Why States Struggle to Develop a Military Cyber-Force
States may be willing to launch cyber-operations, but first they must build the capacity for such attacks—Smeets examines the opportunities and obstacles in this process.
Cyber-security is often a top national security priority. Many states have declared cyber-space a new domain of warfare, seeking to develop a military cyber-strategy. Governments’ national risk assessments now frequently put the threat of hostile cyber-attack on a par with natural disasters, international terrorism or nuclear attack. This has provoked much policy talk and concern about the future of conflict, as well as societies’ digital vulnerability.
Moving into the 2020s, the ‘cyber club’ of proliferators is losing the exclusivity of the early 2000s. Over forty states have now publicly established a military cyber-command, including many countries in the West—the US, France, Germany, Italy, Spain, the Netherlands, Estonia—and elsewhere—Peru, Brazil, Vietnam, South Korea, Nigeria. At least another dozen have announced plans to establish such capability.
Max Smeets is Senior Researcher at the Center for Security Studies, Zurich; Director of the European Cyber Conflict Research Initiative; and an affiliate at Stanford’s Center for International Security and Cooperation. He publishes widely on cyber-statecraft, strategy and risk, including in The Washington Post, War on the Rocks and Slate.