Pretty much and the US and its five eyes allies are the kings of soft power in espionage. Blaming people for hacking them while being the biggest hackers of them all, etc. The West is either oblivious or true believers. But really at the end of the day it's more or less the side that you are on that determines your truth, not the actual truth.

The issue then is that we thought China was on our side, then we discovered that not really they had their own ambitions which do not coincide with ours. And so we're slowing trying to take away as much power as we can from them so we can bring them under control. These pronouncements then are an attack on China's soft power as everyone is doing it anyway all the time.

It seems at the same time China is attempting to establish its own power structure while trying to negotiate with the West, look for instance at the moves it is making with Iran.

You can't build an effective defense in cyber, or we haven't over the past 20 years. It's all offense. One senior three letter agency guy said if cyber were a football match, the score would be 421-420 at the 20min mark. It's all offense, so blaming one side for being the aggressor is a weird point.

What offence did EU do? Genuinely curious, because it seems it's all defence over here, unlike the other big powers in the world.

I know that the dutch papers were super proud the intelligence agency had hacked multiple Russian institution.

Is this the intelligence on the "Cozy Bear" hacker group? Because in a sense that is defence and not offence if you investigate a hacker group, possibly linked with russian intelligence, that is hacking into your own ministries.

You're probably right about the offensive aspect - the member states very often disagree on much simpler issues, I can't imagine them getting their act together on something as controversial.

As for defense, the EU can't do much, sorry. Most interesting things are done at the hardware level. As for software, maybe they could sponsor security code reviews of some critical elements of open source ecosystem and encourage users to use them, but it would work only if these users used these components exclusively which is never going to happen, even in government.

In 2015ish Dan Geer, a prominent cybersecurity expert got up and said in a talk, we don't know if vulnerabilities are sparse in quantity or dense. If they are sparse and there is actually such thing as a system that can be secured by doing the work of patching all the vulns up, then Dan argues that the US should be paying double what everyone else pays for bug bounties, so that the vulns get patched up and anybody who attempts to hide secret vulns will be aware their competitor(s) is going to cash in and be pressured to do so themselves.

If vulnerabilities are dense and there will always be more than we can patch.. well computers are a strange beast.

You forgot about Dre, I mean Snowden?

I mean isn't that in reality of actual usage defensive hacking though?

The US isn't waging aggressive offensive hacking wars against other countries beyond targeting weapons r&d. The same can't be said of Russia, China, etc.

The US does have such capabilities but has been far more restrained in the use of them than its enemies.

True, it's not like they use it for economical gain agains companies from allied countries. That would be bad right? * cough * Echelon * cough

I wasn't aware of this. Thank you for bringing it to my attention.

Exactly: Without defensive actions such as spying on top officials, who knows what rogue states like Germany would get up to...