Australia is one of the world’s most powerful nations in cyberspace but we still has a lot of room to improve, according to a new report from Harvard.

Using public data, the National Cyber Power Index ranks countries based on their cyber strength and has put Australia in the top ten.

The ranking is based on seven factors: domestic surveillance, national cyber defence, controlling information, gathering foreign intelligence, commercial gain, offensive capabilities, and the development norms and technical standards.

“Cyber Power is made up of multiple components and should be considered in the context of a country’s national objectives,” the report says.

“We take an all-of-country approach to measuring cyber power. By considering ‘all-of-country’ we include all aspects under the control of a government where possible.”

Researchers at the Harvard Kennedy School’s Belfer Center for Science and International Affairs analysed countries for those seven factors before working them into two indices – capability and intent – which are combined to make the full cyber power ranking.

Unsurprisingly, the US and China topped the list, followed by the UK and Russia with the Netherlands rounding out the top five.

Of the seven deciding factors, Australia performs exceptionally well at standards development (7th) but only comes in 14th for offensive operations.

More telling is the big discrepancy between Australia’s cyber intent and capability, ranked 8th and 16th respectively.

Tom Uren, a senior analyst in the Australian Strategic Policy Institute’s International Cyber Policy Centre, told Information Age he suspected Australia’s capability was higher than Harvard’s report suggests.

“I’m surprised how lowly we ranked on some measures,” Uren said.

“The reported is limited in that they use open source data. So many countries are reluctant to share their operations and often it’s the countries that are worst at it which get caught.

“But I do think the idea of trying to capture national cyber power is a good one.”

Despite its possible flaws, Uren still thinks the Harvard report points at existing inadequacies with Australia’s cyber posture.

“It takes effort across many dimensions and in Australia we have a somewhat haphazard approach to cyber,” Uren said.

“We do well when we think it’s important, but it is not generally part of the whole strategy.

“Data protection especially is still a problem that does not get the same focus here as it does in other places.”

The government has made steps toward greater cyber capability this year following a string of cyber attacks on Australian businesses and government agencies.

In late June, it announced a $1.35 billion spend on cybersecurity and then published an overdue update to the national Cyber Security Strategy.

“In the recent strategy there was a lot of money going to defence and law enforcement – for me that strategy is more for government than the country as a whole.

“With some of the discussions going on at the moment – you'd think if we were really serious, we would have done all that five years ago.”

Havard's top ten most cyber powerful countries

  1. United States
  2. China
  3. United Kingdom
  4. Russia
  5. Netherlands
  6. France
  7. Germany
  8. Canada
  9. Japan
  10. Australia