CCDCOE Non-Resident Visiting Scholar Josh Gold investigates the narrative which promotes transparency toward state offensive cyber capabilities – OCCs. The newly published research focuses on the countries of the ‘Five Eyes’ intelligence-sharing alliance – the United States, United Kingdom, Australia, Canada and New Zealand.
Countries around the world are increasingly developing offensive cyber capabilities (OCCs) but there are differences in how, if at all, these are acknowledged publicly. Many democracies argue that developing and even using OCCs is not necessarily harmful or destabilising, but rather it depends on how they are used. Under this view, OCCs are legitimate so long as their use aligns with accepted norms and international legal obligations. This paper explores how each of the Five Eyes countries (the United States, United Kingdom, Australia, Canada and New Zealand) speaks publicly about its respective offensive cyber capabilities – including how these capabilities might be used. The examination indicates a move toward a collective response through the US-led Cyber Deterrence Initiative (CDI), which seeks to justify some degree of action in response to transgressions of the United Nations-based norms for responsible behaviour and international law. The paper concludes by discussing the notion of transparency, suggesting that transparency toward how the Five Eyes’ OCCs will be used is important for the credibility of their collective response, while also noting potential challenges for the way forward.
Josh Gold is a NATO CCDCOE Non-Resident Visiting Scholar, and a research assistant at Citizen Lab, at the University of Toronto’s Munk School of Global Affairs and Public Policy. Josh’s research focuses on international cyberspace governance and conflict in cyberspace. Josh has previously worked various contracts including as a consultant for the Estonian Ministry of Foreign Affairs’ cyber policy team, and in threat intelligence at CyberCube. He holds a bachelor’s degree in peace and conflict studies from the University of Toronto.
This research paper is an independent product of the CCDCOE and does not represent the official policy or position of NATO or any of the CCDCOE´s Sponsoring Nations. The NATO Cooperative Cyber Defence Centre of Excellence (NATO CCDCOE) is a NATO-accredited knowledge hub, research institution, and training and exercise facility. The Tallinn-based international military organisation focuses on interdisciplinary applied research, as well as consultations, training and exercises in the field of cyber security.