US acclaimed as best in the world for offensive cyber operations

The US has been rated the best in the world for cyber capabilities in a report that found many major powers lagging behind on the emerging frontier of global force projection. The International Institute for Strategic Studies (IISS) conducted a two-year investigation of the cyber powers of 15 nations and ranked the nations in three tiers. Only the US was classed with a Tier One designation, the best, while seven countries, including the UK, France, Israel and Russia, were placed in Tier Two and the other seven, including India, Israel and North Korea, were put in Tier Three. The study found that cyber policies have moved centre stage in international security, but that many countries have yet to take action. "This report is intended to assist national decision-making, for example by indicating the cyber capabilities that make the greatest difference to national power," the report says. "Such information can help governments and major corporations when calculating strategic risk and deciding on strategic investment." In recent years major powers have accused each other of conducting cyber attacks. In 2016 the US accused the Russian government of an information attack on the presidential election and in 2020 former US president Donald Trump declared a national emergency in cyberspace. In April, China accused the US of being the champion of cyber attacks and in May a meeting of the G7 foreign ministers urged Russia and China to bring their cyber activities into line with “international norms”. "Dominance in cyberspace has been a strategic goal of the US since the mid-1990s. It is the only country with a heavy global footprint in both civil and military uses of cyberspace, although it now perceives itself as seriously threatened by China and Russia in that domain," the report says. "In response, it is taking a robust and urgent approach to extending its capabilities for cyber operations, both for systems security at home and for its ambitions abroad in the diplomatic, political, economic and military spheres. The US retains a clear superiority over all other countries in terms of its ICT empowerment, but this is not a monopoly position. "The US has moved more effectively than any other country to defend its critical national infrastructure in cyberspace but recognises that the task is extremely difficult and that major weaknesses remain. "The US capability for offensive cyber operations is probably more developed than that of any other country, although its full potential remains largely undemonstrated." The report says the seven countries in Tier Two have the potential to join the US in the top tier and believes China is best placed to do so in the near future. "China has ambitious goals for the indigenous manufacture of the core internet technologies it relies on, aiming to become a world leader in such technologies by 2030," the report says. "Its core cyber defences remain weak compared with those of the United States, and cyber-resilience policies for its critical national infrastructure are only in the early stages of development. "China is a second-tier cyber power but, given its growing industrial base in digital technology, it is the state best placed to join the US in the first tier." It says Russia needs to "substantially improve" its cyber security. "Russia’s cyber strategy is dictated by its confrontation with the West, in which it sees cyber operations as an essential component of a wider information war," it said. "It is seeking to redress key weaknesses in its cyber security through government regulation and the creation of a sovereign internet, and by encouraging the development of an indigenous digital industry. Given its economic circumstances, these ambitions may prove unrealistic. "To join the US in the first tier it would need to substantially improve its cyber security, increase its share of the global digital market and probably make further progress in developing the most sophisticated offensive military cyber tools." It says despite the UK being a "highly capable" cyber state, its key weaknesses, in common with most other states, are shortfalls in its skilled cyber workforce and that it cannot afford to invest in cyber capabilities on the same scale as the United States or China. "Another area of potential comparative weakness is that the UK lacks the indigenous industrial base required to build and export the equipment that might ultimately dictate the future of global cyberspace, meaning it can only seek to manage the attendant risks," it said. Previously Israel has been accused of cyber attacks against Iran and the report says it "has a well-developed capacity for offensive cyber operations and is prepared to undertake them in a wide range of circumstances". Because of the threats Iran has faced, it has now become a "determined" cyber actor but owing to economic depression, political turmoil and internal deficiencies it will not be able to boost its indigenous cyber-defence capability "easily or quickly". "Iran’s overall cyber capabilities do not match the scale and sophistication of its ballistic-missile or nuclear programme," it says. Last week the EU outlined plans for a new task force to tackle the growing threat of cyber attacks on member states. The rapid-response Joint Cyber Unit will pool European cyber-security powers to launch operations against hacking threats. Last month, Ireland's Health Services Executive was forced offline after hackers compromised its servers and stole sensitive patient information. The hackers then demanded $20 million in Bitcoin in exchange for the release of the data, which the Irish government refused to pay. Recent incidents include malicious attacks on the IT systems of French public hospitals and tampering with vaccine data at the European Medicines Agency.

US acclaimed as best in the world for offensive cyber operations

IISS says Washington's full potential is still largely undemonstrated