As the American Museum in Bath welcomed over thirty delegates from across the UK, the surroundings made an apt fit for an exploration of cyber power: stately yet quiet gardens and sombre statues of the US founding fathers. The décor seemed to ask of us whether power and politics in the present day really are so different to those 200 years ago, and whether the cyber element meaningfully changes the august yet often grimy realities of international power.
Projecting Power
The workshop got off to a strong start with a provocative session on the meaning of cyber power. Immediately problematizing cyber-power made for an entertainingly thorny workshop, demanding that we justify the existence of the core concept as something more than a branding exercise, more than sabre-rattling, more than just a glorified industrial policy given energy thanks to large-scale geopolitical rivalry.
The opening session defined an ongoing shift from power as something which is held and possessed, to something that is projected and practiced. This is also one way of solving the gnarly issue of transnational corporate interests in the international relations space: to define them as agents through which cyber power is projected, not as institutions in which international power truly resides, and so not as direct competitors or peers of a state.
Some participants made a very strong case for this demarcation – and indeed it is an elegant solution to an otherwise intractable conceptual problem – but as the workshop went on, touching on the role of private companies in the recent Ukraine conflict and their high level of interaction with key cybersecurity bodies in the British government, this straightforward picture became far more complicated.
This notion of power as something that is projected was a point discussed throughout the workshop. Even so, what it tangibly means to project, and what it is to be a vector through which power is projected, was a source of much contention. One could argue that any party that acts as a vector through which cyber power is projected is also likely to have cyber power projected upon them. This is not a simple relationship; but then, there is little about cyber power that is as simple as it appears.
It can be tempting – albeit, tellingly, increasingly unfashionable – to look at cyber power as a value-neutral quality, an index or assessment without a moral dimension. Various projectsmost notably the Belfer National Cyber Power Index) aim to take this approach, but is this clean and distant neutrality really accessible to somebody working, day-in and day-out, to advance their state’s cyber power? There is good reason to be doubtful: practical matters of military-intelligence operations are difficult to disentangle from any discussion of power, and though this is admittedly less true of power over cyberspace, the relationship remains complex and more than a little murky.
Grappling with Power
Much was made of ‘responsible and democratic’ cyber power, a prominent phrase in the UK Cyber Strategy. In fact, this provoked some of the most animated discussion, revealing much about the choices of those terms in an international landscape where each adjective can constitute a move or countermove. Responsibility in particular was extensively contested, with some questioning who or what states are responsible to – allied states, geopolitical norms, or something more abstract? It is clear that, if we want to maintain a commitment to responsibility in this area, a better understanding of the concept is necessary.
Cyber power is slippery: it constantly invites us to write it off as something insubstantial, but at every turn it demonstrates substance. If we deride it as a branding exercise, we must nevertheless acknowledge its diplomatic significance. If we suggest that it is a random word that might just as easily be ‘quantum power’ or ‘AI power’, we are forced to acknowledge cyberspace as home, as resource, and as space to be inhabited and contested.
Measuring the Future
As with all cyber events, the future was of paramount concern. Many presenters identified a geopolitical turn in international relations, characterized by systemic rivalry and an increasingly shaky liberal international order. This is the context in which cyber power is gaining traction: as a totemic bulwark against a more pressing global environment.
Some interesting conflict ensued over the multistakeholder approach of decentralizing cyber power, with heavy reliance on transnational corporate partners. It was quite reasonably pointed out that by consolidating the infrastructure of multiple countries into a comparatively small set of transnational partners, this process centralizes just as much as it decentralizes. Some thought was spared on the implications of a large-scale attack critically damaging the architecture of a major transnational provider: This would be tangibly difficult for many reasons, but the prospect remains a compelling one.
The prospect of measuring cyber power was also tackled from multiple angles. The contribution regarding the Cybersecurity Capacity Maturity Model was particularly significant in this regard, as a substantive, practiced, but not unproblematic tool to assess cyber capacity –even if cyber power and cyber capacity are not quite the same thing.
The final note on futures was a practical one: It was speculated that, within the UK at least, appetite for cyber power will remain high as long as risk – real or perceived – remains high.
May 2024