With Miriam in Indonesia and Julia on her way to Washington, the conversation between these two cyber power experts was poignantly international. Although both live in London, both are also well-versed in the global nature of the cyber power space, and rarely have the chance to meet face to face. However, screens and bad hotel room coffee couldn’t stem the flow of ideas between the pair when they started to discuss the role of technology influence in the context of cyber power.
Julia started the conversation by reflecting on 2016, when she was working for the UK government in Beijing. At the time, China was releasing its cybersecurity law and AI development plans, underpinned by its notion of tech policy.
“I noticed that representatives of the PRC held key leadership positions in three key standards organisations as part of a broader cyber plan. And I asked myself, ‘why?’ Nobody could explain why this was important, and, at the time we weren’t really talking about ‘cyber power’ but it did leave me wondering where did it leave other countries?”
Julia’s interest in the concept of technology influence and cyber power continues in her work today. Julia was leading the team at Harvard Belfer Centre who developed a framework for holistically measuring national cyber power. The research project was driven by a dissatisfaction in how the concept of cyber and power usually arose in the context of conflict, or offensive cyber operations, and only included a handful of countries.
Julia’s ongoing search for answers continues in her role as a Cyber Fellow where she still leads the team behind Harvard Belfer Center’s National Cyber Power Index, to complement her position as Director of Global Cyber Security and Tech Policy at HP.
It may be a far cry from her initial plan, to settle the whole discussion over drinks in double quick time. But years later, the intrigue is still as strong as ever; and Julia is leaving no stone unturned in exploring what contributes to cyber power and how best it can be measured quantitatively and qualitatively. During this quest, she has highlighted the importance of soft power within a holistic definition of cyber power, and its place in enacting technology influence.
“Technology has changed the way we operate in our daily lives. And with that expansion there’s a recognition by governments that cyber influence provides strategic advantage."Julia Voo, Cyber Fellow, Harvard Belfer Center
“Influence through global technology ecosystems can manifest in two ways,” she says. “One is from a regulatory perspective, for example, through international technical standards, or ‘de jure’ influence; and then you have the ground up approach of flooding the market with enough products that those standards become the ‘de facto’.”
And, why now? Is it just a culmination of this tech saturation in our lives, that a stronger framework was needed to guide it? Or have other nations finally noticed what Julia did while she was in Beijing?
Julia notes: “I think there’s a bit of competition in there too, for sure” she says. “Some states have enjoyed several decades of technology leadership, with quite a considerable capability gap between themselves and others. But now that gap is diminishing, which requires greater state involvement to level the playing field and maintain a competitive advantage. This has manifested in more holistic national strategies that tie technology into national security and cyber power.”
The notion of a competition is nothing new between nations and regions, of course, but Miriam asks her whether technology strategy should be defined in response to competition or adversary? Does that make future vision a bit limited? Certainly the need for collaboration between tech and policy makers has become increasingly evident, and Julia suggests that the concept of an ‘adversary’ can create the political impetus to dedicate resource to rethink technology strategies at a national or regional level as well as with allies.
She adds: “We’re not talking a quick moving response to a threat such as with the recent Russian invasion of Ukraine. The formulation of policy around technology and enhancing global influence is a much longer term commitment of resources… some countries set out their plans for cyberspace more than a decade ago.
“However, maybe increased geopolitical tensions, married with that aforementioned, heightened reliance on tech in everyday life with dependencies in certain geographies, has galvanised activity in the UK, resulting in a relatively new, more considered National Cyber Strategy.
“Either way, I find it so interesting that leadership across science and technology feature so much in national strategies now, particularly across the UK, US and allies.”
“There needs to be a closer collaboration between policy and technical folk when they're thinking about technical standards, when that technology is ubiquitous and shapes our options and experiences in cyberspace”.Julia Voo, Cyber Fellow, Harvard Belfer Center
The notion of being a cyber power continues to evolve for each nation, including their attitude and approach to technology influence, which is shaped by partnership with industry, consumer behaviour, and technology’s widening role in society
Julia poses that within the UK’s broader model of cyber power, it is also considering a model of technology governance encompassing approaches to big tech and industry standards. Indeed, the UK has sought to pinpoint a pragmatic position on the spectrum between the Silicon-Valley inspired, libertarian approach to Internet technology, which revolves around multi-stakeholders, openness, bottom-up, consensual decision making, and privately managed architectures; which widely differs to nations aiming for cyber sovereignty – which focus on state decisions and the preservation of a national identity.
“This approach to tech governance within the UK is one example of cyber power that is quite popular now, built on cyber resilience, tech independence away from foreign suppliers and a focus on enhancing its own political, military, economic and technological influence overseas,” she says.
Different approaches to big tech – which hail overwhelmingly from the United States - highlight the complexity of cooperation between states for long-term geopolitical reasons and shorter term economic competition. Simply, there isn’t just one conjoined strategy across western players and, already, the US and countries in the EU have very different ideas of how to regulate dominant private players that influence tech consumption trends.
Julia adds: “There needs to be a closer collaboration between policy and technical folk when they're thinking about technical standards, when that technology is ubiquitous and shapes our options and experiences in cyberspace”.
“However, it is important to not base a cyber strategy around the idea of a single adversary. The relationship between techies and policy makers should be strengthened because of how important technology is to the functioning of our societies as well as our foreign policy.
“From a cyber power and national strategy perspective, though, there needs to be an awareness of ethical standards within that new generation hype."Julia Voo, Cyber Fellow, Harvard Belfer Center
One additional member of this ecosystem made up of policymakers and techies is, of course… us. The consumer. The user. This is the contingent that Julia urges us not to forget. Going back to big tech, the role of social media is of particular interest to her, as it shines a spotlight on how that initial acceptance of tech influence is playing out day to day.
She muses over questions such as:
- ‘How can the relationship between governments and this segment of big tech be improved?’
- ‘To what extent is this direct social influence exploited or mismanaged by national governments?’
- ‘How to make social media sites safer or consumers (of all ages) more resilient to mis- and dis-information campaigns?’
“It’s a big conversation, isn’t it,” Julia considers. The two discussed how younger and older generations have an entirely different set of standards and expectations around privacy and their relationship with IT. But rather than looking at the past few years and how we’ve reached that point, they agreed it’s equally important to understand what the next equivalent will be around the corner – such as smart cities and autonomous systems.
“From a cyber power and national strategy perspective, though, there needs to be an awareness of ethical standards within that new generation hype. You think of things like racial profiling, gender discrimination, enforced bias, praying on individuals’ identity or self-confidence, the data that is being fed into the machine to generate predictions or marketing offerings.”
Simply, Julia argues that if these large companies are offering prime avenues for technology to have an influence on society, then there needs to be a strengthening of ethics standards to ensure that power isn’t being wielded without responsibility. In her view, any national cyber strategy must be built around individual protection as much as it is national strengthening of its capabilities and capacity.
A work in progress
Julia points to a “messy” web of factors that constitutes overall cyber power. And it is this complexity that has driven the creation of Harvard’s National Cyber Power Index (NCPI), authored by Julia alongside Irfan Hemani, Daniel Cassidy, Anina Schwarzenbach, Winnona de Sombre, and Simon Jones. The Index is designed to measure capability and intent around the national cyber power of 30 countries and is on its second iteration.
“The NCPI is based on publicly available data and the main takeaway we wanted to highlight was how cyber power is not just being about destructive or defensive operations. As epitomised by our conversation today around technology companies, technical standards, tech diplomacy, data laws and everything else; cyber power is a much more holistic capability. It needs to be harnessed by governments in partnership with industry and academia.
“In that way, the NCPI is a useful framework for understanding the concept of cyber power as a whole, as it hopefully helps policymakers to understand how these aspects fit together - why capacity building is so important, the strength of collaboration, and the alignment of thought that is needed across the whole of government and public and private spaces.”
On that note, Miriam and Julia signed off from a fascinating conversation agreeing that they could have gone on for another hour at least, that conversations like this are exactly what is required at all levels of the ecosystem, and on the significance of competition in the context of cyber power.
About the author
Miriam Howe, Lead Cyber Consultant, BAE Systems Digital Intelligence
Further reading:
-
Strategic Challenges in Cyberspace : Our cyber team examines cyber power and what it means for governments, industry and society
-
Why do we need to define cyber power? : Following her recently published article with online publication Teiss, Miriam Howe looks at defining responsible cyber power
-
Understanding the Value of International Cyber Capacity Building : Cyberspace is only as resilient and as prosperous as its weakest link. How can countries best strengthen their international cyber capacity?
-
The Role of the Military in Cyber Power: Cyber Power is the capacity to project and promote national interests in and through cyberspace – but how does it impact a nation’s military?
-
Achieving Cyber Power through International Trade: In today’s hyper-connected world “cyber security trade” is an increasingly prominent part of international trade. So what are the benefits of international cyber security trade as nations develop their cyber power?