Abstract
Today, a growing number of countries are incorporating cyber troops in their military and announcing intent to develop cyber weapons. Assessing countries’ cyber capabilities has important international policy implications. However, prior work on assessing such capabilities consists mainly of case studies. These case studies require substantial expertise and effort and thus only focus on a few “obvious countries”. In this paper, we develop a socio-computational methodology and populate the methodology using real data in order to assess cyber capabilities of all countries in the world. We leverage the fact that the strength of countries’ cyber capabilities depends on countries’ motivations and latent abilities to develop such capabilities. We develop a socio-cultural model to assess countries’ motivations and present metrics to assess countries’ latent abilities. More specifically, we adapt the Friedkin socio-cultural model in order to capture factors that motivate countries to acquire such capabilities. We then populate the model using publicly available data on international relations and the list of countries that have incorporated cyber security units in their military. Subsequently, we run the model in order to obtain an estimate of countries’ motivations. We estimate countries’ latent abilities by examining the strength of cyber security research, the existence of cyber security institutions, and information technology penetration in these countries. We combine motivation scores and latent ability scores in order to obtain cyber weapon capability scores: high, medium, low, and very low. Our methodology can be used by non-experts who only have access to publicly available data.
Similar content being viewed by others
Notes
The coefficient of the number of Internet users per 100 people is two orders of magnitude smaller than the coefficient of the ally having the capability because the number of Internet users per 100 people ranges from 0 to 100 whereas an ally having the capability is binary
References
Balzarotti D (2015) 10+ years of system security circus. http://s3.eurecom.fr/~balzarot/notes/top4/index.html. Accessed Jan 2018
Betts RK (1993) Paranoids, pygmies, pariahs and nonproliferation revisited. In: Davis ZS, Benjamin F (eds) The proliferation puzzle: Why nuclear weapons spread (and what results). F. Cass, London
Billo CG, Chang W (2004) Cyber warfare. an analysis of the means and motivations of selected nation states. Tech. rep., Institute for Security Technology Studies at Darmouth College
Bryan K (2009) Capability of the people’s republic of china toconduct cyber warfare and computer network exploitation. Tech. rep., Northrop Grumman Corporation
Carr J (2012) Inside cyber warfare. Mapping the cyber underworld, 2nd edn. O’reilley, Sebastopol
Center for International Development and Conflict Management (2010) International crisis behavior project. http://www.cidcm.umd.edu/icb/. Accessed Dec 2011
Central Intelligence Agency (2010) INTelligence: open source intelligence. https://www.cia.gov/news-information/featured-story-archive/2010-featured-story-archive/open-source-intelligence.html. Accessed Feb 2015
CERT (2014) National computer security incident response teams. http://www.cert.org/csirts/national/contact.html. Accessed Jan 2014
Cirlig CC (2014) Cyber defense in the EU. Preparing for cyber warfare? Tech. rep., European Parliamentary Research Service. http://www.europarl.europa.eu/EPRS/EPRS-Briefing-542143-Cyber-defence-in-the-EU-FINAL.pdf. Accessed Feb 2015
Clarke RA, Knake R (2010) Cyber war: the next threat to national security and what to do about it. Harper Collins, New York
Davis ZS (1993) The realist nuclear regime. In: Davis ZS, Benjamin F (eds) The proliferation puzzle: why nuclear weapons spread (and what results). F. Cass, London
de Mesquita BB (2004) Decision-making models, rigor and new puzzles. Eur Union Politics 5:125–138
de Mesquita BB, Stockman F (1994) European community decision-making: models, applications and comparisons. Yale University Press, New Haven
Denning D (2000) Reflections on cyberweapons controls. Comput Secur J XVI(4):43–53
Dumitras T, Shou D (2011) Toward a standard benchmark for computer security research. The worldwide intelligence network environment (wine). In: Workshop on building analysis datasets and gathering experience returns for security (BADGERS), Salzburg, Austria
Elliott D (2011) Deterring strategic cyberattack. IEEE Secur Priv 5(9):36–40
Frankenstein W, Mezzour G, Carley KM, Carley LR (2015) Remote assessment of countries’ nuclear, biological and cyber capabilities: joint motivation and latent capability approach. Soc Netw Anal Min 5(5):1–21
Friedkin N, Johnsen E (1990) Social influence and opinions. J Math Sociol 15:193–205
Gartzke E (2007) The Capitalist Peace. Am J Political Sci 51(1):166–191
Gibler DM (2009) International military alliances, 1648–2008. Correlates of war series. CQ Press, Washington, DC
Giles K (2011) Information troops—a Russian cyber command? In: 3rd International Conference on Cyber Conflict, Tallinn, Estonia
Hilderth SA (2001) Cyberwarfare. Tech. rep, CRS Report for Congress
Horowitz MC, Narang N (2014) Poor man’s atomic bomb? Exploring the relationship between weapons of mass destruction. J Confl Resolut 58(3):509–535
International Cyber Center George Mason University (2014) Certicc home. http://internationalcybercenter.org/certicc. Accessed Jan 2014
International Telecommunication Union (2012) Measuring the information society. http://www.itu.int/en/ITU-D/Statistics/Documents/publications/mis2012/MIS2012_without_Annex_4.pdf. Accessed Mar 2014
Jo DJ, Gartzke E (2007) Determinants of nuclear weapons proliferation. J Confl Resolut 51(1):167–194
Kilroy RJ (2008) The US military response to cyber warfare. In: Janczewski L, Colarik AM (eds) Cyber warfare and cyber terrorism. Information Science Reference, Hershey
Kroenig M (2010) Exporting the bomb technology transfer and the spread of nuclear weapons. Cornell University Press, Ithaca
Lewis JA, Timlin K (2011) Cybersecurity and cyberwarfare. Preliminary assessment of national doctrine and organization. Tech. rep., Center for Strategic and International Studies
Leyden J (2012) Germany reveals secret techie soldier unit, new cyberweapons. http://www.theregister.co.uk/2012/06/08/germany_cyber_offensive_capability/. Accessed Mar 2014
Libicki M (2009) Cyberdeterrence and cyberwar. Tech. Rep. Rand
Mandiant (2013) APT1: exposing one of china’s cyber espionage units. Tech. Rep
Maoz Z (2006) Structural equivalence and international conflict: a social networks analysis. J Confl Resolut 50(5):664–689
Mezzour G, Carley KM, Carley LR (2015) An empirical study of global malware encounters. In: Proceedings of the 2015 symposium and bootcamp on the science of security-HotSoS’15. ACM Press, Urbana, Illinois, pp 1–11
Mezzour G, Carley KM, Carley LR (2017) Global variation in attack encounters and hosting. In: Proceedings of the hot topics in science of security: symposium and bootcamp on-HoTSoS. ACM Press, Hanover, MD, USA, pp 62–73
Mezzour G, Frankenstein W, Carley KM (2018) Carley LR (2018) A socio-computational approach to predictingbioweapon proliferation. IEEE Trans Comput Social Syst 5(2):458–467
Narin F, Olivastro D, Stevens KA (1994) Bibliometrics/theory, practice and problems. Eval Rev 18(1):65–76
New York Times (2012) Panetta warns of dire threat of cyberattack on us. http://www.nytimes.com/2012/10/12/world/panetta-warns-of-dire-threat-of-cyberattack.html. Accessed Mar 2014
Nye JS (2011) Nuclear lessons for cyber security? Strateg Stud Q 5(4):18–38
Nye JS (2013) From bombs to bytes: can our nuclear history inform our cyber future? Bull Atomic Sci 69(5):8–14. https://doi.org/10.1177/0096340213501338
Ortiz JU (2008) Argentina: the challenge of information operation. IOSphere
Owens WO, Dam KW, Lin HS (2009) Technology, policy, law, and ethics regarding US acquisition and use of cyberattack capabilities. Tech. Rep., National Research Council (NRC)
Rid T (2012) Cyber war will not take place. J Strateg Stud 35(1):5–32
Roscini M, Trust Leverhulme (2014) Cyber operations and the use of force in international law. Oxford University Press, Oxford
Sagan SD (2013) The spread of nuclear weapons: an enduring debate, 3rd edn. W.W. Norton & Co, New York
SCOPUS (2012) www.scopus.com. Accessed Mar 2014
Shackelford SJ (2009) From nuclear war to net war: anologizing cyber attacks in international law. Berkeley J Int Law 27(1):191–250
Shakarian P, Shakarian J, Ruef A (2013) Introduction to cyber-warfare: a multidisciplinary approach, 1st edn. Syngress Publishing, Maryland Heights
Sharma A (2010) Cyber wars: a paradigm shift from means to ends. Strateg Anal 34(1):62–73
Smeets M (2018) A matter of time: on the transitory nature of cyberweapons. J Strateg Stud 41(1–2):6–32. https://doi.org/10.1080/01402390.2017.1288107
Thayer BA (1995) The causes of nuclear proliferation and the utility of the nuclear non-proliferation regime. Secur Stud 4(3):463–519
Waltz KN (2010) Theory of international politics. Waveland Press, Long Grove
Acknowledgements
This work is supported in part by the North Atlantic Treaty Organization (NATO) Science for Peace and Security (SPS) grant SPS G5319, by the Defense Threat Reduction Agency (DTRA) under grant HDTRA11010102, and the Army Research Office (ARO) under grants ARO W911NF1310154 and ARO W911NF0910273, and the center for Computational Analysis of Social and Organizational Systems (CASOS). The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of DTRA, ARO or the US government
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Mezzour, G., Carley, K.M. & Carley, L.R. Remote assessment of countries’ cyber weapon capabilities. Soc. Netw. Anal. Min. 8, 62 (2018). https://doi.org/10.1007/s13278-018-0539-5
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s13278-018-0539-5