The Cyber Arms Watch – Uncovering the Stated & Perceived Offensive Cyber Capabilities of States

Rationale: A lack of Transparency

Conflict between states has taken on new forms, and cyber operations play a leading role
in this increasingly volatile environment, earning them a top spot among states’ most critical
security concerns. According to the Council on Foreign Relations, 34 states are suspected
of sponsoring cyber operations since 2005.1 Despite the high level of activity, relatively little
is publicly known about the offensive cyber capabilities of states. This is despite the widely
held concern in diplomatic circles that tensions in cyberspace are escalating, and the likelihood
of a catastrophic cyber exchange between nation states continues to rise. Such a
calamity could well happen by accident. Avoiding “inadvertent escalation” – or accidental war
– remains the most significant challenge between states in cyberspace.
A major contribution to this uncertainty is the lack of transparency of offensive cyber capabilities.
Unlike other military systems, they are largely treated as dark secrets from the espionage
world. Traditional arms control efforts have depended upon the ability to count weapon
systems, like tanks and missiles, to regulate their deployment. But there is no common understanding
of what “cyber weapons” are, or indeed even “cyber forces”. States are left guessing
as to the overall capability of another state (albeit at widely varying degrees of detail) without,
for the most part, being able to detail the exact order of battle, table of equipment, tactics,
techniques, procedures or other basic information – unless the intelligence assessment is
very complete.2 This secrecy has implications not only for intelligence and national security
assessments, but more so for both the institutional dialogues and the wider public discussion
on international peace and security in cyberspace, by foreclosing any common language on
offensive cyber capabilities and intent.
Because of the lack of transparency, intergovernmental, track 1 and track 2 discussions
often lack any basis for common exchange. It frustrates meaningful progress for predictability,
confidence-building measures (e.g. within regional organisations such as ASEAN and
the OSCE), norms of responsible state behaviour (e.g. within the United Nations), and other
stability measures. The lack of transparency also impacts and limits the wider public discussion:
the general absence of information means that much of the public, media, and academic
discussion is not in sync with reality and risks becoming irrelevant.

Objective: A Cyber Transparency Index

The Cyber Arms Watch aims to make a contribution to international peace and security by
developing the first iteration of a “Cyber Transparency Index” that offers insight into the stated
and the perceived offensive cyber capabilities of 60 states. Inspired by the Freedom House
Index, the results are visualized as an interactive world map monitor, offering diplomats,
academics and researchers alike full access to the underlying database.

The Cyber Arms Watch offers insight into the current state of transparency in offensive
cyber capabilities. Academic research has shown time and time again that transparency on
“new weapons” helps reduce the scope for misunderstanding, provides for clarity of intent
and predictability, and helps establish norms of restraint and communication – all essential
ingredients for stability. Finally, more transparency would bring many of the public, media, and
academic discussions closer to reality.