[petra]

So most countries can acquire a world class cybersecurity capabilities.

What's the difference between what they can do, and what the leading countries in cybersecurity (US, Israel) can do(offensively and defensively)?

Is there a significant difference?

[tptacek]

It's a big open question. There likely are things that only the G7+N can accomplish; when you see cryptographic advances in implants and exploits, that's a good sign; hardware implants and deep OEM supply chain attacks are another. But nuts and bolts CNE? It's hard to say, and hard to say how much damage any country could do if motivated.

The other big question is how much this stuff applies to defense. The US presumably has better defensive capabilities than Iran could hope to have, by far. But better enough to matter? Open question.

[ajcp]

Took quite a few decades, if not centuries, for defensive capabilities to gain parity with/negate offensive ones after the introduction of gunpowder. I think the approach to cybersecurity thus far has been to try and protect against the projectile, instead of the instrument from which it's deployed. Buckle up.