Some relatively small states such as Estonia, Finland, Israel, and Singapore have become significant providers of national cyber-defense for their populations, regularly ranking alongside far larger states such as the US. This development is puzzling for security scholars as it represents a departure from the prevailing assumption that larger states with more resources will be better positioned to provide national defense for their populations. This project, therefore, examines (1) the components of cyber capability and cyber vulnerability driving national defense needs and given that, (2) how these states, these Mice that Roar, allocated resources in an effort to attain capabilities and address particular vulnerabilities.
Ultimately, this research will illustrate that the resources states need to deploy in order to defend against an ongoing attack or recover from a previous attack are largely housed outside the military and even the government itself. Significantly, these states, given their size and geographically precarious position, have historically deployed unique models for national defense emphasizing both public-private and civilian-military cooperation. Their organization of national defense against kinetic threats (air, land, and sea), therefore, provided a favorable, preexisting framework for addressing the emerging realities of the cyber domain. In other words, in contrast to larger states like the US, these states have been able to more coherently incorporate cyber defense into their national defense postures because they were able to leverage an existing societal defense architecture.
