CYBER CAPABILITIES AND NATIONAL POWER: A Net Assessment 15
1. United States
Dominance in cyberspace has been a strategic goal
of the United States since the mid-1990s. It is the
only country with a heavy global footprint in both
civil and military uses of cyberspace, although it
now perceives itself as seriously threatened by
China and Russia in that domain. In response, it is
taking a robust and urgent approach to extending
its capabilities for cyber operations, both for sys-
tems security at home and for its ambitions abroad
in the diplomatic, political, economic and military
spheres. The US retains a clear superiority over all
other countries in terms of its ICT empowerment,
but this is not a monopoly position. At least six
European or Asian countries command leadership
positions in certain aspects of the ICT sector,
though all but one (China) are close US allies or
strategic partners. The US has moved more eec-
tively than any other country to defend its critical
national infrastructure in cyberspace but recog-
nises that the task is extremely dicult and that
major weaknesses remain. This is one reason why
the country has for more than two decades taken a
leading role in mobilising the global community to
develop common security principles in cyberspace.
The US capability for oensive cyber operations is
probably more developed than that of any other
country, although its full potential remains largely
undemonstrated.
List of acronyms
CDI Cyber Deterrence Initiative
CISA Cybersecurity and Infrastructure Security Agency
DHS Department of Homeland Security
DNI Director of National Intelligence
DoD Department of Defense
ICT information and communications technology
ISAC Information Sharing and Analysis Center
ITU International Telecommunication Union
NSA National Security Agency
NSC National Security Council
ODNI Oce of the Director of National Intelligence
Strategy and doctrine
The United States has a series of well-developed national
strategies for defence and security in cyberspace that has
been maturing for more than 30 years. There are three
broad directions: homeland defence, low-intensity con-
ict and high-intensity war. These are captured in rel-
evant sections of the 2017 ‘National Security Strategy of
the United States’,
1
the 2018 ‘Cyber Strategy of the United
States’
2
and the 2018 ‘Department of Defense Cyber
Strategy’.
3
These are supported by policy statements and
doctrine manuals that run to several thousand pages.
To complement and buress the national-security
strategies, the US has also been developing its civil-sector
cyber-security policy since the mid-1990s, initially with a
focus on countering cyber crime and preventing losses to
the corporate sector. Its formal strategy of 2018 has been
followed by a very large number of executive orders
(including one on former president Donald Trump’s
penultimate day in oce),
4
policy statements, action
plans and other decisions. Throughout the last three
decades there has been a sharp and intensifying concern
