A study by the International Institute for Strategic Studies (IISS) has found the US continues to lead the way as the number one cyber power worldwide.
According to Breaking Defense, while the US still stands tall, China has continued to rise as a competitor to the US and will become a ‘highly capable peer competitor’ over the new decade.
The report noted that the US capability for offensive cyber operations is ‘probably more developed that that of any other country, although its full potential remains largely undemonstrated’.
The research placed seven countries in the second tier behind the US – these countries were China, Russia, Australia, the UK, Canada, France and Israel. The third tier included Indonesia, Malaysia, Japan and Vietnam, India, Iran and North Korea.
The IISS study was originally initiated in February 2019 and scrutinises 15 countries and places them into the tiers based on a review of cyber capabilities and national power, to include military affairs, economic strength and international competition.
China has evolved its cyber capabilities from ‘a position of relative electronics backwardness’ three decades ago the report stated, to being a country that conducts large-scale cyber operations abroad, with the aim of acquiring intellectual property, carry out state-on-state espionage and achieve political influence.
The report highlighted that China has since developed the world’s ‘most extensive cyber-enabled domestic surveillance and censorship system’. However, the research found that China’s cyber defences remain weak in comparison to those of the US, and its cyber-resilience policies for its critical infrastructure are only in the early stages of development.
In contrast to this, however, the report goes on to comment that due to its growing industrial base in digital technology, China is the best-placed country to join the US in the first tier.
The study found that Russia, meanwhile, seeks to redress weaknesses in its cybersecurity through government regulation and the formation of a sovereign internet, alongside the development of a homegrown digital industry. However, IISS found these ambitions may be unrealistic ‘due to its economic circumstances’.
The report said, “To join the US in the first tier, Russia would need to substantially improve its cybersecurity, increase its share of the global digital market and probably make further progress in developing the most sophisticated offensive military cyber tools.”
In other regions, Australia was characterised as still developing its cyber capabilities from a ‘low base’ and could bolster itself through investing in cyber education and a home-owned cyber capability.
Canada was branded as having a relatively mature civil-sector cyber capability supported by a strong tech economy and ‘whole-of-society’ approach, however it cited there was work to be done on offensive cyber. Meanwhile, France was labelled as having ‘robust strategies’ as well as highly capable and innovative cyber practices, however, its desire for autonomy was seen as a strength and a downfall.
The report found Israel had a ‘vibrant cyber ecosystem’ and a high level of preparedness and resilience within the private sector, and the UK was characterised as having a highly capable cyber state, however, it is hampered by a shortage of cyber experts in the workforce’.
On India, meanwhile, the report said, “India has made only modest progress in developing its policy and doctrine for cyberspace security. Its approach towards institutional reform of cyber governance has been slow and incremental. India’s best opportunity to advance to the second tier is to harness its great digital-industrial potential and adopting a whole-of-society approach to improving its cybersecurity.”
The report underlined that Iran is hindered by economic depression, political turmoil and internal deficiencies in its route to bolster its cyber standing. The research also found that North Korea was the ‘most difficult to analyse’ as little was known of its cyber-policy ecosystem.
The report can be read in full here.
Copyright © 2021 RegTech Analyst
Copyright © 2018 RegTech Analyst