See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/324413927

Literature Review on Cyber Security Discourse

Preprint · February 2017

DOI: 10.13140/RG.2.2.24802.43201

CITATIONS READS

0 6,921

1 author:

Miftahul Ulum
Universitas Muhammadiyah Jakarta
5 PUBLICATIONS   0 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Personal Project View project

All content following this page was uploaded by Miftahul Ulum on 10 April 2018.

The user has requested enhancement of the downloaded file.

Cyber Security - Literature Review
The issue of cyber security is not new but rather has developed more than a half-
century. The arrest of an East German spy in IBM’s German by West Germany’s
police in 1968 was acknowledged as the first case of cyber espionage (Warner, 2012,
p. 784). In 1983, high school student that was inspired by WarGames movie and
called their selves as 414s successfully got inside the unclassified military networks
(Ibid, p. 787). Ten years ago, “the first real war in cyberspace” attacked Estonia and
put the country into “a national security situation” (Hansen and Niessenbaum, 2010,
p. 1168). Nowadays, cyber security has been a daily issue that can be found
anywhere, from the news that reports spam, scams, frauds, and identity theft, to
academic articles that discuss cyber warfare, cyber espionage, and cyber defense
(Dunn-Cavelty, 2010). These significantly bring the issue of cyber security become
more important and relevant in recent years. Nevertheless, it remains a complicated
task to approach cyber security as merely a simple issue of ‘network security’ or
‘individual security’ as it connects to a larger issue of “the state,” “society,” “the
nation,” and “the economy” (Ibid, p. 1155). Our interpretation of cyber security will
not be only informed by what we perceive to be the most significant to our daily life,
but also by the view of the government and other prominent actors. The interplay of
political expression to the variety of cyber threat (Cavelty, 2013, p. 105) is one of the
reasons why it is difficult to approach cyber security issue. Fortunately, this did not
stop scholars from trying to discuss the issue. This literature review will try to address
two concepts of the security of cyber; the first is ‘cyber security’ (Cavelty 2010) and
the second is ‘cyber securitization’ (Hansen and Niessenbaum, 2010). There is an
interconnected relation between these two notions of cyber security that helps
enlighten the contemporary discussion of the issue among scholars.
Dunn-Cavelty (2010, p. 363) defines Cyber-security as ‘both about the insecurity
created through cyberspace and about technical and non-technical practices of making
it (more) secure.’ This definition attempt to present that cyber security is not merely a
‘technical’ issue, which always associated with computer science, cryptography or
information technology, as with many cyber security related researches that have been
discussed in recent years (e.g. Vacca 2013, McLean 2013). In reality, cyber security
entails larger study areas and complex matters. To further explain it, she categorizes
‘three interlocking cyber-security discourses’, which are ‘technical discourse’ that
encompasses the matters of ‘viruses, worms, and other bugs,’ ‘crime-espionage
discourse’ that involves the issue of ‘cyber-crooks and digital spies,’ and ‘military-
civil defense discourse’ that entails the subject of ‘cyber(ed) conflicts and vital system
security’ (pp. 364-369).
The Dunn-Cavelty’s categorization is based on the interplay between the threats
sources and threatened object, and to more understand this relationship, the work of
Hansen and Niessanbaum (2010) in using Copenhagen’s securitization theory will be
helpful. By using the theory of securitization, they theorize cyber security ‘as a
distinct sector with a particular constellation of threats and referent objects’ (Ibid, p.
1155). The major point to understanding the cyber threat potential magnitude is ‘the
networked character of computer system’ that ‘control physical objects such as
electrical transformers, trains, pipeline pumps, chemical vats, and radars’ (Ibid, p.
1161). To more explain it, they use three grammars of cyber securitization, which are
hypersecuritization to explain ‘an expansion of securitization beyond a “normal” level
of threats and dangers by defining “a tendency both to exaggerate threats and to resort
to excessive countermeasures” (Ibid, p. 1163), every day security practice that
describe the experiences of securitizing actors, including business and private
organizations and mobilize “normal” individuals in two ways: ‘to secure the
individual’s partnership and compliance in protecting network security, and to make
hypersecuritization scenarios more plausible by linking elements of the disaster
scenario to experiences familiar from everyday life’ (Ibid, p. 1165), and technification
that points to the important role of technical expert as securitizing actor in
‘legitimizing cyber security, on their own as well as in supporting
hypersecuritizations and in speaking with authority to the public about the
significance of its everyday practices’ (Ibid, p. 1169).
In addition to significance of the interaction between collective threats and threatened
objects, the three grammars of cyber securitization show the important role of
securitization actors in cyber security, in which according to Dunn-Cavelty in other
article (2013) brought ‘heterogeneous political manifestation’ that ‘linked to different
threat representations’ (p. 105). Dunn-Cavelty notes that the securitization actors in
cyber security are not only government as visible elite actors, but also non-
government as less visible actors (Ibid, p. 118). She argues that these actors shape ‘a
reservoir of acceptable threat representations’ that affects the cyber security practice
(Ibid, p. 115). Furthermore, she explains that the three-cyber threat representations,
which are biologizing technology, socio-politic clusters, and interdependent human-
machine vulnerabilities, are solidified by the attribution problem of cyber nature that
refers to the difficulty to identify the sources of a cyber-attack and their motivations
(Ibid, p. 113). Unless the attackers declare they are responsible for the threat, like Al
Qaida in 9/11 tragedy, they will remain unknown, as in the case of Estonia (Hansen
and Niessanbaum, 2010, p. 1170).
Dewar (2014) explains that ‘the goal of cyber security is to enable operations in
cyberspace free from the risk of physical or digital harm’ (p. 18). How country
perceive the accumulation of interplays within securitization elements in cyber
security issue and the attribution problem makes their cyber security strategy and
policy are different each other. Dewar uses triptych term to explain three paradigms
of cyber security defense, which are Active Cyber Defense (ACD) that ‘focuses on
identifying and neutralizing threats and threat agents both inside and outside the
defender’s network, Fortified Cyber Defense (FCD) that ‘builds a protective
environment’, and Resilience Cyber Defense (RCD) that ‘focuses on ensuring system
continuity’ (Ibid). Moreover, he illustrates that the ACD is categorically adopted by
the United States and the United Kingdom, while Germany use the FCD, and the EU
and Japan adopt the RCD (Ibid).
Cyber security is a compound issue. There is an extensive literature on the issue
discussing how it can be connected to many different matters that contribute to the
development of cyber security study and practice. This literature review only
highlights two concepts within the literature on how cyber security is conceptualized,
viewed, and responded as a national security issue. The cyber security issue will
remain contested matter in the future, and we can be confident that more will be
discussed on this subject.

Word count: 1098

 Reference:
Dewar, R. 2014. ‘the Triptych of Cyber Security: A Classification of Active Cyber
Defense’. 6th International Conference on Cyber Security
Dunn-Cavelty, M. 2010. ‘Cyber Security’ in A. Collins, Contemporary Security
Studies. Oxford: OUP
Dunn-Cavelty, M. 2013. From Cyber-Bombs to Political fallout: threat
Representations with an impact in Cyber-Security Discourse. International
Studies Review, 15, pp. 105-122
Hansen, L. and Niessanbaum, H. 2009. Digital Disaster, Cyber Security, and the
Copenhagen School. International Studies Quarterly, 53, pp. 1155-1175
McLean, S. 2013. Beware the Botnets: Cyber Security is a Board Level Issue.
Intellectual Property & Technology Law Journal, 25 (12), pp. 22-27
Warner, M. 2012. Cybersecurity: A Pre-history. Intelligence and National Security,
27 (5), pp. 781-799
Vacca, JR. 2013. Cyber Security and IT infrastructure protection. Waltham: Steven
Elliot

View publication stats