Cyber-threats

Over the past decade, many public figures have portrayed attacks by means of computers – so called cyber-threats – as one of the gravest threats to national security today (cf. Poulsen 1999; Porteus 2001). What is remarkable about this threat representation is that while viruses, worms or cyber-crime are an undisputed and everyday reality, major disruptive cyberattacks with grave impact, which would substantiate such reasoning, have remained mere chimeras. This raises at least two questions: first, why this threat representation has gained so much salience and continues to occupy such a prominent position among ‘new threats’ (as many of the post-Cold War threats are called); and second, to what extent the continued treatment of cyber-threats as a national security issue of highest priority is justified. From a constructivist viewpoint, national security has always been about the social

construction of specific issues as a threat, and about the definition of desirable responses to these issues. In the case of new threats, security professionals face an even greater need to establish a credible link to national security, because the national security dimension is less explicit when the environment, the society or the economy are concerned (Buzan et al. 1998). The necessity to make a convincing case for (national) security is even more pronounced as new threats are often framed as ‘risks’ (Daase et al. 2002; Rasmussen 2001): risks are indirect, unintended, uncertain and are, by definition, situated in the future, since they only materialize in reality when they are instantiated. Therefore, risks exist in a permanent state of virtuality and are only actualized through anticipation (van Loon 2002: 2). In the case of many new threats, threat images are thus characterized by reference to potential catastrophic occurrences in the future; and anticipation of these future disasters, rather than past experiences or solid justification for the current level of threat, is the main reason for action in the present. Once this key characteristic has been recognized, the analysis of threat representations

seems to become inevitable for understanding the politics surrounding new threats. This chapter therefore shows in a first section how the case for security is argued in three instances of cyber-threats – cyber-crime, cyber-terrorism and cyber-war – in particular, how the depiction of the threat is based on building ‘threat clusters’, in which traditional security issues are discursively interlinked with less typical ones, and which partly explain why these threat representations are so prominent. This chapter then looks at how justified these

threat representations are, noting a high tendency for exaggeration due to the uncertainty surrounding the exact level of threat. It also addresses how a feasible ‘security threshold’ could be established, the need for which is well exemplified in the following quote: ‘Setting the security trigger too low on the scale risks paranoia … setting it too high risks failure to prepare for major assaults until too late’ (Buzan 1991: 115). In the third section, a glimpse into the future is provided: what can be said about the future potential for cyber-doom? The chapter ends by pointing out likely trends and action that should be taken by the international community to ensure that cyber-doom will never become a reality.

The cyber-threats debate originated in the US in the late 1980s, gained great momentum in the mid-1990s, and spread to other countries in the late 1990s. Both the threat perception and the envisaged countermeasures were shaped by the US over the years, with only little variation in other countries (Brunner and Suter 2008). On the one hand, the debate was decisively influenced by the larger post-Cold War strategic context, in which the notion of asymmetric vulnerabilities, epitomized by the multiplication of malicious actors (both state and non-state) and their increasing capabilities to do harm started to play a key role. On the other hand, discussions about cyber-threats always were and still are influenced by the ongoing information revolution, which is about the dynamical evolution and propagation of information and communication technologies into all aspects of life (Dunn and Brunner 2007). The US is also shaping the information revolution both technologically and intellectually, particularly by discussing its implications for International Relations and security (cf. Alberts and Papp 1997; Arquilla and Ronfeldt 1997; Henry and Peartree 1998) and acting on these assumptions. Against this backdrop, this chapter shows how cyber-threat clusters were formed over the years, looking in particular at cyber-crime, cyber-terrorism and cyber-war – all three of which coexist side by side today – and problematizes these characterizations.