Cyber Arms Watch
An Analysis of Stated & Perceived Offensive Cyber Capabilities
The Cyber Arms Watch offers a transparency index on the offensive cyber capabilities of 60 states. It compares the degree to which states are transparent about their declared cyber capabilities to outside perceptions of those capabilities.
About
In cyber terms, arms control is roughly in the same place as the 1950s was for nuclear weapons. There is no common understanding of what “cyber weapons” are, or indeed even “cyber forces”. States are left guessing as to the overall capability of another state. By foreclosing any common language on offensive cyber capabilities and intent, this lack of transparency has implications not only for intelligence and national security assessments but also for institutional dialogues and the wider public discussion on international peace and security in cyberspace. A vital ingredient for progress is greater transparency of the relative cyber capabilities of nations. Transparency helps reduce the scope for misunderstanding, provides for clarity of intent and predictability, and helps establish norms of restraint and communication – all essential ingredients for stability.
The Cyber Arms Watch seeks to contribute to transparency by fostering a much-needed overview and comparison of the self-declared and the perceived offensive cyber capabilities of 60 states. It enables the determination of an overall “Cyber Transparency Index” for states by using two specific ratings:
The Declared Capabilities Rating (DCR) indicates to what extent a state publicly discloses information about its offensive cyber capabilities. This includes official government communication, such as strategies, doctrines, and similar documents, as well as sanctioned media reporting that cumulatively indicate the level of declared capability using a six-tiered labelling system (level 0-5). This system ranges from no official indications of offensive cyber capabilities, to stated aspirations, sanctioned reporting by media or official statements, and finally three levels of offensive capabilities.
The Perceived Capabilities Rating (PCR) indicates how the offensive cyber capabilities of a state are observed by outsiders using open-source information and categorizes them using a similar six-level categorization system. Whereas the first rating is limited to official self-disclosures by a respective government itself, this rating describes the offensive cyber capability of that government by using external sources. This is limited to open-source information, such as intelligence reports and assessments from governments and industry, indictments, sanctions, past operations, leaked documents.
All sources included in the Cyber Arms Watch are publicly available and labelled according to a six-tiered categorization system (see Table below). The overall country score for both ratings is based on the highest label and the final Cyber Transparency Index is the delta between both ratings. It is therefore a “hard” number on the openness of a state in discussing its offensive cyber capabilities.
More information about the methodology and the limitations is available in the report.
The Monitor
The Cyber Arms Watch Monitor is an interactive exploration of the Cyber Arms Watch dataset along three tabs: the declared capabilities, perceived capabilities and the final transparency index. Click a country to view the results. The respective country-specific data is also prompted when clicking the data button.
Feedback Form
The Cyber Arms Watch monitor was created with the generous support of the Municipality of The Hague
Project Team
Louk Faesen, Senior Strategic Analyst, Cyber Policy and Resilience Program, HCSS.
Michel Rademaker, co-founder and the deputy Director, HCSS.
Alexander Klimburg, former Program Director, Cyber Policy and Resilience Program, HCSS.
Saskia Heyster, Junior Data Scientist, HCSS.
Assistant Analysts: Simon van Hoeve, Raffaele Minicozzi, Salome Petit Siemens, Giulia Tesauro.