Professional Documents
Culture Documents
Cavelty2008 Cyber-Terror-Looming Threat or Phantom Menace
Cavelty2008 Cyber-Terror-Looming Threat or Phantom Menace
To cite this article: Dr. Myriam Dunn Cavelty PhD (2008) Cyber-Terror—Looming Threat or Phantom Menace? The Framing of
the US Cyber-Threat Debate, Journal of Information Technology & Politics, 4:1, 19-36, DOI: 10.1300/J516v04n01_03
Taylor & Francis makes every effort to ensure the accuracy of all the information (the “Content”) contained
in the publications on our platform. However, Taylor & Francis, our agents, and our licensors make no
representations or warranties whatsoever as to the accuracy, completeness, or suitability for any purpose of the
Content. Any opinions and views expressed in this publication are the opinions and views of the authors, and
are not the views of or endorsed by Taylor & Francis. The accuracy of the Content should not be relied upon and
should be independently verified with primary sources of information. Taylor and Francis shall not be liable for
any losses, actions, claims, proceedings, demands, costs, expenses, damages, and other liabilities whatsoever
or howsoever caused arising directly or indirectly in connection with, in relation to or arising out of the use of
the Content.
This article may be used for research, teaching, and private study purposes. Any substantial or systematic
reproduction, redistribution, reselling, loan, sub-licensing, systematic supply, or distribution in any
form to anyone is expressly forbidden. Terms & Conditions of access and use can be found at http://
www.tandfonline.com/page/terms-and-conditions
Cyber-Terror–
Looming Threat or Phantom Menace?
The Framing of the US Cyber-Threat Debate
Myriam Dunn Cavelty
ABSTRACT. For some years, experts and government officials have warned of cyber-terrorism
Downloaded by [University of Otago] at 01:51 01 September 2014
Myriam Dunn Cavelty, PhD, is Head of the New Risks Research Unit, Center for Security Studies (CSS), ETH
Zurich, Switzerland; Coordinator of the Crisis and Risk Network (CRN), a Swiss-Swedish Internet and workshop
initiative for international dialog on national-level security risks and vulnerabilities; and Lecturer at the University
of Zurich and the Swiss Federal Institute of Technology. Dr. Dunn Cavelty holds a degree in political science, mod-
ern history, and international law from the University of Zurich.
Address correspondence to: Myriam Dunn Cavelty, Center for Security Studies (CSS), ETH Zurich, WEC,
Weinbergstrasse 11, CH-8092 Zurich, Switzerland (E-mail: dunn@sipo.gess.ethz.ch).
This paper has won the “Millennium Award 2006 for an Outstanding Research Paper by a Younger Scholar”
from the Comparative Interdisciplinary Studies Section of the International Studies Association. The author would
like to thank seven anonymous reviewers for their insightful comments and suggestions for improvements.
Journal of Information Technology & Politics, Vol. 4(1) 2007
Available online at http://jitp.haworthpress.com
© 2007 by The Haworth Press. All rights reserved.
doi:10.1300/J516v04n01_03 19
20 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS
cept that was closely linked to the critical infra- which these two groups differ is whether or to
structure protection (CIP) debate on the what degree there is a credible or likely connec-
national security agenda. tion between terrorism and cyber-terrorism be-
While governments and the media repeat- yond the suspected vulnerability of critical
edly distribute information about cyber- infrastructures (cf. Nicander & Ranstorp, 2004,
threats, real cyber-attacks resulting in deaths p. 15) and consequently, at what point in future
and injuries remain largely the stuff of Holly- time such an attack might occur. While it is
wood movies or conspiracy theory. In fact, undisputed in both communities that cyber-at-
menacing scenarios of major disruptive occur- tacks and cyber-incidents cause major incon-
rences in the cyber-domain, triggered by mali- veniences and have cost billions of US dollars
cious actors, have remained just that– in lost intellectual property, maintenance and
scenarios. Nonetheless, for the US government repair, lost revenue, and increased security in
(and to a lesser degree other governments the last couple of years (Cashell, Jackson,
around the world), the decision has been far Jickling, & Webel, 2004), these two groups dif-
more straightforward: it considers the threat to fer considerably in their assessment of the fu-
Downloaded by [University of Otago] at 01:51 01 September 2014
national security to be real, has extensively ture point in time at which such an attack might
studied various aspects of cyber-threats, and occur, and some even doubt whether there truly
spends considerable sums on a variety of coun- is a national security threat linked to the Internet
termeasures (Abele-Wigert & Dunn, 2006). and the information infrastructure.
This observation raises interesting questions The main reason for this controversy is that
from a security studies perspective: Why and cyber-threats have not materialized as a na-
how is a threat that has little or no relation to tional security threat, even granted that there
real-world occurrences included on the secu- have been some few incidents with at least
rity political agenda? Are there specific some potential for grave consequences. Inter-
characteristics that make it particularly likely to estingly enough, both hypers and de-hypers
be there? tend to agree on this point. But while the first
Due to its vague nature, cyber-terrorism is a group assumes that vicious attacks that wreak
playfield for very different and diverse commu- havoc and paralyze whole nations are immi-
nities, concerned with topics such as freedom nent, more cautious researchers often point to
of speech and Internet censorship (Gladman, the practical difficulties of a serious cyber-
1998; Weimann, 2004a); cyber crime in con- attack (Ingles-le Nobel, 1999), question the as-
nection with terrorism (Sofaer & Goodman, sumption of critical infrastructure vulnerabilities
2000); or information warfare and sub-state (Lewis, 2002; Smith, 1998, 2000), or point to
groups (Devost, Houghton, & Pollard, 1997; unclear benefits of cyber-attacks for terrorist
Rathmell, Overill, Valeri, & Gearson, 1997). groups (Barak, 2004). Despite this caution,
This article will focus on cyber-threats and however, even the second group contends that
cyber-terror broadly framed as a national secu- one “cannot afford to shrug off the threat”
rity issue. Previous research on the topic has (Denning, 2001a) due to unclear and rapid fu-
generally been highly specific and policy-ori- ture technological development as well as dy-
ented (Alberts & Papp, 1997; Arquilla & namic change of the capabilities of terrorism
Ronfeldt, 1996) and has often uncritically groups themselves (Technical Analysis Group,
adopted arguments on the nature and scale of 2003). To summarize the debate in a nutshell:
cyber-terrorism from official statements or due to too many uncertainties concerning the
pieces of media coverage.2 This is epitomized scope of the threat, experts are unable to con-
in the tendency of many authors to hype the is- clude whether cyber-terror is fact or fiction, or,
sue with rhetorical dramatization and alarmist since they are unwilling to dismiss the threat
warnings (cf. Arquilla, 1998; Schwartau, completely, how long it is likely to remain fic-
1994). On the other hand, the considerable hype tion.
has brought forth a counter-movement of more So far, relatively few attempts have been
cautious voices that are deliberately more spe- made to apply IR theory in analyzing this devel-
cific in their estimates of the threat (cf. Lewis, opment, with a few exceptions (Eriksson &
2002; Wilson, 2003). The key question on Giacomello, 2006; Giacomello & Eriksson,
Myriam Dunn Cavelty 21
2007; partly Latham, 2003). Research that has considering the salience of this threat rather
focused particularly on aspects of the construc- than simply arguing over its significance, it
tion of information-age security threats is also pushes the debate in a new direction and pro-
little influenced by theory or is mostly outdated vides much-needed grounding and reference
(Bendrath, 2001, 2003; Eriksson, 2001b; newer: for the public debate on cyber-security.
Bendrath, Eriksson, & Giacomello, 2007; Dunn This paper has three parts. First, the theoreti-
Cavelty, in press). There is an agreement, cal framework is introduced. Second, the paper
though, that the elusive and unsubstantiated na- reconstructs how cyber-threats in general and
ture of cyber-threats means that approaches cyber-terror in particular have been framed and
rooted in the constructivist mindset with a sub- treated over the years. Third, specific traits of
jective ontology are particularly suitable for its cyber-threat frames are analyzed.
analysis. Such approaches are typically linked
to the constructivist research agenda and apply
critical self-reflection to the inherently contra- THE FRAMING
dictory and problematic concept of security. OF SECURITY THREATS
Downloaded by [University of Otago] at 01:51 01 September 2014
vague notion signifying the malicious use of in- ism at the top of his list of modern threats to the
formation and communication technologies ei- American way of life in 1999, when he said that
ther as a target or as a weapon. Cyber-terrorism “in my opinion, neither missile proliferation nor
is one clear case of a cyber-threat. As the issue weapons of mass destruction are as serious as the
of cyber-terrorism has grown in popularity over threat [of cyberterrorism]” (Poulsen, 1999). In
the years, it has also acquired a range of mean- September 2002, Richard Clarke, former Spe-
ings, depending on the context in which it is cial White House Adviser for Cyberspace Secu-
used. rity, told ABC News: “[Cyber- terrorism is]
The term cyber-terrorism was allegedly much easier to do than building a weapon of
coined in the 1980s by Barry Collin, a senior re- mass destruction. Cyber-attacks are a weapon of
search fellow at the Institute for Security and mass disruption, and they’re a lot cheaper and
Intelligence in California, as a hybrid term that easier” (Wallace, 2002).
encompasses the concepts of cybernetics and What is the meaning of such statements, one
terrorism (Collin, 1997; Conway, 2002). In might ask? At all times, the cyber-threats de-
subsequent years, the term cybernetics was re- bate was (and is) highly political. It is not only
Downloaded by [University of Otago] at 01:51 01 September 2014
placed by the term cyberspace, so that the con- about predicting the future, but also about how
cept is now composed of two elements: cyber- to prepare for it in the present. As a result of this,
space and terrorism. As both concepts are noto- turf battles on different levels of government
riously difficult to define, cyber-terror itself are the rule and ongoing. As there have been no
was and still is a very elusive and poorly-de- major destructive attacks on the cyber-level,
fined concept. Academics agree in general that different scenarios, which are stories about
to be labeled cyber-terrorism, cyber-incidents possible futures, are providing the grounds on
must be mounted by sub-national terrorist which decisions have to be made. The different
groups,4 be aimed at parts of the information in- actors involved–ranging from government
frastructure, instill terror by effects that are suf- agencies to the technology community to insur-
ficiently destructive or disruptive to generate ance companies–with their divergent interests
fear, and must have a political, religious, or are therefore competing with each other by
ideological motivation (Denning, 2000, 2001a, means of constructed versions of the future
2001b; Devost, Houghton, & Pollard, 1997; (Bendrath, 2001, 2003). Ultimately, it is about
Nelson, Choi, Iacobucci, Mitchell, & Gagnon, resources and about who is in charge to counter
1999; Pollitt, 1997). the threat.
According to this definition, none of the The so-called Copenhagen School of Secu-
larger and smaller disruptive cyber-incidents rity, in particular, developed an approach that
that we have experienced in the last couple of focuses on the process of bringing an issue from
years has been an example of cyber-terrorism. a politicized or even non-politicized stage into
Even though most terrorist groups have seized the security domain. This process is called se-
on the opportunity accorded by the information curitization (Buzan, Wæver, & Wilde, 1998).
revolution through an established multiple The process is seen as a socially constructed,
Web presence, access to uncensored propa- contextual speech act (Austin, 1962; Searle,
ganda, and by using the Web as an auxiliary re- 1969), meaning that by uttering the word secu-
cruitment and fundraising tool (Thomas, 2003; rity or another term expressing the need for ex-
Weimann, 2004a; Weimann, 2004b), cyber- ceptional measures, a professional of security,
space has so far mainly served as a force-multi- most often a state representative, claims a spe-
plier in intelligence gathering and target-acqui- cial right to use any means necessary to counter
sition for terrorist groups and not as an a certain threat (Wæver, 1995). Ultimately, this
offensive weapon. Despite this, the term is used means that issues become security issues not
frequently in the political domain, detached necessarily because a real existential threat ex-
from any academic definition of the issue, as a ists, but because the issue is successfully pre-
specter depicting a terrorist and a keyboard, sented and established by key actors in the
wreaking havoc that can disrupt an entire soci- political arena as such a threat. Securitization
ety. Somewhat exemplary, Congressman Curt studies aim to gain an understanding of who
Weldon (R-Pennsylvania) placed cyber-terror- securitizes (the actor) which issues (the threat
Myriam Dunn Cavelty 23
subject), for whom or what (the referent ob- tests for the legitimate definition of reality are
ject), why (the intentions and purposes), with held by ways of different categories as ex-
what results (the outcome), and under what pressed in frames. In the case of threat framing,
conditions (the structure) (Buzan, Wæver, & the process of categorizing something as a par-
Wilde, 1998, p. 32). ticular threat has practical consequences when
To explain why certain issues seem more key actors begin seeing the world according to
susceptible to securitization than others, and these categories.
this is also the focus of this article, some schol- Framing theory addresses three main ques-
ars have established a stronger link to (cogni- tions, the second of which will be our main
tive) framing research that looks at special traits focus: (a) how frames influence social action;
of the threat frames employed by key actors (b) which frames are particularly successful for
(Eriksson, 2001a; Eriksson, 2001b; Eriksson & what reasons; and (c) how frames can be changed
Noreen, 2002). Frame theory is rooted in lin- (Snow & Benford, 1988). There are three types
guistic studies of interaction and points to the of framing (ibid. 199-202):
way shared assumptions and meanings shape
Downloaded by [University of Otago] at 01:51 01 September 2014
the interpretation of any particular event (Oli- a. diagnostic framing, which is about
ver & Johnston, 2000). We understand fram- clearly defining a problem and assigning
ing to refer to the subtle selection of certain blame for the problem to an agent or
aspects of an issue in order to cue a specific re- agencies. In other words, this is about
sponse; the way an issue is framed explains designating that which appears to be
who is responsible and suggests potential solu- threatening (the subject of the threat im-
tions conveyed by images, stereotypes, mes- age or threat subject) and what is per-
sengers, and metaphors (Ryan, 1991, p. 59; ceived as threatened (the object of the
Snow & Benford, 1992; Snow, Rocheford, threat image or referent object);
Worden, & Benford, 1986). In threat framing, b. prognostic framing, which is about of-
government officials and experts use certain fering solutions, and proposing specific
phrases and also certain types of stories to add strategies, tactics, and objectives by
urgency to their case. Specific uses of language which these solutions may be achieved;
dramatize the actual threat: the use of specific c. motivational framing, to rally the troops
phrases and words make its construction as a behind the cause or a call for action.
national security threat possible in the first
place. Since there is no real-world reference for To this list, they add a fourth key element, frame
the threat, constant persuasion is required to resonance, meaning that the frame content
sustain the sense that it is a real danger. And be- must appeal to the existing values and beliefs of
cause the national security dimension is not
the target audience to become effective.
completely obvious, it is necessary to use spe-
In the following, we will conduct a mini-case
cific analogies (Cohn, 1987).
Frame analysis can be seen as a strand of dis- study on the framing of the US cyber-terror
course analysis that mainly focuses on relevant discourse. Even though such an approach does
content and argumentation (Gamson, 1992). not help to determine whether cyber-terror is
Framing is an empirically observable activity: fact or fiction or how long it will remain fiction,
frames are rooted in and constituted by we can identify those traits that have made
group-based social interaction, which is avail- cyber-threats such prominent features on the
able for first-hand observation, examination, national security policy agendas. Data for the
and analysis of texts (Snow & Benford, 1992). case study was collected from official policy
The high relevance of frames as social patterns papers, hearings, and other statements of key
is an outcome of the fact that frames define actors. Top-level documents reflect actual
meaning and determine actions. Specifically, presidential intentions, as opposed to public
socially accepted frames influence the actions statements of purpose, which frequently leave
of actors and define meaning in the public mind out sensitive details and, on occasion, directly
(Gamson, 1992, p. 110; Snow, Rocheford, conflict with the stated goals of the administra-
Worden, & Benford, 1986, p. 464). Social con- tion.
24 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS
encryption technology and led to the Computer aspect can be attributed to changing threat per-
Security Act of 1987,5 and the second one linked ceptions and other developments in the US mil-
to the growing problem of computer crime, itary: We can observe a close link of the early
which led to the Computer Abuse Act of cyber-threats debate to the US Revolution in
1984/866 that laid the groundwork for the pros- Military Affairs–which refers to the strategic,
ecution of computer crimes in the US. operational, and tactical consequences of the
The first official threat frame can be found in marriage of systems that collect, process, and
National Security Decision Directive Number communicate information with those that apply
145 on National Policy on Telecommunica- military force (Tilford, 1995)–and the subse-
tions and Automated Information Systems Se- quent development of an information war-
curity issued on September 17, 1984 (The fare-information operations doctrine (Dunn,
White House, 1984): 2002). While technology was seen mainly as a
force enabler for a considerable number of
The technology to exploit these elec- years until after the end of the Cold War, the US
tronic systems is widespread and is used developed the fear that their huge conventional
extensively by foreign nations and can be military dominance would force any kind of ad-
employed, as well, by terrorist groups versary–states or sub-state groups–to resort to
and criminal elements. Government sys- asymmetric means, such as weapons of mass
tems as well as those which process the destruction, information operations, or terror-
private or proprietary information of US ism in the future (Kolet, 2001). The 1991 Gulf
persons and businesses can become tar- War played a large role in demonstrating the
gets for foreign exploitation. benefits of the information differential pro-
vided by the information systems employed
As we will see below, this threat frame al- (Campen, 1992; Eriksson, 1999), but it was
ready contains most of the ingredients of the also the Gulf War that birthed fear of the down-
current threat frame, even though in a slight side of this development mainly through expe-
variation. The threat subject ranges from for- riences with the threat of data intrusion as
eign nations to terrorists to criminals. There is perpetrated by hacker attacks against 34
an emphasis on foreign exploitation, which Department of Defense computer sites during
seems to rule out that the problem could stem the conflict (Devost, 1995).
from US citizens. The referent object at this In the aftermath of the Oklahoma City bomb-
stage is limited to government systems and ing in April 1995, the issue of cyber-threats was
business systems that carry relevant informa- definitely established as one the military estab-
tion. lishment could and should not deal with alone,
Further, we can see that it is a fairly narrow and it was closely connected to the concept of
threat frame that is concerned mainly about critical infrastructure protection. The advan-
classified material and not about the soci- tages in use and dissemination of ICT were seen
Myriam Dunn Cavelty 25
scope of the incident is to investigate. And the The PCCIP presented its report in the fall of
authority to investigate such matters and to ob- 1997 (PCCIP, 1997). The international impact
tain the necessary court orders or subpoenas of this document was such that it led to the firm
clearly resides with law enforcement (Vatis, establishment of the topic of cyber-threats and
1998). US domestic law also gave the armed critical infrastructure protection on the security
forces’ lawyers headaches, because an attack agenda of various countries (Abele-Wigert &
on US infrastructures could originate in Iraq as Dunn, 2006; Dunn & Wigert, 2004). Clinton
well as in the US. A military counter-strike followed the recommendations of the PCCIP in
through cyberspace might therefore unwit- May 1998 with his Presidential Decision Direc-
tingly constitute an operation of US armed tives (PDD) 62 and 63 (White House, 1998a,
forces on domestic territory, which is prohib- 1998b). Clinton’s master plan adopted a two-
ited by the Posse Comitatus Act of 1878.7 fold response to cyber-threats: On the one hand,
One direct outcome of the Oklahoma City the intelligence community and the law en-
bombing was Presidential Decision Directive forcement agencies together built up further ca-
39, which directed Attorney-General Janet pacities for investigations of cyber-crimes, like
Reno to lead a government-wide effort to re-ex- computer forensics tools or close surveillance
amine the adequacy of the available infrastruc- of the hacker community; On the other hand,
ture protection. As a result, Reno convened a because of the amorphous nature of these
working group to investigate the issue and re- non-state actors and unknown enemies, a lot of
port back to the cabinet with policy options effort was put into hardening the critical infra-
(Freeh, 1997). The review, which was com- structures (Bendrath, 2001).
pleted in early February 1996, particularly The distinct image of the cyber-terrorist also
highlighted the lack of attention that had been appears during these years. First mentioned in a
given to protecting the cyber-infrastructure of public hearing in 1998, cyber-terror quickly
critical information systems and computer net- became one of the catchphrases of the debate.
works. Thus, the topic of cyber-threats was Poor definitions and careless use of terminol-
linked to the topics of critical infrastructure ogy by many government officials is a major
protection and terrorism. Subsequently, Presi- obstacle for meaningful discussion of the
dent Bill Clinton started to develop a national cyber-terror issue. A statement of President
protection strategy with his Presidential Com- Bill Clinton, who was very influential in shap-
mission on Critical Infrastructure Protection ing the perception of the issue, can serve as an
(PCCIP) in 1996, and the issue remained a very example of this semantic ambiguity. In his for-
high priority during his presidency and had a eign policy farewell lecture at the University of
strong position in all the National Security Nebraska at Kearney in December 2000, he
Strategies between 1995 and 1999. identified the need to pay attention to new
The years 1997/1998 in particular were a wa- security challenges like cyber-terrorism, and
tershed in terms of the views on cyber-threats. said:
26 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS
One of the biggest threats to the future is 2001), terms that are frequently used in
going to be cyberterrorism–people fool- hearings, interviews, and press articles.
ing with your computer networks, trying The events of 11 September 2001 served to
to shut down your phones, erase bank re- further increase the awareness of vulnerabili-
cords, mess up airline schedules, do ties and the sense of urgency in protecting criti-
things to interrupt the fabric of life. cal infrastructures (Bush, 2001a, 2001b). First
and foremost, the attacks of 9/11 provided a
(Bowman, 2000, para. 7)
reason to restructure the overall organizational
framework of critical infrastructure protection
Both the PDD 62 and 63 and the National
(CIP) in the US. In the immediate aftermath of
Plan follow the PCCIP’s reasoning and cement 9/11, President George W. Bush signed two
the winning and dominant threat frame. After Executive Orders (EO) affecting CIP. With EO
that date, all the threat frames that are employed 13,228, entitled Establishing the Office of
in public hearings and other documents resem- Homeland Security and the Homeland Security
ble the PCCIP’s threat frame. In the report, it is Council of 8 October 2001, Bush set up an Of-
stressed that dependence on the information
Downloaded by [University of Otago] at 01:51 01 September 2014
homeland security. While Clinton’s PDD-63 formation contained in the database, it contin-
focused primarily on cyber-security, it gave the ues to draw criticism for including thousands of
national coordinator responsibility to coordi- assets that many believe have more local im-
nate the physical and virtual security for all portance than national importance. A DHS re-
critical infrastructures. The above-mentioned port summarizing the results of Cyber Storm, a
Executive Orders not only segregated respon- four-day exercise designed to test how industry
sibility for protecting the nation’s information and the government would respond to a con-
infrastructure, but also considerably strength- certed cyber-attack on key information sys-
ened the physical aspect vis-à-vis the aspect of tems, was seen as another indicator for
cyber- attacks. insufficient progress made (DHS, 2006).
As a result of this, many critical voices were Cyber Storm suggested that government and
heard disapproving of the extent of the atten- private-sector participants had trouble recog-
tion given to the cyber-dimension. The fact that nizing the coordinated attacks, determining
the government’s first cyber-security chief whom to contact, and organizing a response.
abruptly resigned after one year with the US Despite this, it can be argued that the attacks
Downloaded by [University of Otago] at 01:51 01 September 2014
Department of Homeland Security raised seri- of 11 September 2001 did not bring many
ous questions in the press about the Bush ad- changes for the overall strategy–and, regard-
ministration’s ability to quickly improve the less of what might be commonly expected, did
nation’s cyber-security (cf. Gross, 2004; Mark, not bring any changes in the threat frames.
2004; Verton, 2004). Negative press was part
What we do see, however, is that at least ini-
of the reason why the second secretary of home-
land security, Michael Chertoff, proposed to tially, one main focus in public hearings was on
restructure the IAIP Directorate responsible the possibility of terrorists using cyber-means
for CIP and rename it the Directorate of Pre- for attacks. In addition, a number of studies
paredness as one of his Second Stage Review were conducted in the aftermath of 9/11 that fo-
recommendations in 2005 (Chertoff, 2005). cused on Muslim terrorists and their cyber-ca-
Later, the Information Analysis function was pabilities (National Infrastructure Protection
merged into a new Office of Intelligence and Center, 2002; TAG, 2001; Vatis, 2001). At this
Analysis. The Infrastructure Protection func- time, officials’ attention shifted from hackers
tion, with the same missions as outlined in the depicted as terrorists towards terrorist hackers,
Homeland Security Act, remained, but was and specifically Muslim ones. The few exam-
joined by other existing and new entities. In ples cited below again show how volatile and
addition, the restructuring established the po- unfounded the cyber-threat assessments still
sition of an assistant secretary for cyber secu- were. In his Senate testimony on The Terrorist
rity and telecommunications, which had long Threat Confronting the United States in Febru-
been advocated by many within the cyber- ary 2002, Dale L. Watson, the FBI’s executive
security community, and of an assistant secretary assistant director on counter-terrorism and
forinfrastructureprotection(Moteff,2007,p.15). counterintelligence, talked about an emerging
Generally speaking, the Bush administra- threat:
tion became bogged down in the details of im-
plementing its own strategy. Shortly before the Beyond criminal threats, cyber space also
beginning of Operation Iraqi Freedom in 2003, faces a variety of significant national se-
the DHS identified a list of 160 assets or sites curity threats, including increasing threats
that it considered critical to the nation, based on from terrorists . . . . Cyberterrorism–
their vulnerability to attack and potential con- meaning the use of cyber tools to shut
sequences. Over time, according to the DHS in- down critical national infrastructures
spector general, this initial priority list evolved (such as energy, transportation, or gov-
into what is now called the National Asset Data- ernment operations) for the purpose of
base, which, as of January 2006, contained over coercing or intimidating a government or
77,000 entries (Moteff, 2006; Moteff, 2007, civilian population–is clearly an emerg-
p. 25). While the DHS has reportedly made ing threat. (Watson, 2002, Cyber/Na-
progress on improving the reliability of the in- tional Infrastructure section, para. 2, 3)
28 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS
In March of 2002, the intelligence commu- hand, the prevalent threat frame was widely ac-
nity’s new global threat estimate was presented cepted and therefore highly stable. Not only
to Congress. CIA director George J. Tenet, was the diagnosis–a very wide range of poten-
when discussing possible cyber-attacks, talked tial perpetrators–accepted, but so was the prog-
mostly about terrorists, after having focused his nosis: Whether cyber-terror or cyber-warfare,
attention on the whole range of actors in previ- the countermeasures as laid out in the National
ous years (Tenet, 1997, 1998, 1999): Plan and Bush’s National Strategy to Secure
Cyberspace seemed to satisfy decision-mak-
We are also alert to the possibility of ers. In addition, all the turf battles between vari-
cyber warfare attack by terrorists . . . . At- ous agencies had been fought in the 1990s, so
tacks of this nature will become an in- that this specific threat occurred in a more set-
creasingly viable option for terrorists as tled phase: The lead of the law enforcement
they and other foreign adversaries be- community and the crucial importance of pub-
come more familiar with these targets, lic-private partnerships were widely accepted
and the technologies required to attack by all actors involved. The establishment of the
Downloaded by [University of Otago] at 01:51 01 September 2014
them. (Tenet, 2002, terrorism section, DHS, propagated as a step towards pulling
para. 9) down the artificial walls between institutions
that deal with internal threats and others that
In the CIA Answers to Questions for the Re- deal with external ones, did not fundamentally
cord, dated April 8, 2002, it is further specified change this perception: it merely changed parts
that of the organizational setting.
combines two of the great fears of the late 20th groups as the most dangerous threat. He said,
century: The fear of random and violent victim- “There are terrorist groups that are interested
ization and the distrust or outright fear of com- [in conducting cyber attacks]. We now know
puter technology, which both feed on the fear of that al Qaeda was interested. But the real major
the unknown (Pollitt, 1997). Terrorism is threat is from the information-warfare brigade
feared, and is meant to be feared, because it is or squadron of five or six countries” (Cha &
perceived as being random, incomprehensible, Krim, 2002, p. A02).
and uncontrollable. Technology, including in- Given this uncertainty, it is not surprising
formation technology, is feared because it is that the prognostic part of the frame remained
seen as complex, abstract, and arcane in its im- far more contested than the diagnostic part dur-
pact on individuals. Because computers do ing the entire debate. Issues of how to counter
things that used to be done by humans, there is the threat, mainly questions concerning re-
a notion of technology being out of control, a sponsibilities, were discussed until approxi-
recurring theme in political and philosophi- mately 1997, when the PCCIP threat frame
cal thought (Winner, 1977) that is even offered a solution that appealed to everyone.
Downloaded by [University of Otago] at 01:51 01 September 2014
no exceptional measures envisaged that would infrastructure on the one hand, and ever-more
traditionally fall under the purview of national complex interdependencies between infra-
security apparatus. Therefore, the cyber- structures on the other. The information infra-
threats debate is an example of a failed securiti- structure, including its physical and cyber-
zation (cf. Bendrath, 2001). If we turn once components, is often named as a concrete target
again to securitization theory, the criterion of cyber-terror and, more generally, of cyber-
given by securitization theory is that issues be- threats. In the agent dimension, a danger has
come securitized when they are taken out of the been constructed that emanates from an enemy
“normal bounds of political procedure,” which who is located outside of the US, both in geo-
in turn amounts to a call for exceptional mea- graphical and in moral terms. This picture of a
sures (Buzan, Wæver & Wilde, 1998, p. 24). In dangerous other reinforces the idea of the na-
addition, securitization moves are only suc- tion as a collective self. The use of phrases like
cessful if an audience accepts the security argu- our computers or our infrastructures amplifies
ment (ibid., p. 25). A study of cyber-threat this effect. The reference object of security is
frames offer a possible interpretation of this: the entire US society. The logical and political
Downloaded by [University of Otago] at 01:51 01 September 2014
Even though the diagnostic part of current implication of this is that defense against
cyber-threat frames establishes a forceful link cyber-attacks comes under the purview of
to national security, the prognostic part does national security policy.
not. And apparently, the prognostic part, However, it was argued that the prognostic
which is about offering solutions, and propos- frame is more important than the diagnostic
ing specific strategies, tactics, and objectives threat frame. In fact, it is likely that the PCCIP
by which these solutions may be achieved, is threat frame has prevailed due to its prognostic
more important, as it is, ultimately, about real part rather than to its diagnostic one. Despite
consequences. the fact that there is national security rhetoric in
abundance, the actual countermeasures in
place rely on risk analysis and risk manage-
CONCLUDING REMARKS ment. This business rationale is forced upon
governments due to the fact that the private in-
In this paper, it was shown that terrorists dustry owns and operates about 85% to 95% of
have not used cyberspace as a weapon or target the US critical infrastructures and key assets,
so far, though they routinely make use of com- depending on the source. Therefore, much of
puters, the Internet, or cryptography for organi- the expertise and many of the resources re-
zational purposes. However, there is a lot of quired for planning and taking better protective
uncertainty as to the future development of this measures lie outside the federal government
threat. To answer the question of “how (Baird, 2002; Bosch, 2002; Goodman et al.,
likely–how soon” we would need concrete in- 2002). As a result, it is necessary to delegate a
telligence data of which non-state actor is likely large part of the responsibility for the protection
to employ cyber-tools as an offensive weapon of critical infrastructure to the private owners
at what point in time (Nicander & Ranstorp, and operators. Whereas the traditional logic of
2004, pp. 12-13)–data which is not available. A national security suggests unilateral govern-
different approach has therefore been chosen in ment action and policy, CIP policies are inevi-
this paper: It looked at the cyber-threat dis- tably blurred by domestic considerations and
course from a constructivist security studies other policy imperatives. In contrast to the logic
perspective and identified key aspects of the of security, the logic of risk is not binary, but
cyber-threat frame (and cyber-terror frame) in probabilistic. It is a constant process towards a
order to determine what aspects might be re- desired outcome. Thus, managing risk is essen-
sponsible for its strong position on the national tially about accepting that one is insecure, but
security agenda. constantly patching this insecurity, working to-
We find that on the rhetorical level, the dan- wards a future goal of more security (Kristen-
ger is said to be caused by new and poorly un- sen, in press).
derstood vulnerabilities due to dependence of Ultimately, all of this has a desecuritizing ef-
society on the information and communication fect. Desecuritization as the unmaking of secu-
Myriam Dunn Cavelty 31
rity has been considered a technique for cyber-security, which could reduce much of the
defining down threats, in other words, a nor- insecurity of the information infrastructure,
malization of threats that were previously con- and thus also diminish the vulnerability of
structed as extraordinary. This normalization is society.
a process by which security issues lose their se-
curity aspect, making it possible to interpret
them in multiple ways, and therefore, allows
more freedom both at the level of interpretation NOTES
and in actual politics or social interaction
(Aradau, 2001). Despite the fact that the securi-
1. Data availability and possibility for replication:
tization of cyber-threats has failed, as shown in This study tries to incorporate the notion that the manner
this article, the national security logic is upheld in which people and institutions interpret and represent
on the rhetorical level. This, on the one hand, phenomena and structures makes a difference for the
makes it easier in theory to start new securitiza- outcomes. This ontology reflects an epistemology that
tion moves and to challenge the current prog- is based on intersubjectivity, which sees subject and
Downloaded by [University of Otago] at 01:51 01 September 2014
nostic frame. On the other hand, it means that object in the historical world as a reciprocally interre-
the fuzzy notions of cyber-threats and cyber- lated whole (Adler and Haas, 1992, p. 370; Cox, 1992,
p. 135). Data is analyzed using a hermeneutical interpre-
terror will most certainly remain on the national tive method of text analysis, which is the most suitable
security agenda. Therefore, decision-makers approach for questions raised by post-positivist theories
should be careful not to foment cyber-angst to an and speech act theory in particular (Adler, 1997). There
unnecessary degree, even if the threat cannot be is no claim that hypotheses need to be falsified in Pop-
completely shrugged off. In seeking a prudent per’s sense; instead, the entire research community acts
policy, the difficulty for decision-makers is to as “ultimate tribunal of truth” (Howarth, 2000, p. 142)
navigate the rocky shoals between hysterical so that the analysis is ultimately legitimate when it is
persuasive, consistent, and coherent.
doomsday scenarios and uninformed compla- 2. The media routinely features sensationalist head-
cency. It is clear that the focus should continue lines that cannot serve as a measure of the problem’s
to be on a broad range of potentially dangerous scope. Examples of such articles include the following:
occurrences involving cyber- means and tar- Christensen, J. (1999, April 6). Bracing for guerrilla
gets, including failure due to human error or warfare in cyberspace. CNN Interactive; Kelley, J.
technical problems apart from malicious at- (2001, February 6). Terror groups hide behind Web en-
tacks. This not only does justice to the complex- cryption. USA Today; McWilliams, B. (2001, December
17). Suspect claims Al Qaeda hacked Microsoft–Expert.
ity of the problem but also prevents us from Newsbytes; FBI: Al Qaeda may have probed govern-
carelessly invoking the specter of terrorism. ment sites. (2002, January 17). CNN.; and Islamic
It has in fact been argued that one solution to cyberterror: Not a matter of if but of when. (2002, May
the problem of cyber-security is to focus on 20). Newsweek.
economic and market aspects of the issue rather 3. As Geoffrey French put it, referring to the diver-
than on suitable technical protection mecha- sity of terminology in a variety of information warfare
nisms (Andersson, 2001). If we apply this articles (French, 2000), “Before too long, the articles
seem to have been written by Lewis Carroll, with dire
viewpoint, we quickly realize that the insecu- warnings of the Jabberwock, the Jubjub bird, and the
rity of the Internet can be compared to environ- frumious Bandersnatch.”
mental pollution and that cyber-security in fact 4. This definition’s main weakness is that it does not
shows strong traits of a public good that will be apply a critical approach to the concept of terrorism. By
underprovided or fail to be provided at all in the deliberately not addressing the problem at the heart of
private market. Public goods provide a very im- all definitions of terrorism (“one person’s terrorist is an-
portant example of market failure, in which in- other person’s freedom fighter”), we avoid investigating
the difficulty and subjectivity of labelling a person or
dividual behavior seeking to gain profit from group terrorist.
the market does not produce efficient results 5. Computer Security Act of 1987, Public Law
(Dunn & Mauer, 2007; Suter, 2007). Clearly, 100-235, H.R. 145, (1988), (100th Congress).
looking at cyber-security as an economic prob- 6. The Counterfeit Access Device and Computer
lem means to desecuritize the issue even fur- Fraud Abuse Act, 18 U.S.C. § 1030 (1984).; Computer
ther. At the same time, to focus on market Fraud and Abuse Act (U.S.) 18 U.S.C. § 1030(a) (1986).
aspects of the issue can help create a market for 7. 18 U.S.C. § 1385 (1878).
32 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS
Social Science Research Council. Retrieved May 2, reality? The Non-Proliferation Review, 6, 57-64.
2007 from http://www.ssrc.org/sept11/essays/denning. Eriksson, J. (Ed.). (2001a) Threat politics: New per-
htm spectives on security, risk and crisis management.
Denning, D. E. (2001b). Activism, hacktivism, and Aldershot, England: Ashgate.
cyberterrorism: The Internet as a tool for influencing Eriksson, J. (2001b). Cyberplagues, IT, and security:
foreign policy. In J. Arquilla & D. Ronfeldt (Eds.), Threat politics in the information age. Journal of
Networks and netwars: The future of terror, crime, Contingencies and Crisis Management, 9, 211-222.
and militancy (pp. 239-288). Santa Monica, CA: Eriksson, J. & Giacomello, G. (2006). The information
RAND. revolution, security, and international relations:
Department of Homeland Security (DHS). (2006, Sep- (IR)relevant theory? International Political Science
Review, 27, 221-244.
tember 12). Cyber storm: Exercise report. Washing-
Eriksson, J., & Noreen, E. (2002). Setting the agenda of
ton, DC. Retrieved May 3, 2007 from http://www.
threats: An explanatory model (Uppsala Peace Re-
dhs.gov/xlibrary/assets/prep_cyberstormreport_sep06.
search Papers, 6). Uppsala, Sweden: Uppsala
pdf
Universitet. Retrieved May 2, 2007 from http://
Deutch, J. (1996, June 25). Testimony of the Director of
www.pcr.uu.se/publications/UPRP_pdf/uprp_no_6.
U.S. Central Intelligence before the Senate Govern-
pdf
mental Affairs Committee, Permanent Subcommittee Exec. Order No. 13,228, 3 C.F.R. 796 (2001).
on Investigations. Exec. Order No. 13,231, 66 Fed. Reg. 53,063 (2001).
Devost, M. G. (1995). National security in the informa- Fisher, U. (2001, November). Information age state se-
tion age. Unpublished master’s thesis, University of curity: New threats to old boundaries. Journal for
Vermont, Burlington. Retrieved May 7, 2007 from Homeland Security. Retrieved May 2, 2007 from
http://www.devost.net/papers/national_security_in_the_ http://www.homelandsecurity.org/journal/articles/
information_age.html fisher.htm
Devost, M. G., Houghton, B. K., & Pollard, N. A. Freeh, L. J. (1997, May 13). Statement of Louis J. Freeh,
(1997). Information terrorism: Political violence in Director, Federal Bureau of Investigation, Depart-
the information age. Terrorism and Political Vio- ment of Justice. In U.S. Senate Committee on Appro-
lence, 9, 72-83. priations, Counterterrorism: Hearing before the
Dunn Cavelty, M. (in press). Cyber-security and threat Committee on Appropriations, United States Senate,
politics: US efforts to secure the information age. One Hundred Fifth Congress, first session: Special
London: Routledge. Hearing. Retrieved May 2, 2007 from http://www.
Dunn Cavelty, M. & Mauer, V. (in press). Concluding fas.org/irp/congress/1997_hr/sh105-383.htm
remarks: The role of the state in securing the infor- French, G. S. (2000). Shunning the frumious band-
mation age–challenges and prospects. In M. Dunn ersnatch: Current literature on information warfare
Cavelty, V. Mauer, & S. Krishna-Hensel (Eds.). and deterrence. The Terrorism Research Center, Inc.
Power and security in the information age: Investi- Retrieved May 2, 2007 from http://www.terrorism.
gating the role of the state in cyberspace. Aldershot, com
England: Ashgate. Gamson, W. A. (1992). Talking politics. Cambridge,
Dunn, M. & Wigert, I. (2004). The international CIIP England: Cambridge University Press.
handbook 2004: An inventory of protection policies Giacomello, G. & Eriksson J. (Eds.). (2007). Interna-
in fourteen countries. Zurich, Switzerland: Center tional relations and security in the digital age. Lon-
for Security Studies. don: Routledge.
34 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS
Gladman, B. (1998, September). Wassenaar controls, Mark, R. (2004, October 1). U.S. cybersecurity chief re-
cyber-crime and information terrorism. Leeds, UK: signs. eSecurity Planet. Retrieved May 3, 2007 from
Cyber-Rights & Cyber-Liberties (UK). Retrieved http://www.esecurityplanet.com/trends/article.php/
May 2, 2007 from http://www.cyber-rights.org/crypto/ 3416161
wassenaar.htm Molander, R. C., Riddle, A. S, & Wilson, P. A. (1996).
Gross, G. (2004, October 1). U.S. cybersecurity chief re- Strategic information warfare: A new face of war.
signs: Amit Yoran, said to be frustrated with prog- Santa Monica, CA: RAND.
ress, gives one-day notice. IDG News Service. Moteff, J. (2006, September 14). Critical infrastruc-
Retrieved May 2, 2007 from http://www.infoworld. ture: The national asset database. (CRS Report for
com/article/04/10/01/HNchiefresigns_1.html? Congress, RL33648). Washington, DC: Congressio-
DISASTER%20RECOVERY nal Research Service.
Howarth, D. (2000). Discourse. Buckingham, England: Moteff, J. (2007, March 13). Critical infrastructures:
Open University Press. Background, policy, and implementation (Congres-
Hundley, R. O. & Anderson, R. H. (1997). Emerging sional Research Report for Congress, RL30153).
challenge: Security and safety in cyberspace. In J. Washington, DC: Congressional Research Service.
Arquilla & D. Ronfeldt (Eds.), In Athena’s camp: Mueller, R. S. (2003, February 11). Testimony of Rob-
Preparing for conflict in the information age (pp. 231- ert S. Mueller, III, Director, Federal Bureau of Inves-
Downloaded by [University of Otago] at 01:51 01 September 2014
252). Santa Monica, CA: RAND. tigation before the Select Committee on Intelligence
Ingles-le Nobel, J. J. (1999, October 21). Cyberterrorism of the United States Senate Washington. In Current
hype. Jane’s Intelligence Review. Retrieved May 3, and projected national security threats to the United
2007 from http://212.111.49.124/cyberterror/resources/ States: Hearing before the Select Committee on In-
janes/jir0525.htm telligence of the United States Senate, One Hundred
Jacoby, L. (2003, February 11). Statement for the record Eighth Congress, First Session (pp. 31-47). Wash-
of Vice Admiral Lowell E. Jacoby, USN, Director, ington, DC: Government Printing Office. Retrieved
Defense Intelligence Agency before the Senate Se-
May 3, 2007 from http://purl.access.gpo.gov/
lect Committee on Intelligence. In Current and pro-
GPO/LPS42906
jected national security threats to the United States:
National Academy of Sciences (NAS), Computer Sci-
Hearing before the Select Committee on Intelligence
ence and Telecommunications Board (1991). Com-
of the United States Senate, One Hundred Eighth
puters at risk: Safe computing in the information age.
Congress, First Session (pp. 48-67). Washington, DC:
Washington, DC: National Academy Press.
Government Printing Office. Retrieved May 3, 2007
National Infrastructure Protection Center (NIPC).
from http://purl.access.gpo.gov/GPO/LPS42906
Joint Security Commission (JSC). (1994, February 28). (2002, 30 January). Terrorist interest in water supply
Redefining security: A report to the Secretary of De- and SCADA systems. Information Bulletin 02-001.
fense and the Director of Central Intelligence. Wash- Nelson, B., Choi, R., Iacobucci, M., Mitchell, M., &
ington, DC: US Government Printing Office. Gagnon, G. (1999). Cyberterror: Prospects and im-
Kolet, K. S. (2001). Asymmetric threats to the United plications. White Paper prepared for the Defense In-
States. Comparative Strategy, 20, 277-292. telligence Agency Office for Counterterrorism
Kristensen, K. S. (in press). ‘The absolute protection of Analysis. Monterey, CA: Center for the Study of
our citizens’: Critical infrastructure protection and Terrorism and Irregular Warfare (CSTIW).
the practice of Security. In M. Dunn Cavelty & K. S. Nicander, L. & Ranstorp, M. (Eds.). (2004). Terrorism
Kristensen (Eds.), The politics of securing the home- in the information age–New frontiers? Stockholm:
land: Critical infrastructure, risk and securitisation. Swedish National Defense College.
London: Routledge. Oliver, P. E. & Johnston, H. (2000). What a good idea:
Lacey, M. (2000, December 9). Clinton gives a final for- Frames and ideologies in social movements research.
eign policy speech. The New York Times. Mobilization, 5, 37-54.
Latham, R. (Ed.). (2003). Bombs and bandwidth: The Pollitt, M. M. (1997). Cyberterrorism–Fact or fancy?
emerging relationship between IT and security. New Proceedings of the 20th National Information Sys-
York: The New Press. tems Security Conference, 1997, 285-289. Retrieved
Lewis, J. A. (2002, December). Assessing the risks of May 3, 2007 from http://csrc.nist.gov/nissc/1997/
cyber-terrorism, cyber war and other cyber threats. proceedings/nissc97.zip
Washington, DC: Center for Strategic and Interna- Poulsen, K. (1999, September 8). Info war or electronic
tional Studies. Retrieved May 3, 2007 from http:// sabre rattling? ZDNet. Retrieved May 3, 2007 from
www.csis.org/media/csis/pubs/021101_risks_of_ http://news.zdnet.com/2100-9595_22-515631.html?
cyberterror.pdf legacy=zdnn
Loader, B. D. (1997). The governance of cyberspace: President’s Commission on Critical Infrastructure Pro-
Politics, technology, and global restructuring. In B. tection (PCCIP). (1997). Critical foundations: Pro-
D. Loader (Ed.), The governance of cyberspace tecting America’s infrastructures. Washington, DC:
(pp. 1-19). London and New York: Routledge. Government Printing Office.
Myriam Dunn Cavelty 35
Rathmell, A., Overill, R., Valeri, L., & Gearson, J. Tenet, George J. (1998, June 24). Testimony by Director
(1997, June). The IW threat from sub-state groups: of Central Intelligence George J. Tenet before the
An interdisciplinary approach. Paper presented at the Senate Committee on Government Affairs. Retrieved
Third International Symposium on Command and May 3, 2007 from http://www.fas.org/irp/congress/
Control Research and Technology, Institute for Na- 1998_hr/980624-dci_testimony.htm
tional Strategic Studies–National Defense Univer- Tenet, George J. (1999, February 2). Statement of the
sity, Washington, DC. Retrieved May 8, 2007 from Director of Central Intelligence George J. Tenet As
http://www.kcl.ac.uk/orgs/icsa/Old/terrori.html Prepared for Delivery Before the Senate Armed Ser-
Reus-Smit, C. (1996). The constructivist turn: Critical vices Committee Hearing on Current and Projected
theory after the Cold War. (Working Paper No. National Security Threats.. Retrieved May 3, 2007
1996/4). Canberra: Australian National University. from https://www.cia.gov/cia/public_affairs/speeches/
Ryan, C. (1991). Prime time activism: Media strategies 1999/ps020299.html
for grass roots organizing. Boston: South End Press. Tenet, George J. (2000, February 2). The Worldwide
Schwartau, W. (1994). Information warfare. Cyber- Threat in 2000: Global Realities of Our National Se-
terrorism: Protecting your personal security in the curity. Statement by Director of Central Intelligence
electronic age (2nd ed.). New York: Thundermouth George J. Tenet Before the Senate Select Committee
Press. on Intelligence. Retrieved May 3, 2007 from https://
Downloaded by [University of Otago] at 01:51 01 September 2014
Vatis, M. A. (2001). Cyber attacks during the war on ter- Weimann, G. (2004a, March). www.terror.net. How
rorism: A predictive analysis. (Working Paper). modern terrorism uses the Internet. (United States
Hanover: Institute for Security Technology Studies at Institute of Peace, Special Report 116).Washington,
Dartmouth College. Retrieved May 3, 2007 from DC: United States Institute of Peace.
http://www.ists.dartmouth.edu/analysis/cyber_a1.pdf Weimann, G. (2004b). Cyberterrorism–How real is the
Verton, D. (2004, October 1). Nation’s cybersecurity threat? (United States Institute of Peace, Special Re-
chief abruptly quits DHS post: ‘I’m not a long-term port 119). Washington, DC: United States Institute
government kind of guy,’ says Amit Yoran. of Peace.
Computerworld. Retrieved May 3, 2007 from Wilson, C. (2003, October 17). Computer Attack and
http://www.computerworld.com/managementtopics/ Cyber-terrorism: Vulnerabilities and Policy Issues
management/story/0,10801,96369,00.html for Congress (CRS Report for Congress, RL32114).
Wæver, O. (1995). Securitization and desecuritization. Washington, DC: Congressional Research Service.
In R. Lipschutz (Ed.), On security (pp. 46-86). New Wilson, T. R. (2000, February 2). Military threats and
York: Columbia University Press. security challenges through 2015. Statement before
Wallace, C. (2002, September 16). Will next terror at- the Senate Select Committee on Intelligence given by
tack be electronic? Experts fear terrorists may attack Vice Admiral Thomas R. Wilson Director, Defense
through cyberspace. ABC News.com. Retrieved May Intelligence Agency. Retrieved May 3, 2007 from
Downloaded by [University of Otago] at 01:51 01 September 2014
doi:10.1300/J516v04n01_03