Assessing Offensive Cyber Capabilities

Exploring the Talent Behind Cybersecurity

  • Selján Gábor
doi: 10.32565/aarms.2023.3.1


The recent emergence of mercenary spyware like Pegasus or Russia’s ongoing conventional warfare in Ukraine, supplemented by a cyber offensive we never experienced before, made cybersecurity even more critical. Despite the considerable research in the field, it seems that academia and the private sector have not been able to keep up with the growing importance of security and privacy resulting from the significant increase in cyber threats to critical services, infrastructure and human rights. Research on cyber capabilities tends to focus on the general understanding of the field and pays less attention to the rapid spread of increasingly advanced offensive cyber capabilities. Correctly assessing the capabilities of others and recognising the steps necessary to develop their own capabilities are essential for any country in combating future cybersecurity challenges. However, since there is no consensus on describing even basic cyber capabilities, current research uses different interpretations and usually lacks offensive capabilities altogether. In this article, I discuss the problem of assessing, measuring and evaluating offensive cyber capabilities, starting from the different definitions of some related terms through the various cyber power indices, right down to the talent behind cybersecurity, and perhaps the most promising indicators for assessing offensive capabilities.


cyber power cyber capabilities offensive security cybersecurity indices

How to Cite

Selján, G. (2023) “Assessing Offensive Cyber Capabilities: Exploring the Talent Behind Cybersecurity”, AARMS – Academic and Applied Research in Military and Public Management Science. Budapest, 22(3), pp. 5–18. doi: 10.32565/aarms.2023.3.1.


Allison, Graham – Schmidt, Eric (2022): The US Needs a Million Talents Program to Retain Technology Leadership. Immigration is the United States’ Secret Sauce – Including in Its Competition with China. Foreign Policy, 16 July 2022. Online:

AttackIQ [@AttackIQ] (2020): Think Bad, Do Good: Julia Voo and the National Cyber Power Index. YouTube, 05 October 2020. Online:

Billo, Charles – Chang, Welton (2004): Cyber Warfare – An Analysis of the Means and Motivations of Selected Nation States. Institute for Security Technology Studies at Dartmouth College, 01 November 2004. Online:

Blue , Violet (2018): When China Hoards Its Hackers Everyone Loses. Engadget, 16 March 2018. Online:

Chawla, Gunjan – Srivastava , Vagisha (2020): What Are ‘Offensive Cyber Capabilities’? The CCG Blog, 07 August 2020. Online:

Chivvis, Christopher S. – Dion-Schwarz, Cynthia: Why It’s So Hard to Stop a Cyberattack – And Even Harder to Fight Back. The RAND Blog, 30 March 2017. Online:

Çifci, Hasan (2022): Comparison of National-Level Cybersecurity and Cyber Power Indices: A Conceptual Framework. Research Square, 17 October 2022. Online:

CSRC (2021): Vulnerability – Glossary. NIST, 2021. Online:

Demchak, Chris – Kerben, Jason – McArdle, Jennifer – Spidalieri, Francesca (2015): Cyber Readiness Index 2.0. Potomac Institute for Policy Studies, November 2015. Online:

DeSombre, Winnona – Campobasso, Michele – Allodi, Luca – Shires, James – Work, JD – Mor gus, Robert – O’Neill, Patrick Howell – Herr, Trey (2021a): A Primer on the Proliferation of Offensive Cyber Capabilities. Atlantic Council, 01 March 2021. Online:

DeSombre, Winnona – Shires, James – Work, JD – Mor gus, Robert – O’Neill, Patrick Howell – Allodi, Luca – Herr, Trey (2021b): Countering Cyber Proliferation: Zeroing in on Access-as-a-Service. Atlantic Council, 01 March 2021. Online:

Economist Intelligence Unit (2011): Cyber Power Index. Findings and Methodology. Booz Allen Hamilton, August 2011. Online:

ENISA (2023): Cybersecurity Higher Education Database: Programmes Location. Online:

Feldstein, Steven – Kot, Brian (2023): Why Does the Global Spyware Industry Continue to Thrive? Trends, Explanations, and Responses. Carnegie Endowment for International Peace, 14 March 2023. Online:

IISS (2021): Cyber Capabilities and National Power: A Net Assessment. International Institute for Strategic Studies, 28 June 2021. Online:

ITU (2021): Global Cybersecurity Index 2020. International Telecommunication Union, 29 June 2021. Online:

Joint Chiefs of Staff (2018): Joint Publication 3-12. Cyberspace Operations. Online:

Kueh l, Daniel T. (2009): From Cyberspace to Cyberpower: Defining the Problem. In Kramer, Franklin D. – Starr , Stuart H. – Wentz, Larry K. (eds.): Cyberpower and National Security. University of Nebraska Press. 24–42. Online:

Laszka, Aron – Zhao, Mingyi – Malbari, Akash – Grossklags, Jens (2018): The Rules of Engagement for Bug Bounty Programs. In Meiklejohn, Sarah – Sako, Kazue (eds.): Financial Cryptography and Data Security. Berlin–Heidelberg: Springer. 138–159. Online:

Liff, Adam P. (2012): Cyberwar: A New ‘Absolute Weapon’? The Proliferation of Cyberwarfare Capabilities and Interstate War. Journal of Strategic Studies, 35(3), 401–428. Online:

Marczak, Bill – Scott-Railton , John – McKune, Sarah – Razzak, Bahr Abdul – Deibert , Ron (2018): Hide and seek: Tracking NSO Group’s Pegasus Spyware to Operations in 45 Countries. Citizen Lab, 18 September 2018. Online:

Minárik, Tomáš (2016): NATO Recognises Cyberspace as a “Domain of Operations” at Warsaw Summit. NATO CCDCOE, 21 July 2016. Online:

Ministry of Defence (2018): Joint Doctrine Note 1/18. Cyber and Electromagnetic Activities. Online:

Miralis, Dennis (2019): Defining Offensive Cyber Capabilities. NGM Lawyers, 19 March 2019. Online:

Miyashita , Lynn – Eckert , Madeline (2022): Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards. Microsoft Security Response Center, 11 August 2022. Online:

Murphy, Ben – Creemers, Rogier – Kania, Elsa – Triolo, Paul – Neville, Kevin – Webster, Graham (2021): Xi Jinping: ‘Strive to Become the World’s Primary Center for Science and High Ground for Innovation’. DigiChina at Stanford University, 18 March 2021. Online:

NATO Standardization Office (2020): Allied Joint Publication-3.20. Allied Joint Doctrine for Cyberspace Operations. Online:

Nurse, Jason R. C. – Adamos, Konstantinos – Grammato pou los, Athanasios – Di Franco, Fabio (2022): Addressing the EU Cybersecurity Skills Shortage and Gap through Higher Education. Publications Office of the European Union, 03 January 2022. Online:

Sanborn, Howard – Thyne, Clayton L. (2013): Learning Democracy: Education and the Fall of Authoritarian Regimes. British Journal of Political Science, 44(4), 773–797. Online:

Sarri, Anna – Kyra noud i, Pinelopi – Thirriot, Aude – Charelli, Federico – Dom inique , Yang (2020): National Capabilities Assessment Framework. Publications Office of the European Union, December 2020. Online:

Šendelj, Ramo – Ognjanović, Ivana (2015): Cyber Security Education in Montenegro: Current Trends, Challenges, and Open Perspectives. 7th Annual International Conference on Education and New Learning Technologies (EDULEARN15), 08 July 2015. Online:

Shen, Xinmei (2022): China’s Demand for Cybersecurity Talent Will Exceed Supply by over 3 Million in Five Years, Says Education Ministry Report. SCMP, 08 September 2022. Online:

The White House (2022): Fact Sheet: Biden–Harris Administration Actions to Attract STEM Talent and Strengthen our Economy and Competitiveness. The White House, 21 January 2022. Online:

Trump, Donald J. (2019): America’s Cybersecurity Workforce. The White House, 02 May 2019. Online:

Uren, Tom – Hogeveen, Bart – Hanson, Fergus (2018): Defining Offensive Cyber Capabilities. Australian Strategic Policy Institute, 04 July 2018. Online:

Voo, Julia – Hemani, Irfan – Jones, Simon – DeSombre, Winnona – Cassidy, Dan – Schwarzenbach, Anina (2020): National Cyber Power Index 2020. Belfer Center for Science and International Affairs, September 2020. Online:

Xiangzhan, Yu – Hongli, Zhang – Haining, Yu – Zhihong, Tian – Jianhong, Zhai – Zhut ing, Pan (2016): Cyberspace Security Competition and Talent Management. Strategic Study of Chinese Academy of Engineering, 18(6), 49–52. Online:

Ziv, Amitai (2020): Cellphone Hacking and Millions in Gulf Deals: Inner Workings of Top Secret Israeli Cyberattack Firm Revealed. Haaretz, 07 September 2020. Online:


Download data is not yet available.