of cyber power.
A core principle of self-defence is situational awareness. You have to know who and what you’re protecting yourself against, so a priority for national cyber agencies is building situational awareness of what cyber threats are targeting the nation in cyberspace and this needs to be a priority for any global cyber power.
Other aspects of cyber power – capabilities to support military and intelligence operations – are more aligned to what we might think of as hard power. In response to the recognition of sub-threshold operations and hybrid warfare, there is a lot of military thinking around information advantage and multi-domain integration, both which are enabled in part by cyber capabilities, but there are other factors to consider too.
The role of industry
Cyber power can seem quite geopolitical until we start to consider the role of industry in cyber power – and industry really illustrates the multinational and multilateral aspects of cyber power and internet governance.
There are several sectors which have to take on a bigger responsibility for national security and resilience than would be dictated by their financial bottom line.
Take the telecommunications sector, for example. When it comes to handling and protecting the communications of citizens and businesses, telecommunications companies have long since been obliged to provide data to support law enforcement, which has meant that the sector has responsibilities towards counter terrorism, criminal investigations and even a role in cyber threat detection across public networks.
Then there’s financial services. It’s very likely that soft power is concentrated in finance systems, central banks and core businesses in the economy, particularly when it projects financial influence beyond its borders. And with that power comes the need for operational resilience in the foundations of the economy; the stock exchanges, payment infrastructures and clearing systems.
As well as attacks from organised cyber criminal groups, some of these attacks come from other nation states. There is a particular vulnerability to disinformation campaigns, which can undermine confidence in companies and can cause share prices to drop. Real time transactions, and the human confidence that underpins financial markets, make the sector more vulnerable to attacks on confidence. So algorithms and intelligence that enable us to detect and counter disinformation campaigns are as useful in the commercial world as in the military world.
And across other industry sectors as well we can see an evolution in responsible behaviours – content providers such as Facebook and Google are increasingly expected to take responsibility for what happens on their platforms, such as taking down harmful materials for counter-terrorism purposes.
Alliances, too, play a big role in hard and soft power alike. Multilateral collaboration is a key means of projecting power. In identifying a common adversary, geopolitics are removed enabling nations to work together.
International cyber capacity building supports homeland security by bolstering the ability for other countries to counter upstream threats and broadening the defensive posture across the global supply chains. But this is also a means of further strengthening relationships and collaboration. As international cyber capacity building matures there is an increasing appetite to collaborate and co-fund programmes alongside other nations.
As well as being a fundamental provider of UK cyber capacity, industry additionally builds relationships beyond those between governments, through its international footprint, as well as developing and exporting innovative technologies which contribute to the global norms and standards of cyberspace.
There is a need for leadership in influencing global norms, promoting industry partnerships and engagements to incentivise responsible behaviours. Industry engagement is necessary for governments that need to influence or incentivise those sectors – particularly open market economies that also want a thriving private sector.
This all underlines that cyber power is really a whole of nation approach, and that there is a greater role of industry in cyber power projection than its participation in the cyber defence ecosystem. Cyber power is therefore projected not just by a nation’s government and defence, but by its industry – particularly companies and industries that help shape the digital world through their technology and exports, and the standards they adopt.
About the author
Miriam Howe is a Cyber Security Consultant at BAE Systems Applied Intelligence
Explore more content from our Global Executive Client Forum
At our recent Global Executive Client Forum, we brought together leaders from around the world to discuss the trends, threats and technologies which are reshaping our world around us. Check out our range of new content sourced from the event.Find out more
- Moving cyber into the diplomatic mainstream. What’s cyber got to do with diplomacy and development? Actually, a huge amount. Miriam Howe sits down with Will Middleton to hear about life as Cyber Director of the UK’s Foreign Office, and why cyber is now firmly entrenched on the frontline of national security
- How the UK can be a responsible cyber power. The concept of a ‘responsible cyber power’ requires clearer definition and a broader, collective effort, says Mary Haigh
- Conflict in the grey zone: Preparing ourselves against cyber opponents. When it comes to the cyber arms race, Miriam Howe says that preparation, collaboration and adaptability are critical
- Exploring a new role for cyber security in UK government transformation. A new study commissioned by BAE Systems Applied Intelligence has revealed that cybersecurity is both a major driver of IT modernisation and a significant barrier to adoption. Lorna Rea explains how the way forward will require a delicate balancing act - to manage cyber risk effectively, without hindering innovation and collaboration
- Enabling smarter cyber security at home. The pandemic has revolutionised our working practices but in doing so it’s also opened the door to increased cyber attacks. Sugee Bhanoo examines what can be done
- Catching the new technology train. Thomas Bennett may have spent his career focusing on cyber security but he remains an optimist at heart – and a passionate fan of technological advances. He tells Nadia Doughty about his life as the security business development manager of Norway’s Telenor Group