There are many ways how governments can gain, achieve and project cyber power. For example, Healey (2016) claims that still too much emphasis is currently placed on the success or failure of offensive and defensive capabilities, rather than other factors and on long-term national security outcomes. It is apparent that these capabilities are and will be very closely linked to the concept of cyber power, and that both policy (decision) makers and academics are interested in it for obvious reasons. Next, it is also possible to argue that an efficient cyber defense is the focal prerequisite for gaining and increasing power in cyberspace, since it is almost impossible to project power in cyberspace when the nation states have insufficient military power. However, this hard-cyber power approach to winning in cyberspace through military domination is plausibly short-sighted. Nation states should really aim to incorporate many other variables into their grand strategies and policies in cyberspace and use a holistic approach to the integrated government capacity to achieve cyber power. Therefore, this article focused on the identification of factors that could jeopardize integrated government capacity (or so-called whole of government approach) in cyber defense and more specifically the focus was narrowed down to the field of civil-military interagency cooperation within a nation state. Research has demonstrated that in today’s hyper-connected world, the traditional state practice just fades away. Global uncomfortable changes in warfare domains gradually force states to rethink many aspects of their military strategies and policies, including cyber defense. With cyber threats evolving into new, complex forms, the lack of fresh, modern solutions at the national level becomes a handicap and will make it difficult for the nation state to project its cyber power. With the understanding of the extensiveness of the cyber issue and its dynamic nature, six critical areas have been identified where further consideration is needed. The area could strongly affect the establishment of integrated government capacity or a strategic framework for cyber power in general. According to findings, the most important factors (for the lowest to highest impact) are:
• Idiosyncratic/Personality factors;
• Incompatible objectives;
• Structural barriers;
• Inexperience and lack of proven models;
• Competition for resources;
• Lack of guidance by political leaders.
The impact of personal likes or dislikes together with stereotyping and uncooperative attitudes are apparent even in the world of cyber defense. According to practice, rationality is simply not always present. Subjective elements, such as human factors, could easily undermine the will and trust between agencies and make cooperation impossible. Hence, nation states should pay attention even to this factor which seems to be minor, but like everywhere else, it could grow into a big issue. On the other hand, the effect of the factor could be minimized through policy design in the cyber defense and security areas. Next, the incompatible objectives of each state agency could bring a lot of problems to the cooperation on cyber defense. Cyberspace itself is a cross-cutting domain and ensuring cyber defense means to deal with a cross-government issue. There is still a lack of common understanding among decision-makers or chiefs of relevant agencies and departments that the issue is a national topic, nor the responsibility of one or a few agencies in the state. A consensus on cyber defense should be reached across military and nonmilitary institutions and joint prioritization should be done as well on the governmental level. Especially, the intelligence agencies should be more open to cooperation with other relevant actors and leave their traditional isolationist approach within the state security apparatus. Structural barriers to cooperation, such as bureaucracy and operational constraints, can make cooperation hard as well. Maintaining the status quo and a lack of willingness to change the agenda or perform new activities and tasks is another issue that could easily jeopardize the cooperation on cyber defense. These barriers are also seen as hardly removable as the culture of overcentralized control leaves little space for initiative. Decisions should come from the top in this regard. It is primarily a military issue and the army’s way of conducting business. The problem of facilitating horizontal cooperation outside the military world is evident and should be overcome to ensure cyber defense more effectively and on time. Lack of experience and shortage of best practice is an unsurprisingly an essential factor that could negatively impact the cooperation on cyber defense. It could be an enormous problem especially for the more rigid military, but in contrast, it could be a great opportunity to approach the challenge and establish a new and effectively functioning system of cyber defense cooperation between civilians and military spheres. It is also perceived from the practice that state agencies or ministries are not an exception regarding power and budget struggles. With countries focusing on the new challenges posed by cyber threats and developing their capabilities to tackle them, there is also a new opportunity to gain more political power or financial resources from the state budget. These struggles are not exclusive to civilian and military dichotomy; however, they could easily result in a rivalry between state agencies. It is not perhaps exclusive to cyber security and defense only but could be happening in other trending agendas such as hybrid warfare or space security. The most significant challenge in bridging the obvious gap between civilian and military actors seems to be the lack of political direction and a clear vision on cyber matters from political leaders. It is sometimes a result of scattering the national responsibility for cyber defense among too many civilian and military institutions, together with the lack of enlightened politicians eager to lead in cyber defense effectively. The main issue here could be that leaders must meticulously review all existing policies in the context of cyber defense to ensure cyber defense properly. Finally, a lot of respondents also mentioned the importance of the legal and ethical aspects of this kind of cooperation. Legal elements complement political and organizational factors and they are also implied within them to some extent. Cyber defense as a mechanism of responding to the sheer scale of cyber threats is not just a technical discipline, it is linked to a vast range of legal and ethical issues. Therefore, the cyber defense principles, measures, and responsibilities of each actor must be enshrined in the law to protect society from abuses of power and guarantee citizens their rights and freedoms. However, besides that, it also helps to set clear responsibilities of official authorities dealing with cyber defense and it provides a solid ground for the cooperation. In contrast, the lack of relevant legislation or legal vagueness makes setbacks for any kind of cooperation. All these factors could seriously jeopardize the unity of effort at the governmental level and overall cooperation in cyber defense. Therefore, nation states should continuously review their system of collaboration among relevant state military nonmilitary actors and focus on these sets of factors. In practice, it is obvious that all negative factors could be overcome or prevented only when a clear vision and leadership eclipse the self-interest of agencies. States and their decision-makers should approach cyber defense as a new agenda where creating a symbiotic relationship across both civilian and military agencies is necessary. The classic distinctions between military and civilian worlds are simply less clear-cut in cyber defense. If the nation state has an ambition to gain and project cyber power, it should make the joint cyber defense a cornerstone of plans for future development and strategic orientation. A unification of differing perceptions of the mission and each other’s role within the cyber defense system is needed to establish a fully functioning integrated government capacity. A culture of shared responsibility must be inherent too. Based on the findings, it is also possible to make some recommendations for a proper working model of cooperation on cyber defense. It should be based on governmental level actions such as: regular joint cyber defense exercises at both technical and strategic level; operational situational awareness and intensive information sharing and exchange; clarifying the exact roles and responsibilities in the national (cyber) defense system and making cyber leaders from all relevant decision-makers and head of agencies. Especially the enlightened leaders can manage and drive their institution to become a better counterpart for cooperation.