HCSS presents: the Cyber Arms Watch monitor, offering a transparency index on the offensive cyber capabilities of states. It compares the degree to which states are transparent about their declared cyber capabilities to outside perceptions of those capabilities.
Conflict between states has taken on new forms, and cyber operations play a leading role in this increasingly volatile environment, earning them a top spot among states’ most critical security concerns. The frequency, severity, and complexity of cyber operations are on the rise, but despite the high level of activity, relatively little is publicly known about the offensive cyber capabilities of states. Considering that to a defending state, differentiating between immediate preparations for an attack and mere espionage can be challenging, countries might misinterpret the underlying intents of cyber intrusions, risking unintentionally becoming entangled in a cycle of escalation.
A major contribution to this uncertainty is the lack of transparency of offensive cyber capabilities. There is no common understanding of what “cyber weapons” are, or indeed even “cyber forces”. States are left guessing as to the overall capability of another state without, for the most part, being able to detail the exact order of battle, table of equipment, tactics, techniques, procedures or other basic information – unless the intelligence assessment is very complete.
To mitigate the dangers of unchecked proliferation and escalation, it’s essential to establish more common ground for international discussions on offensive cyber capabilities. The lack of transparency also impacts and limits the wider public discussion: The general absence of information means that much of the public, media, and academic discussion is not in sync with reality and risks becoming irrelevant.
The Cyber Arms Watch monitor developed by the HCSS Datalab offers insight into the current state of transparency in offensive cyber capabilities. Inspired by the Freedom House Index, the results are visualized as an interactive world map monitor, offering diplomats, academics and researchers alike a one-stop full access to the underlying database.
In its methodology, the Cyber Arms Watch offers a novel proposal for assessing how transparent states are about their offensive cyber capabilities and compares this to their perceived capabilities. It enables the determination of an overall “Cyber Transparency Index” for states by establishing and comparing the results of two specific ratings:
- The Declared Capabilities Rating (DCR) indicates to what extent a state publicly discloses information about its offensive cyber capabilities. This includes official communication by the respective government, such as strategies, doctrines, and similar documents, as well as sanctioned media reporting that cumulatively indicate the level of declared capability using a seven-tiered labelling system (see Table 2). The classification ranges from no official indications of offensive cyber capabilities, to stated aspirations, disclosed tactical effects (low and high) and declared strategic effects (low and high).
- The Perceived Capabilities Rating (PCR) indicates the perceived offensive cyber capabilities of a state using open-source information and categorizes them using a similar seven-level categorization system. Whereas the first rating is limited to official disclosures by the respective government itself, the second rating uses external sources to show how their offensive cyber capabilities are observed by outsiders. This includes sources such as intelligence reports and assessments from other governments or non-state actors, indictments, sanctions, past operations, leaked documents.
The Cyber Transparency Index is the delta between the DCR and PCR. We provide both a hard number and transparency labels that cluster nations together to describe the openness of a state in discussing its cyber capabilities.
The Cyber Arms Watch is ever developing. We welcome your feedback, insights and input on the curation of the underlying data and labelling. If you would like to be involved in or support the next steps of the Cyber Arms Watch, do not hesitate to contact us through firstname.lastname@example.org, mentioning “Cyber Arms Watch” as the topic.
Authors: Michel Rademaker, Nino Malekovic, Anna Sophie den Ouden and Nathan Lokhorst. Review by Charlotte Lindsey (Chief Public Policy Officer, CyberPeace Institute).
Cover Image source: Unsplash