The issue of cyber security is not new but rather has developed for more than a half-century. Nowadays, cyber security has been a daily issue that can be found anywhere, from the news that reports spam, scams, frauds, and identity theft, to academic articles that discuss cyber warfare, cyber espionage,...
The issue of cyber security is not new but rather has developed for more than a half-century. Nowadays, cyber security has been a daily issue that can be found anywhere, from the news that reports spam, scams, frauds, and identity theft, to academic articles that discuss cyber warfare, cyber espionage, and cyber defense (Dunn-Cavelty, 2010). These significantly bring the issue of cyber security to become more important and relevant in recent years. Nevertheless, it remains a complicated task to approach cyber security as merely a simple issue of ânetwork securityâ or âindividual securityâ as it connects to a larger issue of âthe state,â âsociety,â âthe nation,â and âthe economyâ (Ibid, p. 1155).
Our interpretation of cyber security will not be only informed by what we perceive to be the most significant to our daily life, but also by the view of the government and other prominent actors. The interplay of political expression with the variety of cyber threats (Cavelty, 2013, p. 105) is one of the reasons why it is difficult to approach cyber security issues. Fortunately, this did not stop scholars from trying to discuss the issue. This literature review will try to address two concepts of cyber security: ‘ cyber securityâ (Cavelty 2010) and âcyber securitizationâ (Hansen and Niessenbaum, 2010). There is an interconnected relation between these two notions of cyber security that helps enlighten the contemporary discussion of the issue among scholars. Dunn-Cavelty (2010, p. 363) defines Cybersecurity as âboth about the insecurity created through cyberspace and about technical and non-technical practices of making it (more) secure.â This definition attempt to present that cyber security is not merely a âtechnicalâ issue, which is always associated with computer science, cryptography, or information technology, as with many cybersecurity-related types of research that have been discussed in recent years (e.g. Vacca 2013, McLean 2013). In reality, cyber security entails larger study areas and complex matters. To further explain it, she categorizes âthree interlocking cyber-security discoursesâ, which are âtechnical discourseâ that encompasses the matters of âviruses, worms, and other bugs,â âcrime-espionage discourseâ that involves the issue of âcyber-crooks and digital spies,â and âmilitary-civil defense discourseâ that entails the subject of âcyber(ed) conflicts and vital system securityâ (pp. 364-369).
Dunn-Caveltyâs categorization is based on the interplay between the threatâs sources and threatened object, and to understand this relationship, the work of Hansen and Niessanbaum (2010) in using Copenhagenâs securitization theory will be helpful. By using the idea of securitization, they theorize cyber security âas a distinct sector with a constellation of threats and referent objectsâ (Ibid, p. 1155). The major point to understanding the cyber threat potential magnitude is âthe networked character of computer systemsâ that âcontrol physical objects such as electrical transformers, trains, pipeline pumps, chemical vats, and radarsâ (Ibid, p. 1161). To more explain it, they use three grammars of cyber securitization, which are hyper securitization to explain âan expansion of securitization beyond a ânormalâ level of threats and dangers by defining âa tendency both to exaggerate threats and to resort to excessive countermeasuresâ (Ibid, p. 1163), every day security practice that describe the experiences of securitizing actors, including business and private organizations and mobilize ânormalâ individuals in two ways: âto secure the individualâs partnership and compliance in protecting network security, and to make hyper securitization scenarios more plausible by linking elements of the disaster scenario to experiences familiar from everyday lifeâ (Ibid, p. 1165), and technification that points to the important role of technical expert as securitizing actor in âlegitimizing cyber security, on their own as well as in supporting Hyper securitizations and in speaking with authority to the public about the significance of its everyday practicesâ (Ibid, p. 1169).
In addition to the significance of the interaction between collective threats and threatened objects, the three grammars of cyber securitization show the important role of securitization actors in cyber security, which according to Dunn-Cavelty in another article (2013) brought âheterogeneous political manifestationâ that âlinked to different threat representationsâ (p. 105). Dunn-Cavelty notes that the securitization actors in cyber security are not only government as visible elite actors but also non-government as less visible actors (Ibid, p. 118). She argues that these actors shape âa reservoir of acceptable threat representationsâ that affects the cyber security practice (Ibid, p. 115). Furthermore, she explains that the three-cyber threat representations, which are biologizing technology, socio-politic clusters, and interdependent human-machine vulnerabilities, are solidified by the attribution problem of cyber nature that refers to the difficulty to identify the sources of a cyber-attack and their motivations(Ibid, p. 113). Unless the attackers declare they are responsible for the threat, like Al Qaida in the 9/11 tragedy, they will remain unknown, as in the case of Estonia (Hansen and Niessanbaum, 2010, p. 1170). Dewar (2014) explains that âthe goal of cyber security is to enable operations in cyberspace free from the risk of physical or digital harmâ (p. 18). How countries perceive the accumulation of interplays within securitization elements in cyber security issues and the attribution problem makes their cyber security strategy and policy different from each other. Dewar uses a triptych term to explain three paradigms of cyber security defense, which are Active Cyber Defense (ACD) âwhich focuses on identifying and neutralizing threats and threat agents both inside and outside the defenderâs network, Fortified Cyber Defense (FCD) that âbuilds a protective environmentâ, and Resilience Cyber Defense (RCD) that âfocuses on ensuring system continuityâ (Ibid). Moreover, he illustrates that the ACD is categorically adopted by the United States and the United Kingdom, while Germany uses the FCD, and the EU and Japan adopt the RCD (Ibid). Cyber security is a compound issue. There is extensive literature on the issue discussing how it can be connected to many different matters that contribute to the development of cybersecurity study and practice. This literature review only highlights two concepts within the literature on how cyber security is conceptualized, viewed, and responded to as a national security issue. The cyber security issue will remain a contested matter in the future, and we can be confident that more will be discussed on this subject.