The concept of cyber power – and how this can project influence and protect national interest – has moved to the forefront of global discussion. Utilising cyber capability as a strategic tool has become commonplace in recent years, as a number of different countries look to deliver national goals.

Several nations are incorporating the breadth of cyber power into their defence and security strategies. The UK is a leading voice in this conversation; responsible cyber power is a core thread of its 2020 Integrated Review and 2021 National Cyber Strategy. As countries increasingly adopt and invest in comprehensive cyber strategies, it has never been more important to lay out clear guidelines for operational use.

The Belfer National Cyber Power Index, which defines cyber power as “the effective deployment of cyber capabilities by a state to achieve its national objectives” has just released its 2022 iteration, which reflects both the conflict in Ukraine and the challenges of measuring a still-evolving concept as a comparable attribute of nations.

Defining responsible cyber power therefore relies on a broader, collective effort. Academia is playing a significant role in opening up discussion around cyber capabilities, and the experience of industry and perspective of policy makers is critical, along with the diversity of perspectives emanating from different demographics and nations.

Why do we need to define responsible cyber power?

There are many conflicting narratives surrounding the concept of cyber power; each country holds a different view on what it is and how we use these capabilities to protect national interests.

This perhaps is not so much of an issue while we see cyber power as a national organising concept for our cyber strategy in the UK. However, creating a shared definition will potentially become more of a necessity when countries begin collaborating to build alliances.

To colour in the grey zone, there needs to be clear direction from nations around responsible cyber space behaviours. It’s also important to engage partner countries by sharing a positive vision of the future of cyber power, along with dispelling misconceptions around offensive capabilities.

Putting it into practice

For example, there is a tendency to focus on the military aspects of cyber power. But this does not capture even half of the picture. If we think about cyber power as describing the effective execution of all elements of cyber operations, it is much wider – and strong cyber defences are at the heart of it.

The UK, for instance, relies on cyber power to ensure its digital economy and military remain resilient. Without these cyber defences, our ability to foster alliances with other countries, retain our values and pursue effective military missions would be significantly weakened.

There is also a tendency to focus on cyber capabilities from the perspective of reducing risk, which is difficult to measure when looking at return on investment. Instead, we must focus on the benefits to global economies. As an example, the UK cyber economy has generated an estimated £4 billion.

The UK must continue to lead this conversation if it wants to present a convincing narrative of cybersecurity to partner countries.

The importance of collaboration

Collaboration is crucial in making cyber power fully operational and beneficial for all. This involves sharing expertise, offering advice and helping allies to build their cybersecurity capabilities.

Governments must work with industries and academia, as well as each other, to enable the softer side of cyber power, such as threat intelligence sharing and cyber capacity building. Public and private sector partnerships are also critical in offering relevant, high-quality advice overseas, helping them to deliver the changes needed.

By providing practical help and supporting other countries to develop their cybersecurity foundations, the UK will be able to build relationships and influence across the globe.

Diversity within the cyber workforce

Having a collective and diverse cyber workforce will significantly impact the future of responsible cyber power. We need the right skill sets in place to continue being a leading cyber power. We must therefore cast our talent nets far and wide, looking more broadly than coders and software engineers, but to everything from communications and marketing to geopolitics and human behavioural scientists.

Ultimately, we must come together and communicate effectively to create a clear definition of cyber power that enables everyone to benefit from its capabilities. This is truly a team sport; to create a positive and democratic definition of cyber power we need the best possible people.