Remote assessment of countries’ cyber weapon capabilities

Today, a growing number of countries are incorporating cyber troops in their military and announcing intent to develop cyber weapons. Assessing countries’ cyber capabilities has important international policy implications. However, prior work on assessing such capabilities consists mainly of case studies. These case studies require substantial expertise and effort and thus only focus on a few “obvious countries”. In this paper, we develop a socio-computational methodology and populate the methodology using real data in order to assess cyber capabilities of all countries in the world. We leverage the fact that the strength of countries’ cyber capabilities depends on countries’ motivations and latent abilities to develop such capabilities. We develop a socio-cultural model to assess countries’ motivations and present metrics to assess countries’ latent abilities. More specifically, we adapt the Friedkin socio-cultural model in order to capture factors that motivate countries to acquire such capabilities. We then populate the model using publicly available data on international relations and the list of countries that have incorporated cyber security units in their military. Subsequently, we run the model in order to obtain an estimate of countries’ motivations. We estimate countries’ latent abilities by examining the strength of cyber security research, the existence of cyber security institutions, and information technology penetration in these countries. We combine motivation scores and latent ability scores in order to obtain cyber weapon capability scores: high, medium, low, and very low. Our methodology can be used by non-experts who only have access to publicly available data.

[1]  Bryan Krekel,et al.  Capability of the People's Republic of China to Conduct Cyber Warfare and Computer Network Exploitation , 2009 .

[2]  R. K. Betts,et al.  Paranoids, Pygmies, Pariahs and Nonproliferation Revisited , 1993, The Proliferation Puzzle.

[3]  F. Narin,et al.  Bibliometrics/Theory, Practice and Problems , 1994 .

[4]  Erik Gartzke,et al.  Determinants of Nuclear Weapons Proliferation , 2007 .

[5]  Julia Eichmann European Community Decision Making Models Applications And Comparisons , 2016 .

[6]  Marco Roscini,et al.  Cyber Operations and the Use of Force in International Law , 2014 .

[7]  Kenneth N. Waltz,et al.  Theory of International Politics , 1979 .

[8]  Kathleen M. Carley,et al.  Remote assessment of countries’ nuclear, biological, and cyber capabilities: joint motivation and latent capability approach , 2015, Social Network Analysis and Mining.

[9]  Jr Joseph S. Nye,et al.  From bombs to bytes: Can our nuclear history inform our cyber future? , 2013 .

[10]  Scott J. Shackelford From Nuclear War to Net War: Analogizing Cyber Attacks in International Law , 2009 .

[11]  Richard A. Clarke,et al.  Cyber War: The Next Threat to National Security and What to Do About It , 2010 .

[12]  Martin C. Libicki Cyberdeterrence and Cyberwar , 2009 .

[13]  Matthew Kroenig,et al.  Exporting the Bomb: Technology Transfer and the Spread of Nuclear Weapons , 2010 .

[14]  David Elliott Deterring Strategic Cyberattack , 2011, IEEE Security & Privacy.

[15]  Vincenzo A. Sainato,et al.  Cyber War Will Not Take Place , 2012 .

[16]  Bruce Bueno de Mesquita,et al.  European Community Decision Making : Models, Applications, And Comparisons , 1994 .

[17]  Noah E. Friedkin,et al.  Social influence and opinions , 1990 .

[18]  Paulo Shakarian,et al.  Introduction to Cyber-Warfare: A Multidisciplinary Approach , 2013 .

[19]  Zachary S. Davis,et al.  The Realist Nuclear Regime , 1993, The Proliferation Puzzle.

[20]  Linda G. Wallace,et al.  Is Information Security Under Control?: Investigating Quality in Information Security Management , 2007, IEEE Security & Privacy.

[21]  Mark Leigh Cyber War Will Not Take Place , 2014 .

[22]  Keir Giles,et al.  “Information Troops” - A Russian Cyber Command? , 2011, 2011 3rd International Conference on Cyber Conflict.

[24]  Zeev Maoz,et al.  Structural Equivalence and International Conflict , 2006 .

[25]  Kathleen M. Carley,et al.  A Socio-Computational Approach to Predicting Bioweapon Proliferation , 2018, IEEE Transactions on Computational Social Systems.

[26]  Bradley A. Thayer The Causes of Nuclear Proliferation and the Utility of the Non-proliferation Regime , 1995 .

[27]  Bruce Bueno de Mesquita,et al.  Decision-making models, rigor and new puzzles , 2004 .

[28]  Neil Narang,et al.  Poor Man’s Atomic Bomb? Exploring the Relationship between “Weapons of Mass Destruction” , 2014 .

[29]  J. Nye Nuclear Lessons for Cyber Security , 2011 .

[30]  Franci Pivec,et al.  Measuring the information society , 2003 .

[31]  Tudor Dumitras,et al.  Toward a standard benchmark for computer security research: the worldwide intelligence network environment (WINE) , 2011, BADGERS '11.

[32]  M. Smeets A matter of time: On the transitory nature of cyberweapons , 2018 .

[33]  Erik Gartzke,et al.  The Capitalist Peace , 2007 .

[34]  Herbert S. Lin,et al.  Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities , 2009 .

[35]  Kathleen M. Carley,et al.  Global Variation in Attack Encounters and Hosting , 2017, HotSoS.

[36]  Amit Sharma Cyber Wars: A Paradigm Shift from Means to Ends , 2010 .

[37]  Jeffrey Carr,et al.  Inside Cyber Warfare: Mapping the Cyber Underworld , 2009 .

[38]  Douglas M. Gibler,et al.  International Military Alliances, 1648-2008 , 2009 .

[39]  Kathleen M. Carley,et al.  An empirical study of global malware encounters , 2015, HotSoS.