Professional Documents
Culture Documents
EDWARD MCDONALD
Brno 2018/2019
1
ENERGY SECURITY IN THE AGE OF INTERCONNECTION: CYBER-THREAT
FRAMING IN BRITISH POLITICAL DISCOURSE
Bibliographic Record
1
ENERGY SECURITY IN THE AGE OF INTERCONNECTION: CYBER-THREAT
FRAMING IN BRITISH POLITICAL DISCOURSE
Abstract
2
ENERGY SECURITY IN THE AGE OF INTERCONNECTION: CYBER-THREAT
FRAMING IN BRITISH POLITICAL DISCOURSE
Statutory Declaration
I hereby declare that I have written the submitted Master's Thesis con-
cerning the topic of Energy Security in the Age of Interconnection:
Cyber-threat Framing in British Political Discourse independently.
All the sources used for the purpose of finishing this thesis have been
adequately referenced and are listed in the Bibliography.
.......................................
Edward
McDonald
1
ENERGY SECURITY IN THE AGE OF INTERCONNECTION: CYBER-THREAT
FRAMING IN BRITISH POLITICAL DISCOURSE
Acknowledgements
Table of Contents
1 Introduction 10
2 Literature Review 11
3 Theoretical Framework 16
4 Methodology 20
7 Conclusion 43
Bibliography 46
Appendix A Codebook 51
Appendix B Results 63
Appendix C Frames 75
6
LIST OF TABLES AND FIGURES 7
Figure 1 26
Figure 2 26
Figure 3 28
Figure 4 29
Figure 5 30
Figure 6 30
Figure 7 31
Figure 8 31
Figure 9 34
Figure 10 34
Figure 11 35
Figure 12 35
8 LIST OF ABBREVIATIONS AND ACRONYMS
CI – Critical infrastructure
EU – European Union
IT – Information technology
MP – Member of (British) Parliament
NATO – North Atlantic Treaty Organisation
NHS – National Health Service
OPEC – Organisation of Petroleum Exporting Countries
PrS – Private sector
PuS – Public sector
Ransomware – Malicious software that encrypts the victim’s digi-
tal data, preventing access until a specified ran-
som is paid
RQ – Research question
UK – United Kingdom of Great Britain and Northern Ire-
land
UN – United Nations
US – United States of America
WannaCry – The name of a 2017 cyber-attack on the British
National Health Service, publicly claimed to have
originated in North Korea, which significantly hin-
dered the operation of the state healthcare pro-
vider
8
INTRODUCTION
1 Introduction
without good reason: Cyber-attacks in 2015 and 2016 directly and suc-
cessfully targeted industrial control systems in sections of Ukraine’s
electricity grid, in both cases causing blackouts to thousands of residents
for over an hour in mid-winter (Greenberg, 2017; World Energy Council,
2016). While the UK has yet to sustain a serious cyber-attack on its en-
ergy infrastructure, an intrusion into the Irish grid was discovered in
2017 weeks after a successful ransomware attack on the British NHS sig-
nificantly disrupted the provision of public healthcare. Clearly, the pace
and profundity of change is posing existential questions for legislators.
Have politicians heeded these warning signs?
Mobilising an appropriate and effective response to cyber-threats
necessitates establishing a common understanding of the nature of the
threat (Arquilla & Ronfeldt, 1997). This research explores the construc-
tion of this common understanding of the nature of cyber-threats in UK
political discourse leading up to the publication of the first report on the
Cyber Security of the UK’s Critical National Infrastructure in November
2018 (Joint Committee on the National Security Strategy, 2018). This re-
search seeks to map the cyber-threat landscape in recent UK political dis-
course by answering the following research questions. What were the
most common danger descriptions, enablers of harm, referent objects
and remedial measures proclaimed in the discourse? What frames dom-
inated the discourse? Can any securitising moves or riskifying moves be
observed in the discourse?
10
LITERATURE REVIEW
2 Literature Review
12
LITERATURE REVIEW
securitisation in the US. Bendrath (2001) was among the first to note
how the lack of knowledge about both previous attacks and the capabil-
ities available to different actors reduces threat evaluation to guesswork,
enabling actors to propagate rival threat constructions based on their
own interests. The research presents US cyber-threat framing as an ex-
ample of successful securitisation, but one in which the original framing
as a military-security issue has since lost potency and devolved into a
sub-national issue for law enforcement and self-help. Though this is still
somewhat true, other authors have claimed that the most serious cyber-
attacks are increasingly converging around traditional geopolitical rival-
ries and are often concurrent with diplomatic or armed conflict in the
analogue world (Healey, 2013).
Along these lines, Cavelty (2008) found a cyber-terrorism frame to
be dominant in US discourse, showing that danger from cyber-terrorism
is perceived to result from insufficient understanding of the complex un-
derlying interdependencies between the constituent elements of infor-
mation infrastructure, as well as the vulnerabilities these interdepend-
encies create. These vulnerabilities threaten the information infrastruc-
ture that has become critical to virtually every sphere of human activity.
Threats were primary constructed as being targeted at US information
infrastructure itself, while the referent object, or target of attack, was
most often US society. The threat subject was predominantly found to be
an unspecified actor outside US territory. Cavelty’s research holds that
the critical infrastructure protection frame likely failed due to its weak
prognostic element, in which measures aimed at managing business risk
prevailed despite abundant security rhetoric. This is attributed to “85%
to 95% of the US critical infrastructures and key assets” being under pri-
vate ownership (Cavelty, 2008, p.30). Cavelty attributes this to desecu-
ritisation but stops short of a full exposition of the interplay between
desecuritisation and risk logic.
Cavelty (2007) holds that state actors possess greater offensive
cyber-capabilities and therefore pose a greater threat than non-state ac-
tors. The identity of a threat subject largely informs whether a state’s re-
sponse to a threat or attack is manifested in military measures, law en-
forcement measures or procedural reforms. A useful distinction is drawn
between the physical elements of information infrastructure – electronic
devices and communication networks – and the intangible elements of
information infrastructure, the information that flows over the networks
LITERATURE REVIEW
and the services and knowledge that are rendered from this information.
Both may be the vehicle as well as the object of an attack.
Bendrath, Eriksson & Giacomello (2007) echoes Cavelty’s conclu-
sions that a cyber-terrorism threat frame to critical infrastructure has
dominated US discourse ahead of cyber-war and cyber-crime frames. It
also discusses metaphors of an electronic Pearl Harbor prevalent in US
cyber-threat discourse at the end of the 1990s (Lawson & Middleton,
2019). It concludes that the terrorism frame dominant in the 1990s was
overtaken by a cyber-conflict or war frame at the end of the 1990s, of
which states were the main threat subjects. The 2001 attacks briefly re-
focused attention on cyber-terrorists but ultimately “the destruction of
bits and bytes never directly killed anybody” (p.77-78) and therefore a
logic of technical resilience replaced the dominance of threat subjects in
the discourse.
Friis & Reichborn-Kjennerud (2016) was among the first research
to apply risk theory to cyber-threats. It notes that the military only has
purview over its own networks, while the cyber-space in which most hu-
man activity occurs is overseen by civilian bodies, relegating cyber-
threats to the secondary logic of risk. A greater role is foreseen for the
physical networks and risk theory is found to be better suited to explain-
ing the routine, daily governance practices undertaken in service of
cyber-security as well as the more permanent nature of the threat of
cyber-attacks.
14
THEORETICAL FRAMEWORK
3 Theoretical Framework
There are clear parallels between framing theory and the Copenhagen
School of securitisation theory constructivist approach to threats. Rych-
novská contends that, “[i]f successfully securitized,[…]threat frames be-
come a part of the situated discourse and can be further used as a refer-
ence in the future process of threat framing” (2014, p.18). The Copenha-
gen School holds that security comes into existence by a threat being con-
structed as existential by a securitising actor. Issues are generally framed
on a scale from mere politicisation to radical securitisation. Issues be-
come securitised when a securitising actor performs a speech act, seek-
ing to persuade an audience to accept the existence of the purportedly
existential threat to a specified referent object and therefore to accept
the implementation of exceptional measures to counter the threat. Such
exceptional measures that contravene the normal rules of the political
system are accepted as legitimate as they protect and preserve the exist-
ence of that system. Conditions facilitating a securitisation attempt are
the specific security grammar at play, the positional power of the actor
and pre-existing public knowledge about threats. According to the Co-
penhagen School, the most common referent objects have hitherto been
constructs such as the state or national security (Buzan, Wæver & de
Wilde, 1998; Buzan & Wæver, 2003; Heinrich & Szulecki, 2018).
This research draws on subsequent theoretical refinement of the
Copenhagen School approach in order to address some of its shortcom-
ings and depart from solid theoretical ground. The conception of securit-
isation as a static speech-act event and as an intersubjective process of
constructing meaning has been highlighted (Stritzel, 2007; Balzacq,
2010; Balzacq et al, 2010; Watson, 2012). Stritzel in particular criticises
the facilitating conditions as conflicting with the predominantly internal-
ist conception of the static speech act. Cavelty laments the ambiguity con-
cerning “which audience has to accept what argument, to what degree,
and for how long” (2007, p.26). The difficulty of distinguishing between
16
THEORETICAL FRAMEWORK
18
THEORETICAL FRAMEWORK
RQ1: What were the most common threats and risks, referent ob-
jects, harm enablers and remedial measures leading up to the pub-
lication of the Cyber Security of the UK’s Critical National Infra-
structure report on 19 November 2018?
4 Methodology
4.1 Operationalisations
20
METHODOLOGY
22
METHODOLOGY
Hall and in Lords Grand Committees over the selected time period, yield-
ing a high number of relatively homogenous sampling units (Krippen-
dorff, 2018; Della Porta & Keating, 2008).
As only a minority of this population of British parliamentary docu-
ments will pertain to the research focus on cyber-threats, this research
employs Krippendorff’s relevance sampling, selecting only those sam-
pling units with relevance to cyber-threats (Krippendorff, 2018). Data
were retrieved using the Search parliamentary material function on the
UK Parliament website, selecting only the 2016-17 and 2017-19 Parlia-
mentary Sessions and selecting only the document types listed above. A
key-word search was performed for results including the terms cyber
and security, as well as at least one of the terms risk, threat, attack, de-
fence, defend, mitigate, mitigation, manage, management and infrastruc-
ture. Selection of search terms is clearly the methodological decision
with the greatest potential to bias the results. This research endeavoured
to include only the broadest terms and an equal number of securitisation
and riskification terms in order to avoid bias towards one element of the
theoretical framework. Threat, attack (acting as both a verb and a noun),
defence and defend were included as key securitisation terminology. Risk,
mitigate, mitigation, manage and management were included as key risk-
ification terminology. The search yielded over 500 hits in 174 discrete
documents. Of these documents, those that contained the word ‘cyber’
fewer than six times were screened for relevance to cyber threats, lead-
ing to the exclusion of 59 documents on unrelated topics such as the
online ivory trade, shipbuilding and cyber-bullying, or where cyber-is-
sues were merely referenced in passing. From a chronological list of the
resulting 119 documents, the first of every two documents was selected.
This sampling method yielded a manageable sample of 60 documents,
encompassing the whole time period under study. As Parliament gener-
ally sits for five days each week, the choice of an even sampling number
prevents overlap with the odd number of sitting days to ensure docu-
ments from all sitting days of the week are equally represented (Krip-
pendorff, 2018).
vivo coding. Attribute coding is performed during the first coding cycle
to record basic information about each document to aid comparison,
such as the party affiliation of a particular speaker or different discur-
sive-performative settings (such as debates or questions; House of Com-
mons or Lords). During the first cycle, specific codes are also applied to
the substantive content of the documents using in vivo (verbatim) cod-
ing, seeking to avoid categorising statements in securitisation or riskifi-
cation terms during the first cycle. This wide variety of specific codes is
then consolidated through pattern coding in the second cycle which
seeks to group the highly differentiated first-cycle coding results into 80-
100 codes that can be grouped into themes based around the theoretical
framework and operationalisations of securitising and riskifying moves
in order to quantitatively summarise trends in the discourse (Saldana,
2015). The codebook is presented in Appendix A.
Frames are then be outlined based on the codes, themes and quali-
tative evaluation recorded during the coding process. A minority of codes
that clearly overlap more than one frame is excluded so as to avoid bias-
ing one frame over another. This is demonstrated in Appendix C.
Finally, securitising and riskifying moves are identified according to
the operationalised criteria and by a process of elimination. First, all
statements are excluded that had any of the four coding categories coded
as unspecified in order to include only statements that specified all four
elements of Danger Description, Harm Enabler, Referent Object and Re-
medial Measures. Securitising statements meeting the operationalised
criteria of specifying threat subjects as Harm Enablers and a specific ex-
ternal threat as a Danger Description are separated from riskifying state-
ments that meet the operationalised criteria of specifying constitutive
conditions as a Harm Enabler and the infliction of specific harm as a Dan-
ger Description.
24
RESULTS AND OBSERVATIONS
The single most striking datum among the individual categories is the
interval by which Russia is the leading Harm Enabler code, a clear case
of an external threat subject of securitisation theory. Russia was invoked
103 times (Figure 1) while the next-most-common specified Harm Ena-
bler, non-state cyber-criminals, was invoked a mere forty-three times.
Although not necessarily external to the UK, criminals are considered
threat subjects as they are fundamentally animate (human) actors that
enact threats and cannot be considered constitutive conditions. Com-
pared to Russia, China was largely neglected as a threat subject in the
discourse, only slightly more prominent than North Korea, the latter be-
ing publicly attributed with the high-profile WannaCry ransomware
cyber-attack on the NHS in 2017. Unspecified states were cited as threat
subjects on a further seventeen occasions, while terrorists were cited as
Harm Enablers a mere four times. There was a wider variety of constitu-
tive conditions compared to threat subjects in the Harm Enabler cate-
gory, evidenced by the flatter distribution of code frequencies in Figure
2.
RESULTS AND OBSERVATIONS
60
50 43
40
30
20 17 12
10 8 7 5 4 2 2 1
0
10 9 9 9
8 7 7
6 6
6 5 5
4 3 3
2 2 2
2 1 1 1 1
0
26
RESULTS AND OBSERVATIONS
Of all coding categories, a Referent Object was specified most often in the
statements coded. National security was the most commonly perceived
target of attacks by a considerable margin, followed by domestic political
institutions and processes and British businesses. Military defence sys-
tems gained some discursive traction but the Referent Object category is
conspicuously populated by a higher number of civilian Referent Objects
than military ones, such as political institutions, economic concerns and
critical infrastructure. Critical infrastructure was cited a combined forty-
nine times, making it among the most common civilian Referent Object.
Energy infrastructure was only mentioned among other elements of in-
frastructure as such its occurrences were mostly coded as “CI – General”.
40 17
20
0
Referent Objects
139
140
120
100
Frequency
80
60
32 27
40 19 17 17 16 13 12 12
20 7 6 6 4 4 4 2
0
28
RESULTS AND OBSERVATIONS
Danger Descriptions
0 10 20 30 40
Frequency
Figure 5 All Danger Description codes with frequency>10
Remedial Measures
Public-private cooperation 11
International cooperation 12
Continued EU cooperation 14
Existing government spending under NCSS 20
Increase focus on cyber skills training 21
Improve cyber resilience 22
Greater law enforcement powers 24
Cyber as defence spending priority 25
0 5 10 15 20 25 30
Frequency
35
30
25
FREQUENCY
20
15
10
35
30
25
Frequency
20
15
10
30
RESULTS AND OBSERVATIONS
The most telling pattern in the data is the overlap of national security and
different Harm Enablers. National security reached a climax in July 2016
leading up to the vote in the House of Commons on whether to renew the
UK’s nuclear deterrent submarine programme. Only utterances with
cyber-relevance were coded in the research and this reflects politicians’
anxieties about the vulnerabilities of nuclear command-and-control sys-
tems to cyber-attack. There is a notable parallel between mentions of
Russia and national security from the end of 2017 until late-2018. This
coincided with the poisoning of two Russian citizens in Salisbury, evalu-
ated further in the discussion section. Although the WannaCry ransom-
ware attack on the NHS in May 2017 was mentioned, as evidenced by the
modest peak in Critical Infrastructure mentions around that time, there
was no equivalent peak for North Korea as a Harm Enabler, despite pub-
lic accusations of North Korean involvement. The final peak in late-2018
is attributable to a gradual increase in focus of parliamentary attention
on cyber-threats which culminated in a lengthy debate on the subject in
October 2018.
32
RESULTS AND OBSERVATIONS
Codes by Frame
450
400 27
350
Cumulative Code Frequency
55
13 Referent Objects
300
42 74
250 Remedial Measures - Governing
Frame
Figure 9 Code frequency by category for each frame
34
RESULTS AND OBSERVATIONS
A total of two securitising and five riskifying moves were identified in the
discourse according to the operationalised criteria. Critical to establish-
ing securitising moves is the assessment of whether the Remedial
Measures called for would break existing political rules. Only two state-
ments suggested measures that called for breaking traditional political
rules. Full quotations of securitising and riskifying moves are provided
in Appendix D.
36
RESULTS AND OBSERVATIONS
38
RESULTS AND OBSERVATIONS
Lord Arbuthnot contends that the Harm Enabler is the insufficient pri-
vate-sector action to secure networks and supply chains against cyber-
attack (constitutive conditions), leaving them vulnerable to data theft by
cyber-criminals (Danger Description). He proposes an annual audit of
cyber-security measures and practices (Remedial Measure) to govern
the conditions of business inaction and protect businesses (Referent Ob-
ject), to “gradually begin to address the issue of cybersecurity” to reduce
risk gradually by governing it over a longer policy horizon (Hansard, 06
February 2017, col 1559-60).
INTERPRETATION AND DISCUSSION
This section interprets the results and advances several arguments evi-
dent from the results which contribute to further understanding of the
field.
40
INTERPRETATION AND DISCUSSION
and the UK, the UK’s strategic ambitions and fears concerning Russia
found renewed expression following the much-publicised ‘Salisbury In-
cident’ in 2018, in which the parties held responsible for the poisoning
of a former Russian intelligence officer and his daughter with a nerve
agent were publicly linked to the Russian state. This incident added to
the presumption of Russia’s intention to threaten the UK, adding to. It
comprised no cyber-component itself, which renders the repeated refer-
ences to perceived Russian cyber-machinations in its aftermath an all-
the-more pertinent indicator of the perceived virility and imminence of
cyber-threats within the hierarchy of threats to the UK’s national secu-
rity. This supports constructivist approaches to the external context in
securitisation theory as it clearly builds upon the “pre-existing body of
socially constructed knowledge” (Watson, 2012, p.294) already assigned
to Russia in the public consciousness by successful threat framing in past
discourse and therefore provides further evidence in favour of Stritzel’s
“distinct linguistic reservoir” or Salter’s “local regime of truth” upon
which discourse can draw when constructing meaning (Stritzel, 2007,
p.369; Salter, 2008, p.322; Watson, 2012; Buzan, Wæver & de Wilde,
1998). The clear dominance of Russia as a Harm Enabler furthermore
questions suggestions in existing literature that non-state actors will
gain more prevalence in cyber-threat framing as the boundaries between
conflict and war become increasingly blurred (Bendrath et al 2007;
Cavelty, 2007).
42
CONCLUSION
7 Conclusion
44
BIBLIOGRAPHY
Bibliography
46
BIBLIOGRAPHY
48
BIBLIOGRAPHY
Appendix A Codebook
52
APPENDIX A CODEBOOK
Constitutive
conditions - Lack of technical
lack of knowledge - Lack of relevant know-how and skills in private-
technical businesses/private sector organisations to ensure cyber-security
knowledge - sector
businesses
Lack of relevant know-how and skills in
CC - LTK - Lack of technical
military/intelligence sectors to ensure cyber-
military knowledge - military
security of military systems
Constitutive
conditions -
Lack of capabilities -
lack of Lack of military “cyber-weapons”, offensive
military cyber-
capabilities - capabilities and defensive procedures/practices
defence/offence
military cyber
def/off
Constitutive
conditions -
lack of Lack of capabilities - Lack of appropriate and necessary legal powers
capabilities - legal enforcement for police, cyber-crime units and other
legal powers enforcement agencies
enforcement
powers
Constitutive
conditions - Lack of capabilities -
lack of traditional
Traditional/existing military defence capabilities
capabilities - capabilities
unable to deal with modern cyber-threats
traditional cap ineffective against
ineffective v cyber
cyber
Constitutive
conditions - Insufficient market Insufficient digital market regulation to secure
insufficient regulation public online economy
market
Constitutive
conditions - Lack of capabilities -
Insufficient focus on cyber-skills training in
lack of cyber skills in
national curriculum and higher
capabilities - national
education/vocational training schemes
education/skill education/training
s training
54
APPENDIX A CODEBOOK
Constitutive
conditions - Lack of cooperation UK co-operation bi- or
Lack of cooperation
lack of multilaterally or through international
- international
cooperation - organisations
internationally
Civilian -
Critical
critical Telecommunications and information
infrastructure -
infrastructure - technology infrastructure as critical
information/teleco
information/tel infrastructure
ms
ecoms
Civilian -
Critical
critical Future transport infrastructure e.g.
infrastructure -
infrastructure - autonomous vehicles as critical infrastructure
transport
transport
Civilian - public Public Ability of public-sector bodies to perform state
sector/govt sector/government services more generally, e.g. ability of
functions functions parliament to meet
Civilian -
Public & private
public+private Combination of public and private organisations
organisations
organisations
Specifically small and medium-size enterprises
Civilian - SME SME
and the self-employed
International stability and order in the form of
State-level -
Rules-based an international system of interaction based on
rules-based int
international order an established consensus of acceptable state
order
behaviour
State-level - int International
International alliances/organisations such as
alliances/organ alliances/organisati
NATO or the EU
isations ons
Military/intellig
National defence Ability to successfully ensure national defence,
ence - defence
Military/stat systems e.g. nuclear deterrent
systems
e
Other - general
General invocation A general but explicit invocation of national
national
of national security security
security
Where defending national security was implied
Unspecified - by a combination of the debate context (e.g.
implicit Implicit national NATO, nuclear deterrent, defence) and the
national security speaker used security language such as
security “defend” or “protect” but without explicitly
saying “national security”
56
APPENDIX A CODEBOOK
58
APPENDIX A CODEBOOK
60
APPENDIX A CODEBOOK
62
APPENDIX B RESULTS
Appendix B Results
Danger Descriptions
Danger Descriptions
0 10 20 30 40
Frequency
Figure 5 All Danger Description codes with frequency>10
64
APPENDIX B RESULTS
Harm Enablers
Harm Enablers Count
Russia 103
Unspecified 79
Criminals 43
Outdated military technology 19
Unspecified state(s) 17
Rapid technological change 13
State + non-state combination 12
Lack of technical knowledge - businesses/private sector 9
Poor private-sector security practice 9
Lack of technical knowledge - public sector bodies 9
China 8
North Korea 7
Lack of technical knowledge - military 7
Lack of capabilities - military cyber-defence/offence 7
Lack of capabilities - legal enforcement powers 6
Lack of capabilities - traditional capabilities ineffective against cyber 6
Unspecified threat subject 5
Insufficient market regulation 5
Lack of capabilities - cyber skills in national education/training 5
Terrorists 4
Lack of business-government cooperation 3
Lack of cooperation - international 3
Poor passwords 2
Unspecified cyber vulnerabilities 2
Non-state actors - multiple 2
Hackers 2
Government cannot defend UK alone 2
Legislation too complex 1
Daesh/ISIS/ISIL 1
Total security impossible 1
Lack of UK-EU cooperation 1
Foreign infrastructure ownership 1
Grand Total 394
APPENDIX B RESULTS
20
15
10
5
0
State Non-state
66
APPENDIX B RESULTS
APPENDIX B RESULTS
10 9 9 9
8 7 7
6 6
6 5 5
4 3 3
2 2 2
2 1 1 1 1
0
60
50 43
40
30
20 17 12
10 8 7 5 4 2 2 1
0
68
APPENDIX B RESULTS
Referent Objects
70
APPENDIX B RESULTS
Referent Objects
139
140
120
100
Frequency
80
60
32 27
40 19 17 17 16 13 12 12
20 7 6 6 4 4 4 2
0
Remedial Measures
40 17
20
0
APPENDIX B RESULTS
72
APPENDIX B RESULTS
Remedial Measures
Public-private cooperation 11
International cooperation 12
Continued EU cooperation 14
Existing government spending under NCSS 20
Increase focus on cyber skills training 21
Improve cyber resilience 22
Greater law enforcement powers 24
Cyber as defence spending priority 25
0 5 10 15 20 25 30
Frequency
APPENDIX B RESULTS
35
30
25
FREQUENCY
20
15
10
35
30
25
Frequency
20
15
10
74
APPENDIX C FRAMES
Appendix C Frames
Sum of Code Frequency by Frame
Danger Description Harm Enabler Referent Object Remedial Measures Grand Total
War Frame 105 203 27 68 403
Russia 103 103
Cyber-vulnerabilities of traditional defence 27 27
Cyber as defence spending priority 25 25
State-sponsored cyber-attack 25 25
State-led international cyber conflict 19 19
Outdated military technology 19 19
Unspecified state(s) 17 17
National defence systems 17 17
State-led cyber- and kinetic attack 13 13
State + non-state combination 12 12
International cooperation 12 12
China 8 8
Channelling funds away from conventional 8 8
Lack of capabilities - military cyber-defence/offence 7 7
Lack of technical knowledge - military 7 7
North Korea 7 7
Rules-based international order 6 6
Lack of capabilities - traditional capabilities
ineffective against cyber 6 6
Cyberspace as new sphere of conflict 5 5
Maintain nuclear deterrent 5 5
Cyber tier 1 national security threat 5 5
Unspecified threat subject 5 5
International alliances/organisations 4 4
Increase NATO powers (U) 4 4
Terrorists 4 4
Maintain strong conventional defence force 4 4
Improve interstate relations 3 3
Ditch nuclear deterrent 3 3
Asymmetric cyber-threat 3 3
establish international cyber-attack attribution 3 3
NATO response 2 2
Hackers 2 2
Government cannot defend UK alone 2 2
National response as armed attack 2 2
International sanctions 2 2
Non-state actors - multiple 2 2
More state cooperation (M) 1 1
Total security impossible 1 1
Daesh/ISIS/ISIL 1 1
Increase NATO powers (m) 1 1
Establish cyber deterrent 1 1
APPENDIX C FRAMES
76
APPENDIX C FRAMES
Codes by Frame
450
400 27
350
Cumulative Code Frequency
55
13 Referent Objects
300
42 74
250 Remedial Measures - Governing
Frame
Figure 9 Code frequency by category for each frame
78
APPENDIX C FRAMES
Securitising Moves
80
APPENDIX D SECURITISING AND RISKIFYING MOVES
Riskifying Moves
Riskifying move 3 Sir Simon Burns, Conservative, Investigatory Powers Bill Com-
mons debate II
“We must ensure that the powers that we give to our police and security agencies
[…] are also fit for purpose. Terrorists and other threats to my constituents’
safety are constantly evolving and adapting their techniques to trump the safety
system. They do not want to get caught, they want to catch us out, and that is why
we must be prepared to adapt our rules to keep pace with technology. We cannot
use an analogue approach to tackling criminals in a digital age. Such an atti-
tude just is not safe, and I am not prepared to go back to Chelmsford and explain
to my constituents there and in Great Baddow, Chelmer Village, Beaulieu Park
and Old Moulsham that I was not prepared to support measures designed to make
APPENDIX D SECURITISING AND
RISKIFYING MOVES
them all more secure. […] [W]e need these proposals […] to help our police and
security agencies to better identify the internet activity of potential threats, and
indeed victims of crime, so they can do their jobs more quickly and effectively.
[…] The Bill is about protecting those rights – the right to be irreverent or to dis-
agree, the right to surf the net without being at risk from those who would do us
harm. The Government […] have considered carefully, and we should be careful
not to assume that our police and security agencies do not need these powers as
amended, with the new safeguards that have been promised today.”
(Hansard, 20 De-
cember 2017, col 2180)
82
APPENDIX D SECURITISING AND RISKIFYING MOVES
(Hansard, 06 Febru-
ary 2017, col 1559-60)
APPENDIX E SAMPLED DOCUMENTS
Commons,
53
84
APPENDIX E SAMPLED DOCUMENTS
List of Documents
86
APPENDIX E SAMPLED DOCUMENTS
60
50
40
30
20
10
0