The issue of cyber security is not new but rather has developed for more than a half-century. Nowadays, cyber security has been a daily issue that can be found anywhere, from the news that reports spam, scams, frauds, and identity theft, to academic articles that discuss cyber warfare, cyber espionage,...
The issue of cyber security is not new but rather has developed for more than a half-century. Nowadays, cyber security has been a daily issue that can be found anywhere, from the news that reports spam, scams, frauds, and identity theft, to academic articles that discuss cyber warfare, cyber espionage, and cyber defense (Dunn-Cavelty, 2010). These significantly bring the issue of cyber security to become more important and relevant in recent years. Nevertheless, it remains a complicated task to approach cyber security as merely a simple issue of ‘network security’ or ‘individual security’ as it connects to a larger issue of “the state,” “society,” “the nation,” and “the economy” (Ibid, p. 1155).
Our interpretation of cyber security will not be only informed by what we perceive to be the most significant to our daily life, but also by the view of the government and other prominent actors. The interplay of political expression with the variety of cyber threats (Cavelty, 2013, p. 105) is one of the reasons why it is difficult to approach cyber security issues. Fortunately, this did not stop scholars from trying to discuss the issue. This literature review will try to address two concepts of cyber security: ‘ cyber security’ (Cavelty 2010) and ‘cyber securitization’ (Hansen and Niessenbaum, 2010). There is an interconnected relation between these two notions of cyber security that helps enlighten the contemporary discussion of the issue among scholars. Dunn-Cavelty (2010, p. 363) defines Cybersecurity as ‘both about the insecurity created through cyberspace and about technical and non-technical practices of making it (more) secure.’ This definition attempt to present that cyber security is not merely a ‘technical’ issue, which is always associated with computer science, cryptography, or information technology, as with many cybersecurity-related types of research that have been discussed in recent years (e.g. Vacca 2013, McLean 2013). In reality, cyber security entails larger study areas and complex matters. To further explain it, she categorizes ‘three interlocking cyber-security discourses’, which are ‘technical discourse’ that encompasses the matters of ‘viruses, worms, and other bugs,’ ‘crime-espionage discourse’ that involves the issue of ‘cyber-crooks and digital spies,’ and ‘military-civil defense discourse’ that entails the subject of ‘cyber(ed) conflicts and vital system security’ (pp. 364-369).
Dunn-Cavelty’s categorization is based on the interplay between the threat’s sources and threatened object, and to understand this relationship, the work of Hansen and Niessanbaum (2010) in using Copenhagen’s securitization theory will be helpful. By using the idea of securitization, they theorize cyber security ‘as a distinct sector with a constellation of threats and referent objects’ (Ibid, p. 1155). The major point to understanding the cyber threat potential magnitude is ‘the networked character of computer systems’ that ‘control physical objects such as electrical transformers, trains, pipeline pumps, chemical vats, and radars’ (Ibid, p. 1161). To more explain it, they use three grammars of cyber securitization, which are hyper securitization to explain ‘an expansion of securitization beyond a “normal” level of threats and dangers by defining “a tendency both to exaggerate threats and to resort to excessive countermeasures” (Ibid, p. 1163), every day security practice that describe the experiences of securitizing actors, including business and private organizations and mobilize “normal” individuals in two ways: ‘to secure the individual’s partnership and compliance in protecting network security, and to make hyper securitization scenarios more plausible by linking elements of the disaster scenario to experiences familiar from everyday life’ (Ibid, p. 1165), and technification that points to the important role of technical expert as securitizing actor in ‘legitimizing cyber security, on their own as well as in supporting Hyper securitizations and in speaking with authority to the public about the significance of its everyday practices’ (Ibid, p. 1169).
In addition to the significance of the interaction between collective threats and threatened objects, the three grammars of cyber securitization show the important role of securitization actors in cyber security, which according to Dunn-Cavelty in another article (2013) brought ‘heterogeneous political manifestation’ that ‘linked to different threat representations’ (p. 105). Dunn-Cavelty notes that the securitization actors in cyber security are not only government as visible elite actors but also non-government as less visible actors (Ibid, p. 118). She argues that these actors shape ‘a reservoir of acceptable threat representations’ that affects the cyber security practice (Ibid, p. 115). Furthermore, she explains that the three-cyber threat representations, which are biologizing technology, socio-politic clusters, and interdependent human-machine vulnerabilities, are solidified by the attribution problem of cyber nature that refers to the difficulty to identify the sources of a cyber-attack and their motivations(Ibid, p. 113). Unless the attackers declare they are responsible for the threat, like Al Qaida in the 9/11 tragedy, they will remain unknown, as in the case of Estonia (Hansen and Niessanbaum, 2010, p. 1170). Dewar (2014) explains that ‘the goal of cyber security is to enable operations in cyberspace free from the risk of physical or digital harm’ (p. 18). How countries perceive the accumulation of interplays within securitization elements in cyber security issues and the attribution problem makes their cyber security strategy and policy different from each other. Dewar uses a triptych term to explain three paradigms of cyber security defense, which are Active Cyber Defense (ACD) ‘which focuses on identifying and neutralizing threats and threat agents both inside and outside the defender’s network, Fortified Cyber Defense (FCD) that ‘builds a protective environment’, and Resilience Cyber Defense (RCD) that ‘focuses on ensuring system continuity’ (Ibid). Moreover, he illustrates that the ACD is categorically adopted by the United States and the United Kingdom, while Germany uses the FCD, and the EU and Japan adopt the RCD (Ibid). Cyber security is a compound issue. There is extensive literature on the issue discussing how it can be connected to many different matters that contribute to the development of cybersecurity study and practice. This literature review only highlights two concepts within the literature on how cyber security is conceptualized, viewed, and responded to as a national security issue. The cyber security issue will remain a contested matter in the future, and we can be confident that more will be discussed on this subject.
545
