Ed McDonald MA - Thesis - Cyber-Threat - Framing - in - UK - Discourse

FACULTY OF SOCIAL STUDIES
Energy Security in the

Age of Interconnection:
Cyber-threat Framing in
British Political
Discourse
Master's Thesis
EDWARD MCDONALD
Supervisor: Mgr. Lukáš Lehotský, Ph.D.
Department of International Relations and European

Studies
Energy Security Studies
Brno 2018/2019
1
ENERGY SECURITY IN THE AGE OF INTERCONNECTION: CYBER-THREAT
FRAMING IN BRITISH POLITICAL DISCOURSE
Bibliographic Record
Author: Edward McDonald

Faculty of Social Studies, Masaryk University
Department of International Relations and
European Studies
Title of Thesis: Energy Security in the Age of Interconnection:
Cyber-threat Framing in British Political Dis-
course
Degree Programme: Energy Security Studies
Supervisor: Mgr. Lukáš Lehotský, Ph.D.
Academic Year: 2018/2019
Number of Pages: 87
Keywords: Cyber-security, energy, supply, security, critical
infrastructure, securitisation, risk, framing, dis-
course
1
Abstract
While rapid digitisation of electricity grids, critical infrastructure and in-

dustrial control systems increases resource allocation efficiency, the in-
creasing interconnection of critical infrastructure together with the
gradual suffusion of technological advances such as the Internet of
Things and machine learning all multiply vulnerability to hugely damag-
ing cyber-attacks. The number of attacks on critical infrastructure has
increased sharply in the last fifteen years, with recent examples of suc-
cessful attacks on Ukrainian electricity grids resulting in blackouts of
several hours for several hundred thousand people. Having formerly
been considered opportunist acts, cyber-attacks are rapidly becoming
recognised for their potential to serve a wide range of geo-political, eco-
nomic and strategic aims for state and non-state actors alike. This re-
search will employ framing analysis to explore how cyber-threats were
framed in British political discourse from the publication of the second
National Cyber Security Strategy in 2016 until the publication of the first
report on the Cyber Security of the UK’s National Critical Infrastructure
in 2018. The aim of this research is to demonstrate which actors endeav-
oured to frame cyber-threats in what ways, to discover how prominent a
role critical infrastructure played in the debate and aid preparedness for
digitised infrastructure by contributing to a better understanding of the
cyber-threat landscape.
2
Statutory Declaration
I hereby declare that I have written the submitted Master's Thesis con-
cerning the topic of Energy Security in the Age of Interconnection:
Cyber-threat Framing in British Political Discourse independently.
All the sources used for the purpose of finishing this thesis have been
adequately referenced and are listed in the Bibliography.
26 May 2019, Brno
.......................................
Edward
McDonald
1
Acknowledgements
I acknowledge the irreparable contribution that my parents, Linda and

Paul, have made to this project through their unquestioning efforts to fa-
cilitate my existence within an environment of opportunity, at liberty
from want, expectation or restraint, which will continue to provide the
fundament of this and all my academic, personal and professional
achievement. I wish also to acknowledge my friend Mariia Dubova,
whose remorselessness in the prioritisation of long-term improvement
over short-term comfort has provided that healthy motivation of those
who are perpetually one step ahead.
5
Table of Contents
List of Tables and Figures 7
List of Abbreviations and Acronyms 8
1 Introduction 10
2 Literature Review 11
3 Theoretical Framework 16
4 Methodology 20
5 Results and Observations 25
5.1 Dominant codes (RQ1) 25
5.2 Dominant frames (RQ2) 31
5.3 Securitising and riskifying moves (RQ3) 35
6 Interpretation and Discussion 40
7 Conclusion 43
Bibliography 46
Appendix A Codebook 51
Appendix B Results 63
Appendix C Frames 75
Appendix D Securitising and Riskifying Moves 80
Appendix E Sampled Documents 84

6
6
LIST OF TABLES AND FIGURES 7
List of Tables and Figures
Figure 1 26
Figure 2 26
Figure 3 28
Figure 4 29
Figure 5 30
Figure 6 30
Figure 7 31
Figure 8 31
Figure 9 34
Figure 10 34
Figure 11 35
Figure 12 35
8 LIST OF ABBREVIATIONS AND ACRONYMS
List of Abbreviations and Acronyms
CI – Critical infrastructure
EU – European Union
IT – Information technology
MP – Member of (British) Parliament
NATO – North Atlantic Treaty Organisation
NHS – National Health Service
OPEC – Organisation of Petroleum Exporting Countries
PrS – Private sector
PuS – Public sector
Ransomware – Malicious software that encrypts the victim’s digi-
tal data, preventing access until a specified ran-
som is paid
RQ – Research question
UK – United Kingdom of Great Britain and Northern Ire-
land
UN – United Nations
US – United States of America
WannaCry – The name of a 2017 cyber-attack on the British
National Health Service, publicly claimed to have
originated in North Korea, which significantly hin-
dered the operation of the state healthcare pro-
vider
8
INTRODUCTION
1 Introduction
The information revolution has engendered “two types of power shifts

[…] in this century: power transition and power diffusion. Power transi-
tion from one dominant state to another is a familiar historical event, but
power diffusion is a more novel process” (Nye, 2011, p.113). As digitisa-
tion embeds technology in the performance of essential functions of per-
sonal, social and professional life, the mechanism of this power diffusion
is essentially the characteristic of interconnection, which facilitates ac-
cess to information through digital networks. However, with new power
comes new vulnerability: That which is interconnected can be infiltrated
(Valeriano & Maness, 2018).
The energy sector is currently undergoing its own transformation.
To serve the political aim of decarbonisation, a concerted policy effort is
underway to replace fossil fuels with renewable energy sources in elec-
tricity generation and electrify non-energy sectors such as heating and
transport. To maintain grid stability under a high share of diffuse, inter-
mittent renewable electricity generation, data-driven technology such as
smart meters is increasingly being sought out to leverage the benefits of
the information revolution for energy supply security. The proliferation
of such devices and incipience of the Internet of Things in electricity grids
introduces information technology threats to a previously closed opera-
tional technology environment. Traditional grid industrial control sys-
tems are intended to serve long operational lifetimes with minimal
maintenance, while their existence in an isolated system insulates them
from threats external to that system. By contrast, information technology
is designed to exist in a highly interconnected and essentially less safe
environment in which a variety of threats necessitates individual device
security and regular software updates. The proliferation of smart meters
and other sensory equipment with low security requirements multiplies
the cyber-security vulnerabilities to which electricity grids are exposed.
This typifies the vulnerabilities created by ever-greater interconnection.
Digitisation therefore harbours new notions of energy supply secu-
rity beyond traditional conceptions of gas pipeline supplies and OPEC
production quotas, as the proliferation of smart devices multiplies po-
tential entry points into energy systems. The World Energy Council de-
clared the energy sector a prime target of cyber-attacks in 2016, not
INTRODUCTION
without good reason: Cyber-attacks in 2015 and 2016 directly and suc-
cessfully targeted industrial control systems in sections of Ukraine’s
electricity grid, in both cases causing blackouts to thousands of residents
for over an hour in mid-winter (Greenberg, 2017; World Energy Council,
2016). While the UK has yet to sustain a serious cyber-attack on its en-
ergy infrastructure, an intrusion into the Irish grid was discovered in
2017 weeks after a successful ransomware attack on the British NHS sig-
nificantly disrupted the provision of public healthcare. Clearly, the pace
and profundity of change is posing existential questions for legislators.
Have politicians heeded these warning signs?
Mobilising an appropriate and effective response to cyber-threats
necessitates establishing a common understanding of the nature of the
threat (Arquilla & Ronfeldt, 1997). This research explores the construc-
tion of this common understanding of the nature of cyber-threats in UK
political discourse leading up to the publication of the first report on the
Cyber Security of the UK’s Critical National Infrastructure in November
2018 (Joint Committee on the National Security Strategy, 2018). This re-
search seeks to map the cyber-threat landscape in recent UK political dis-
course by answering the following research questions. What were the
most common danger descriptions, enablers of harm, referent objects
and remedial measures proclaimed in the discourse? What frames dom-
inated the discourse? Can any securitising moves or riskifying moves be
observed in the discourse?
10
LITERATURE REVIEW
2 Literature Review
Although voluminous literature exists on the independent fields of fram-

ing theory, securitisation theory and cyber-security, the surprisingly lit-
tle existing literature addressing the intersection of cyber-threat framing
and securitisation has focused on US discourse. This research will briefly
synthesise only the most substantively relevant academic literature in
order to establish the point of departure.
Many authors have noted “that a combination of persistent computer

vulnerabilities and worldwide connectivity [have] placed national criti-
cal infrastructures at risk” (Geers, 2011, p.29). This has shifted cyber-se-
curity from a technical challenge on the tactical level to a strategic-level
issue particularly salient for critical energy infrastructure. As potential
entry points into interconnected electricity grids multiply with the pro-
liferation of smart devices, the task of securing large, interconnected net-
works is frustrated, while the obsolescence of the traditional ‘perimeter
security’ approach to cyber-security becomes increasingly obvious (Ara-
dau, 2010; Neville-Jones & Phillips, 2012).
Likewise, the threat landscape is evolving as the cyber-sphere
emerges as a new field into which traditional geopolitical rivalries and
conflicts are developed, comparable to the emergence of air combat prior
to the Second World War (Cavelty, 2007; Rattray, 2009; Harrop &
Matteson, 2015). The ease of planning and executing cyber-attacks in
comparison to traditional kinetic attacks empowers smaller states and
non-state actors to render an asymmetric threat to the state’s monopoly
on security (Valeriano & Maness, 2018).
Addressing securitisation in cyber-threat framing, Hansen & Nissen-

baum conceive of cyber-security as a distinct field within securitisation
scholarship, tracing its evolution from the technical concept of computer
security to the more politically charged concept of cyber-security. They
highlight the role of the private sector both in physically possessing a
significant proportion of global critical infrastructure and in holding the
most current technical knowledge. They introduce three securitisation
grammars. Hypersecuritisation refers to an extreme portrayal of threats
that cites the potential spill-over of the negative effects of a cyber-disas-
LITERATURE REVIEW
ter due to reliance on and the interconnected nature of computer net-

works. Everyday security practices link these hypothetical notions of dan-
ger with everyday situations to render them more plausible. Technifica-
tion foresees greater weight being given to expert knowledge due to the
lack of public familiarity with the rapidly developing technologies upon
which they rely (Hansen & Nissenbaum, 2009).
The sensationalising hypersecuritisation of cyber-threats and use of
war frames has been met with scepticism by several authors who have
claimed that public hysteria about previous attacks has been dispropor-
tionate to the actual substantive damage caused; that effects were acute
but short-lived, with the critical infrastructure necessary for basic socie-
tal function largely unaffected (Czosseck, Ottis & Talihärm, 2011; Law-
son, 2012). Such argumentation in existing literature often draws on psy-
chology and behavioural science to depict existing fears of the unknown,
of new technology and of a loss of control as fertile ground for the sensa-
tionalisation of “cyber-doom” (Lawson, 2012, p.1). Lawson posits that
applying a war frame to cyber-threats would demand an equally milita-
rised response to such threats, when the majority of cyber-attacks thus
far have been merely criminal in nature. De Bruijn & Janssen (2017)
stress that the complexity of digital issues renders simple message fram-
ing ineffective and that framing actors must instead rely on evidence-
based framing strategies.
Rid (2013) goes further in his critique of cyber-war frames, arguing
that cyber-attacks will never meet Clausewitz’s criteria of violent, instru-
mental and politically attributable (Clausewitz, 1998). He maintains that
interfering with an opponent’s IT systems causes disruption and strate-
gic advantage without directly taking human life and may consequently
serve to reduce rather than compliment real-life conflict. As cyber-resil-
ience increases, the difficulty of mounting successful and incisive cyber-
sabotage comparable in complexity to the Stuxnet worm, which success-
fully sabotaged Iranian nuclear reactors over a longer period of time, in-
creases sharply (Healey, 2013). Rid concludes that a war in which cyber-
weapons are the main attack vectors remains unlikely, with cyber-espi-
onage, misinformation and subversion being the most malicious forms of
cyber-activity.
Substantive content analysis of cyber-threat framing and securitisation

in political discourse has so far been conducted primarily in relation to
US political discourse, yielding healthy disagreement on the success of
12
LITERATURE REVIEW
securitisation in the US. Bendrath (2001) was among the first to note
how the lack of knowledge about both previous attacks and the capabil-
ities available to different actors reduces threat evaluation to guesswork,
enabling actors to propagate rival threat constructions based on their
own interests. The research presents US cyber-threat framing as an ex-
ample of successful securitisation, but one in which the original framing
as a military-security issue has since lost potency and devolved into a
sub-national issue for law enforcement and self-help. Though this is still
somewhat true, other authors have claimed that the most serious cyber-
attacks are increasingly converging around traditional geopolitical rival-
ries and are often concurrent with diplomatic or armed conflict in the
analogue world (Healey, 2013).
Along these lines, Cavelty (2008) found a cyber-terrorism frame to
be dominant in US discourse, showing that danger from cyber-terrorism
is perceived to result from insufficient understanding of the complex un-
derlying interdependencies between the constituent elements of infor-
mation infrastructure, as well as the vulnerabilities these interdepend-
encies create. These vulnerabilities threaten the information infrastruc-
ture that has become critical to virtually every sphere of human activity.
Threats were primary constructed as being targeted at US information
infrastructure itself, while the referent object, or target of attack, was
most often US society. The threat subject was predominantly found to be
an unspecified actor outside US territory. Cavelty’s research holds that
the critical infrastructure protection frame likely failed due to its weak
prognostic element, in which measures aimed at managing business risk
prevailed despite abundant security rhetoric. This is attributed to “85%
to 95% of the US critical infrastructures and key assets” being under pri-
vate ownership (Cavelty, 2008, p.30). Cavelty attributes this to desecu-
ritisation but stops short of a full exposition of the interplay between
desecuritisation and risk logic.
Cavelty (2007) holds that state actors possess greater offensive
cyber-capabilities and therefore pose a greater threat than non-state ac-
tors. The identity of a threat subject largely informs whether a state’s re-
sponse to a threat or attack is manifested in military measures, law en-
forcement measures or procedural reforms. A useful distinction is drawn
between the physical elements of information infrastructure – electronic
devices and communication networks – and the intangible elements of
information infrastructure, the information that flows over the networks
LITERATURE REVIEW
and the services and knowledge that are rendered from this information.
Both may be the vehicle as well as the object of an attack.
Bendrath, Eriksson & Giacomello (2007) echoes Cavelty’s conclu-
sions that a cyber-terrorism threat frame to critical infrastructure has
dominated US discourse ahead of cyber-war and cyber-crime frames. It
also discusses metaphors of an electronic Pearl Harbor prevalent in US
cyber-threat discourse at the end of the 1990s (Lawson & Middleton,
2019). It concludes that the terrorism frame dominant in the 1990s was
overtaken by a cyber-conflict or war frame at the end of the 1990s, of
which states were the main threat subjects. The 2001 attacks briefly re-
focused attention on cyber-terrorists but ultimately “the destruction of
bits and bytes never directly killed anybody” (p.77-78) and therefore a
logic of technical resilience replaced the dominance of threat subjects in
the discourse.
Friis & Reichborn-Kjennerud (2016) was among the first research
to apply risk theory to cyber-threats. It notes that the military only has
purview over its own networks, while the cyber-space in which most hu-
man activity occurs is overseen by civilian bodies, relegating cyber-
threats to the secondary logic of risk. A greater role is foreseen for the
physical networks and risk theory is found to be better suited to explain-
ing the routine, daily governance practices undertaken in service of
cyber-security as well as the more permanent nature of the threat of
cyber-attacks.
Several authors have substantively reviewed the cyber-security

measures adopted in the UK at various points since the first National
Cyber Security Strategy in 2009 (Cornish, Hughes & Livingstone, 2009;
Aradau, 2010; Neville-Jones & Phillips, 2012; Harrop & Matteson, 2015;
Christou, 2016). However, there remains a conspicuous lack of literature
on the subject since the publication of the most recent National Cyber
Security Strategy in 2016 and the more recent publication of the first re-
port on the Cyber Security of the UK’s Critical National Infrastructure in
late 2018. Even the existing literature on US cyber-threat framing fo-
cuses on the two decades following the Cold War, while the UK has re-
ceived nothing like the amount of research dedicated to the framing and
securitisation of cyber-threats in the EU and the US. This research there-
fore seeks to address this lack of recent cyber-threat framing analysis
more generally and the absence of detailed analysis of cyber-threat fram-
ing in UK discourse in particular.
14
THEORETICAL FRAMEWORK
3 Theoretical Framework
This research draws on framing theory to explain how cyber-threats

have been framed in the UK. Within framing theory it focuses on one se-
curitisation “master frame” according to Watson (2012, p.280), based on
Copenhagen School securitisation theory (Buzan, Wæver & de Wilde,
1998) modified with later contributions and combined with risk theory
(Corry, 2012) in order to reach a more externalist, processual under-
standing of securitisation that is compatible with the externalist ap-
proach of framing theory. This section will explain the choice of Entman’s
(1993; 2004) framing theory, outline its theoretical framework drawing
on various strands of securitisation theory as well as riskification theory.
Framing has long been recognised as a process of negotiating the mean-

ing of issues (Gamson et al, 1992; Benford & Snow, 2000; Eriksson, 2001;
Rychnovská, 2014). Snow & Benford (1988) established three framing
practices: diagnostic framing identifies the problem and apportions
blame; prognostic framing proposes actions or measures to redress the
identified problem and motivational framing whips up support for the
proposed course of action.
Entman (1993) elaborated further, proposing four functions of sub-
stantive framing. After certain effects or conditions are defined as being
problematic, the causes of these effects or conditions are identified.
Then, a moral judgement is conveyed and, finally, remedies are proposed
to redress the problematic effects or conditions. Not all functions must
necessarily be present for a text to constitute a framing attempt; equally,
all may appear in a single sentence. This research pursues Entman’s
more comprehensive approach, as its more precisely defined framing
functions permit more clearly defined and differentiated coding and
therefore richer data analysis. Entman (2004) distinguishes frames from
schemas, which are networks of ideas interpreted by the individual. He
generally defines framing as
[s]electing and highlighting some facets of events or is-

sues, and making connections among them so as to pro-
mote a particular interpretation, evaluation, and/or
solution. (p.5)
Entman’s framing landscape consists of a “communicator, […]text, […]re-

ceiver and […]culture” (2004, p.52). The salience of particular words,
phrases or images, or the cultural resonance of a frame, informs how “no-
ticeable, understandable, memorable, and emotionally charged” (p.6) it
is among its receivers. Both the frequency of repetition and the promi-
nence of particular frames within discourse on a certain issue influence
their magnitude, which together with cultural resonance determines
frames’ success with the receiver.
There are clear parallels between framing theory and the Copenhagen
School of securitisation theory constructivist approach to threats. Rych-
novská contends that, “[i]f successfully securitized,[…]threat frames be-
come a part of the situated discourse and can be further used as a refer-
ence in the future process of threat framing” (2014, p.18). The Copenha-
gen School holds that security comes into existence by a threat being con-
structed as existential by a securitising actor. Issues are generally framed
on a scale from mere politicisation to radical securitisation. Issues be-
come securitised when a securitising actor performs a speech act, seek-
ing to persuade an audience to accept the existence of the purportedly
existential threat to a specified referent object and therefore to accept
the implementation of exceptional measures to counter the threat. Such
exceptional measures that contravene the normal rules of the political
system are accepted as legitimate as they protect and preserve the exist-
ence of that system. Conditions facilitating a securitisation attempt are
the specific security grammar at play, the positional power of the actor
and pre-existing public knowledge about threats. According to the Co-
penhagen School, the most common referent objects have hitherto been
constructs such as the state or national security (Buzan, Wæver & de
Wilde, 1998; Buzan & Wæver, 2003; Heinrich & Szulecki, 2018).
This research draws on subsequent theoretical refinement of the
Copenhagen School approach in order to address some of its shortcom-
ings and depart from solid theoretical ground. The conception of securit-
isation as a static speech-act event and as an intersubjective process of
constructing meaning has been highlighted (Stritzel, 2007; Balzacq,
2010; Balzacq et al, 2010; Watson, 2012). Stritzel in particular criticises
the facilitating conditions as conflicting with the predominantly internal-
ist conception of the static speech act. Cavelty laments the ambiguity con-
cerning “which audience has to accept what argument, to what degree,
and for how long” (2007, p.26). The difficulty of distinguishing between
16
measures that are exceptional (thus requiring audience acceptance) and

those that are implemented within the normal political paradigm has
also been raised (Cavelty, 2007; Stritzel, 2007; Watson, 2012). This re-
search renounces the static conception of speech-act performances in fa-
vour of a more processual, externalist understanding of the speech act’s
embeddedness in its external context, in order to better align securitisa-
tion theory with framing theory, in particular with Entman’s cultural res-
onance. In Stritzel’s words, “the meaning of a threat text is not given (by
the concept of security as exceptionality) but generated” through the res-
onance of the threat text with the discursive context (2007, p.371, paren-
theses in original). As the realm of cyber-threats is still in its infancy both
as a technical field and a political issue, there is a lack of pre-existent au-
dience understanding of the precise nature of cyber-threats. This in turn
allows politicians an exceptional latitude of interpretation in their choice
of threat framing, which this research seeks to capture by stressing a
more constructivist approach to securitisation theory.
Furthermore, this research avoids navigating the theoretical quag-
mires of trying to operationalise the Copenhagen School’s weakest point,
audience acceptance, by restricting itself to testing for securitising
moves, rather than attempting to prove successful securitisation of the
cyber-threat issue as such. Securitising moves are defined by the Copen-
hagen School as “discourse that takes the form of presenting something
as an existential threat to a referent object” and are operationalised in
the following Methodology section (Buzan, Wæver & de Wilde et al, 1998,
p.25).
Finally, having established this conception of securitisation theory,

Corry’s (2012) concept of riskification is incorporated into the theoreti-
cal framework as a third position situated between the normal politici-
sation of issues and extreme securitisation. Several scholars have already
incorporated riskification into securitisation frameworks to study en-
ergy security discourse (Heinrich & Szulecki, 2018) and cyber-security
discourse (Friis & Reichborn-Kjennerud, 2016), noting its explanatory
potential for the majority of cases that do not meet the most extreme out-
lying threat characterisation of securitisation, in order to avoid an ill-
suited blanket application of securitisation theory to every occurrence of
risks or threats in political discourse.
Riskification essentially differs from securitisation in two ways.
Firstly, a ‘riskifying’ actor (to adapt securitisation terminology) identifies
the existence of certain conditions that are conducive to the infliction of

harm to a referent object. Although risks can be great in magnitude and
imminent in temporal proximity, the language of riskification’s focus on
conditions envisages a less immediate realisation of harm, less direct
danger and longer-term mitigating measures. “Risks by their very nature
cannot be eradicated, only managed, and thus a politics of emergency
and exceptionality is replaced with a politics of permanence and long-
termism” (Corry, 2012, P.245). Consequently, risk logic proposes precau-
tionary measures aimed at governing these certain internal conditions
that enable harm to be caused, rather than measures aimed at addressing
a direct, external threat. In the context of cyber-threats, risk theory can
be associated with the conceptualisation of security as resilience, as it
accepts that absolute security is unattainable. The inclusion of ‘riskifica-
tion’ as a parallel process to securitisation permits clearer distinction be-
tween the internal focus of risk governance measures and the external
focus of securitisation’s truly exceptional political or diplomatic
measures.
This research maintains the view that, despite other actors being
able to influence discourse from various positions within the field, poli-
ticians are in the prime position to construct security threats (Buzan,
Wæver & de Wilde, 1998; Salter, 2008). It does not touch upon the work
of Bigo (2002) and the Paris School of securitisation that focuses on the
positional power of different actors, as its aim is to establish a better un-
derstanding of cyber-threat construction by the actors with greatest po-
sitional power, which in the chosen case of UK political discourse are
British MPs.
This research aims to establish how cyber-threats have been framed in

UK political discourse, outlining the process of negotiating a consensus-
based understanding of cyber-threats by British politicians and policy-
makers. It aims to test whether securitisation or riskification moves oc-
curred in UK cyber-threat discourse and to establish the dominant threat
subjects, constitutive conditions, referent objects, threats, risks and re-
medial measures. This research therefore seeks to answer the following
research questions.
18
RQ1: What were the most common threats and risks, referent ob-
jects, harm enablers and remedial measures leading up to the pub-
lication of the Cyber Security of the UK’s Critical National Infra-
structure report on 19 November 2018?
RQ2: What frames dominated British political discourse on cyber-

threats in this period?
RQ3: Can any securitising moves or riskifying moves be observed

in the discourse in this period?
METHODOLOGY
4 Methodology
4.1 Operationalisations
Entman’s “communicator, […]text, […]receiver and […]culture” (2004,

p.52), clearly tie in with securitisation theory’s securitising actor, speech
act, audience and facilitating conditions. This research builds on Wat-
son’s (2012) contention that securitisation itself is a master frame, ana-
lysing cyber-threat framing through the more specific theoretical lens of
securitisation. Terminologically it therefore it codes for four categories
that encapsulate the main elements of the theories presented.
Danger Descriptions are a description of the danger being faced and
include securitisation’s threat as well as risk theory’s risks. They de-
scribe potential harm that could be caused and largely coincide with Ent-
man’s first framing practice, defining conditions or effects as problem-
atic. Harm Enablers subsume securitisation’s threat subjects and risk
theory’s constitutive conditions of harm into one category to allow com-
parison, corresponding to Entman’s second framing practice of identify-
ing the causes of problematic conditions or effects. Referent Objects are
the objects that a speech act normatively claims are valuable and should
be protected, thus corresponding loosely to Entman’s third framing prac-
tice, making moral judgements. Finally, Remedial Measures are courses
of action suggested by the speaker to address the Danger Description or
Harm Enabler, or protect the Referent Object, and correspond to Ent-
man’s fourth framing practice, proposing remedies.
This research therefore operationalises securitisation moves as oc-
curring when a specific external threat and referent object are identified,
a threat subject is identified and specific, urgent, rule-breaking measures
are enumerated to address the threat. This research overcomes difficul-
ties in proving the exceptionality of remedy measures by operationalis-
ing the Copenhagen School’s rule-breaking as the criterion of exception-
ality and will justify in each instance which rules are adjudged to have
been broken and why (Bright, 2012).
Conversely, riskification moves are operationalised as identifying
the potential infliction of a specific harm, facilitated by certain constitutive
conditions that enable the infliction of the specified harm. They then
identify a referent object and offer measures that seek to actively govern
20
METHODOLOGY
these identified internal constitutive conditions over a longer policy hori-

zon in order to protect the referent object. This stands in clear contrast
to a securitising move which identifies a concrete external threat as a di-
rect cause of harm and proposes shorter-term measures to directly de-
fend against this external threat. This approach takes risk theory’s con-
stitutive conditions and governing measures, adopts securitisation’s ref-
erent object and adapts securitisation’s threat description to a risk de-
scription (Buzan, Wæver & de Wilde, 1998; Corry, 2012). This allows
both risk and security statements to be coded for the same four catego-
ries explained above in order to aid comparison between the two.
4.2 Case definition
The UK provides an interesting case study as a populous and culturally

diverse European common-law country with strong economic, political
and security ties to both the EU and the USA. Its argumentative brand of
parliamentary democracy provides ample latitude for politicians to
frame issues, yielding a depth of data for analysis. The availability of Eng-
lish-language documents is critically important given the linguistic-se-
mantic-performative aspects of this research on threat construction and
its theoretical approach. Whereas the framing of cyber-threats in the US
has received attention already, similar analysis of the UK remains sparse.
Parliament is constituted by the results of general elections. As the
candidate winning the majority of votes in their constituency, incumbent
Members of (UK) Parliament can be considered the politicians with the
most cultural resonance among their constituents, in line with Entman’s
framing theory and the Copenhagen School’s authority of the speaker.
Their deliberative-legislative function as MPs furthermore renders them
active participants in both issue framing and concrete policy outcomes.
MPs are therefore a large group of subjects with more or less equal posi-
tional power. They hold direct influence over any efforts to implement
exceptional (securitisation) or precautionary (risk theory) mitigating
policy measures and are also the actors with the strongest link to the au-
dience of any securitising or riskifying moves, so represent the most ap-
propriate data to answer the research questions.
METHODOLOGY
The Parliamentary Archives and Parliament website publish official

versions of Parliamentary papers and committee reports, while the Ar-
chives’ Hansard strives to provide a “substantially verbatim report of
what is said in Parliament…[removing only] repetitions and obvious mis-
takes” (UK Parliament, n.d.). This research benefits from being able to
rely with near certainty on the integrity and authenticity of data drawn
from official channels. The relatively narrow scope of data collection is
derived from Huysmans & Buonfino (2008), though the research aims
are dissimilar, and is justified as this research explores framing and
threat construction in public political discourse and does not seek to es-
tablish a balanced or factual picture of historical events, nor is its focus
the role of non-political experts or technical knowledge in threat con-
struction. There are thus no further reasonable steps this research could
take to ensure data reliability.
4.3 Case selection & data collection
The research questions are answered by analysing British Parliamentary

debates using data collected for the period from the beginning of the
2016-17 Parliamentary Session on 18 May 2016 to the publication of the
report on the Cyber Security of the UK’s Critical National Infrastructure
by the Joint Committee on the National Security Strategy on 19 Novem-
ber 2018. This serves the research aim of examining cyber-security dis-
course leading up to the publication of the first report dedicated specifi-
cally to the cyber-security of critical infrastructure in the UK. It is fur-
thermore appropriate as it includes the period after two of the first high-
profile cyber-attacks on critical energy infrastructure in Ukraine in 2015
and 2016.
This research takes the methodological decision that attempts to
frame threats in different ways are better captured in speech than in
written submissions and therefore only collects oral data (Gamson et al,
1992). All Members’ contributions and Parliamentary proceedings are
collected in addition to early-day motions, (oral) committee proceedings,
oral questions, urgent questions and private notice questions. It thus
samples from an exhaustive population of all oral submissions made by
British politicians in the Houses of Commons and Lords, at Westminster
22
METHODOLOGY
Hall and in Lords Grand Committees over the selected time period, yield-
ing a high number of relatively homogenous sampling units (Krippen-
dorff, 2018; Della Porta & Keating, 2008).
As only a minority of this population of British parliamentary docu-
ments will pertain to the research focus on cyber-threats, this research
employs Krippendorff’s relevance sampling, selecting only those sam-
pling units with relevance to cyber-threats (Krippendorff, 2018). Data
were retrieved using the Search parliamentary material function on the
UK Parliament website, selecting only the 2016-17 and 2017-19 Parlia-
mentary Sessions and selecting only the document types listed above. A
key-word search was performed for results including the terms cyber
and security, as well as at least one of the terms risk, threat, attack, de-
fence, defend, mitigate, mitigation, manage, management and infrastruc-
ture. Selection of search terms is clearly the methodological decision
with the greatest potential to bias the results. This research endeavoured
to include only the broadest terms and an equal number of securitisation
and riskification terms in order to avoid bias towards one element of the
theoretical framework. Threat, attack (acting as both a verb and a noun),
defence and defend were included as key securitisation terminology. Risk,
mitigate, mitigation, manage and management were included as key risk-
ification terminology. The search yielded over 500 hits in 174 discrete
documents. Of these documents, those that contained the word ‘cyber’
fewer than six times were screened for relevance to cyber threats, lead-
ing to the exclusion of 59 documents on unrelated topics such as the
online ivory trade, shipbuilding and cyber-bullying, or where cyber-is-
sues were merely referenced in passing. From a chronological list of the
resulting 119 documents, the first of every two documents was selected.
This sampling method yielded a manageable sample of 60 documents,
encompassing the whole time period under study. As Parliament gener-
ally sits for five days each week, the choice of an even sampling number
prevents overlap with the odd number of sitting days to ensure docu-
ments from all sitting days of the week are equally represented (Krip-
pendorff, 2018).
This research performs qualitative data analysis, employing several cod-

ing techniques to process the selected data using the open-source Dis-
course Network Analyzer software (Leifeld, Gruber & Bossner, 2019).
The well-defined parameters of data collection and the precise research
problem simplify the coding process, which employs attribute and in
METHODOLOGY
vivo coding. Attribute coding is performed during the first coding cycle
to record basic information about each document to aid comparison,
such as the party affiliation of a particular speaker or different discur-
sive-performative settings (such as debates or questions; House of Com-
mons or Lords). During the first cycle, specific codes are also applied to
the substantive content of the documents using in vivo (verbatim) cod-
ing, seeking to avoid categorising statements in securitisation or riskifi-
cation terms during the first cycle. This wide variety of specific codes is
then consolidated through pattern coding in the second cycle which
seeks to group the highly differentiated first-cycle coding results into 80-
100 codes that can be grouped into themes based around the theoretical
framework and operationalisations of securitising and riskifying moves
in order to quantitatively summarise trends in the discourse (Saldana,
2015). The codebook is presented in Appendix A.
Frames are then be outlined based on the codes, themes and quali-
tative evaluation recorded during the coding process. A minority of codes
that clearly overlap more than one frame is excluded so as to avoid bias-
ing one frame over another. This is demonstrated in Appendix C.
Finally, securitising and riskifying moves are identified according to
the operationalised criteria and by a process of elimination. First, all
statements are excluded that had any of the four coding categories coded
as unspecified in order to include only statements that specified all four
elements of Danger Description, Harm Enabler, Referent Object and Re-
medial Measures. Securitising statements meeting the operationalised
criteria of specifying threat subjects as Harm Enablers and a specific ex-
ternal threat as a Danger Description are separated from riskifying state-
ments that meet the operationalised criteria of specifying constitutive
conditions as a Harm Enabler and the infliction of specific harm as a Dan-
ger Description.
24
RESULTS AND OBSERVATIONS
5 Results and Observations
Detailed tables of results are presented in Appendix B. This section pre-

sents overall data trends but focuses on data necessary to answering the
research questions. It first answers RQ1 by presenting the most common
results for the categories Danger Descriptions, Harm Enablers, Referent
Objects and Remedial Measures, then answers RQ2 by showing which
frames dominated the discourse and finally answers RQ3 by presenting
the securitising and riskifying moves found in the discourse according to
the criteria operationalised in the Methodology section.
5.1 Dominant codes (RQ1)
The single most striking datum among the individual categories is the
interval by which Russia is the leading Harm Enabler code, a clear case
of an external threat subject of securitisation theory. Russia was invoked
103 times (Figure 1) while the next-most-common specified Harm Ena-
bler, non-state cyber-criminals, was invoked a mere forty-three times.
Although not necessarily external to the UK, criminals are considered
threat subjects as they are fundamentally animate (human) actors that
enact threats and cannot be considered constitutive conditions. Com-
pared to Russia, China was largely neglected as a threat subject in the
discourse, only slightly more prominent than North Korea, the latter be-
ing publicly attributed with the high-profile WannaCry ransomware
cyber-attack on the NHS in 2017. Unspecified states were cited as threat
subjects on a further seventeen occasions, while terrorists were cited as
Harm Enablers a mere four times. There was a wider variety of constitu-
tive conditions compared to threat subjects in the Harm Enabler cate-
gory, evidenced by the flatter distribution of code frequencies in Figure
2.
Harm Enablers: Threat Subjects

100 103
90
80
70
Frequency
60
50 43
40
30
20 17 12
10 8 7 5 4 2 2 1
0
Figure 1 All threat subjects coded in the Harm Enablers category.
Harm Enablers: Constitutive Conditions

20 19
18
16
14 13
12
Frequency
10 9 9 9
8 7 7
6 6
6 5 5
4 3 3
2 2 2
2 1 1 1 1
0
Figure 2 All consitutive conditions coded in the Harm Enablers category.
26
Of all coding categories, a Referent Object was specified most often in the
statements coded. National security was the most commonly perceived
target of attacks by a considerable margin, followed by domestic political
institutions and processes and British businesses. Military defence sys-
tems gained some discursive traction but the Referent Object category is
conspicuously populated by a higher number of civilian Referent Objects
than military ones, such as political institutions, economic concerns and
critical infrastructure. Critical infrastructure was cited a combined forty-
nine times, making it among the most common civilian Referent Object.
Energy infrastructure was only mentioned among other elements of in-
frastructure as such its occurrences were mostly coded as “CI – General”.
Referent Objects - Grouped

139
140
120
100
80 54
60 49 46
Frequency
40 17
20
0
Figure 3 Referent Objects combined into groups.
Economic comprises codes Businesses, British economy, Economic wellbeing, SME.

Critical Infrastructure comprises codes Critical infrastructure – general, Critical infrastructure –
NHS, Critical infrastructure - information/telecoms, Critical infrastructure – transport.
Political/PuS comprises Political institutions/proces, Rules-based international order, Public
sector/government functions, International alliances/organisations.
Military/Defence comprises National defence systems.
Referent Objects
139
140
120
100
Frequency
80
60
32 27
40 19 17 17 16 13 12 12
20 7 6 6 4 4 4 2
0
Figure 4 All specified Referent Objects. Unspecified=57.
In contrast to these clear results, the categories Danger Description and

Remedial Measures were most often unspecified, perhaps a symptom of
the ill-defined and elusive nature of cyber-threats. There were no clearly
dominant codes for these two categories, with code frequency decreas-
ing in small increments from the most common to the least common
code. The three most commonly specified codes for the Danger Descrip-
tion category were cyber-security as data security, cyber-vulnerabilities
of traditional defence capabilities and state-sponsored cyber-attacks.
For Remedial Measures, increased defence spending on cyber-capabili-
ties, greater law enforcement powers and improving cyber-resilience
were the most common codes.
28
Danger Descriptions
General economic cyber-crime 13

State-led cyber- and kinetic attack 13
State-led international cyber conflict 19
Mis/disinformation 19
Economic cyber-crime - organisations 19
Unspecified cyber-crime 20
General disruptive attacks 22
Election meddling 23
State-sponsored cyber-attack 25
Cyber-vulnerabilities of traditional defence 27
Cybersecurity as data security 35
0 10 20 30 40
Frequency
Figure 5 All Danger Description codes with frequency>10
Remedial Measures
Public-private cooperation 11
International cooperation 12
Continued EU cooperation 14
Existing government spending under NCSS 20
Increase focus on cyber skills training 21
Improve cyber resilience 22
Greater law enforcement powers 24
Cyber as defence spending priority 25
0 5 10 15 20 25 30
Frequency
Figure 6 All Remedial Measures codes with frequency>10

Most Common Harm Enablers

Russia North Korea China Criminals Outdated Military Technology
35
30
25
FREQUENCY
20
15
10
Figure 7 Timeline of utterances of the five most common Harm Enablers.
Most Common Referent Objects

National Security Critical Infrastructure Political Institutions/Process Businesses
35
30
25
Frequency
20
15
10
Figure 8 Timeline of utterances of the four most common Referent Objects
30
The most telling pattern in the data is the overlap of national security and
different Harm Enablers. National security reached a climax in July 2016
leading up to the vote in the House of Commons on whether to renew the
UK’s nuclear deterrent submarine programme. Only utterances with
cyber-relevance were coded in the research and this reflects politicians’
anxieties about the vulnerabilities of nuclear command-and-control sys-
tems to cyber-attack. There is a notable parallel between mentions of
Russia and national security from the end of 2017 until late-2018. This
coincided with the poisoning of two Russian citizens in Salisbury, evalu-
ated further in the discussion section. Although the WannaCry ransom-
ware attack on the NHS in May 2017 was mentioned, as evidenced by the
modest peak in Critical Infrastructure mentions around that time, there
was no equivalent peak for North Korea as a Harm Enabler, despite pub-
lic accusations of North Korean involvement. The final peak in late-2018
is attributable to a gradual increase in focus of parliamentary attention
on cyber-threats which culminated in a lengthy debate on the subject in
October 2018.
5.2 Dominant Frames (RQ2)
Based on the codes, themes and qualitative evaluation recorded during

the coding process, two dominant frames and one less significant frame
emerge. A full exposition of code groupings is presented in Appendix A.
Figures 9 and 12 show the War Frame as the most prominent frame, de-
scribing state-level cyber-threats to the Referent Object of national secu-
rity, with the Harm Enabler category populated mostly by directly iden-
tified threat subjects such as Russia (Figure 9), state and military Refer-
ent Objects and various forms of interstate cyber-conflict as the predom-
inant Danger Descriptions (Figure 12). The dominance of directly speci-
fied threat subjects over constitutive conditions in the Harm Enabler cat-
egory and the lower number of different Referent Objects point to a nar-
row securitisation logic of cyber-threat framing. Increasing defence
spending on cyber-security capabilities narrowly gained greatest preva-
lence as a Remedial Measure, while the Danger Descriptions were per-
haps most telling: Cyber-vulnerabilities of traditional defence capabili-

ties and several types of state-led cyber-threats were cited, while cyber
as a tier-one national security threat and cyberspace as a new sphere of
conflict were explicitly invoked. In qualitative support of this frame is the
repeated portrayal of the cyber-sphere as a new sphere of strategic com-
petition and military supremacy similar to the emergence of aerial com-
bat as a new sphere at the beginning of the last century, as has been noted
in the existing literature presented in the Literature Review section. A
recurrent theme was the potential for the UK’s traditional defence capa-
bilities, particularly its continuous at-sea nuclear deterrent which Parlia-
ment voted to renew in 2016, to be hijacked by cyber-attack and de-
ployed against the UK or its allies.
The second frame is the Crime Frame which propagated a criminal
justice, law enforcement conception of cyber-security. This frame is evi-
denced principally by the prominence of criminals as a Harm Enabler
(threat subject) together with a wider variety of Harm Enablers than the
War Frame, primarily constitutive conditions enabling cyber-crime for
economic gain. Danger descriptions in this frame likewise centred on
economic cyber-crime against organisations and individual economic se-
curity and privacy. This corresponds to Referent Objects of individual,
commercial and macro-economic wellbeing. The Remedial Measures fur-
ther evidence this frame by calling for a law-enforcement response to the
established crime problem; increased domestic enforcement powers,
greater domestic and international cooperation between the public and
private sectors as well as with the EU and international organisations.
The dominance of constitutive conditions and the low frequency of ur-
gent Remedial Measures points towards a more risk-oriented, governing
approach to potential harm.
The third and less significant frame is the Interference Frame,
mostly evidenced by Danger Descriptions of election meddling, espio-
nage and mis- or disinformation by electronic means, as well as the po-
litical institutions/processes Referent Object. This research postulates
that this frame failed to compete with the first two frames as Harm Ena-
blers and Remedial Measures were neglected, clearly shown in Figure 9.
As these two categories overlap with Entman’s framing practices of iden-
tifying causes and suggesting remedies, this research argues that the In-
terference Frame failed because it neglected to develop the threat frame
beyond broad Danger Descriptions (or identifying problematic effects or
conditions in Entman’s terminology). It thus invoked “vaguely defined
32
vulnerability in IT systems” instead of clear Harm Enablers and could not

gain traction in the discourse (Bendrath, Eriksson & Giacomello, 2007,
p.64).
Codes by Frame
450
400 27
350
Cumulative Code Frequency
55
13 Referent Objects
300
42 74
250 Remedial Measures - Governing
200 67 Remedial Measures - Urgent

161 1
150 36 Harm Enablers - Const. Conditions
43 1
Harm Enablers - Threat Subjects
100 38 0
1 Danger Descriptions
50 105 99 77 0
0
War Crime Interference
Frame
Figure 9 Code frequency by category for each frame
Sum of Code Frequency by Frame

Danger Description Harm Enabler Referent Object Remedial Measures Grand Total
War Frame 105 203 27 68 403
Crime Frame 99 79 74 68 320
Interference Frame 77 1 38 1 117
Grand Total 281 283 139 137 840
Figure 10 Sum of code frequency by category for each frame
Count of Codes by Frame

War Frame 8 16 3 14 41
Crime Frame 7 9 6 11 33
Grand Total 20 26 11 26 83
Figure 11 Count of the number of distinct codes assigned to each frame by category
Most Common Codes by Frame

Danger Description Harm Enabler Referent Object Remedial Measures
War Frame 84 151 17 25
Russia 103
Outdated military technology 19
Unspecified state(s) 17
National defence systems 17
State + non-state combination 12
Crime Frame 87 43 56 38
Criminals 43
Businesses 27
Personal privacy 16
British economy 13
Interference Frame 77 1 38 1
Political institutions/process 32
Espionage 7
Critical infrastructure - transport 6
Attacks on political institutions 6
More British media in Russian 1
Foreign infrastructure ownership 1
Figure 12 Code frequency of the ten most common codes for each frame. Only nine codes were assigned to the Inter-
ference Frame.
34
5.3 Securitising and riskifying moves (RQ3)
A total of two securitising and five riskifying moves were identified in the
discourse according to the operationalised criteria. Critical to establish-
ing securitising moves is the assessment of whether the Remedial
Measures called for would break existing political rules. Only two state-
ments suggested measures that called for breaking traditional political
rules. Full quotations of securitising and riskifying moves are provided
in Appendix D.
5.3.1 Securitising moves
As a Danger Description he presents the external threat of “hybrid war-

fare and online and cyber-threats” to the Referent Object of UK national
security via the NATO military alliance, the function of which is to protect
its members’ national security. To counteract the threat subject Russia,
he questions why article 5 of the NATO Washington Treaty (1949), the
commitment to collective defence, has not been triggered and no collec-
tive, potentially armed, response initiated. This course of action would
constitute political rule-breaking as it would categorise Russian cyber-
actions as an armed attack under international law, permitting total self-
defence pursuant to article 51 of the UN Charter (1945) with any combi-
nation of kinetic, cyber- and hybrid capabilities the NATO members
deemed appropriate (Hansard, 20 June 2018, col 428).
Though he mentions espionage, the thrust of his Danger Description is

the threat of “economic cyber-crime carried out over the internet” harm-
ing the national economy as the Referent Object (Hansard, 15 March
2016, col 895). The array of threat subjects listed as Harm Enablers –
“hostile nation-states, cross-border crime syndicates, company insiders
and so-called hacktivists” – reinforces the urgency of the securitising
move. Although this statement includes elements of preventative risk
logic, the Remedial Measures advocate “intercepting data…[and] inter-
fering with computer equipment,” activities that have crossed the
threshold of the politically unacceptable and break normal political rules
in the digital age (Hansard, 15 March 2016, col 896).
5.3.2 Riskifying moves

Critical to establishing these five riskifying moves is ascertaining that
both constitutive conditions and specific governing measures were ex-
plicitly mentioned. Most specified increased powers of some form as Re-
medial Measures in order to adequately govern the stated constitutive
conditions. Two riskifying moves focused on strengthening the resilience
of the private sector against economic cyber-crime by implementing
mandatory annual audits of cyber-security practices and standards or re-
porting obligations. Two moves recommended greater investigative
powers for law enforcement agencies to counter the evolving nature of
36
cyber-threats. One move called for the development of international

cyber-security technical standards to ensure harmonised minimum
standards.
The first riskifying move focuses on the constitutive conditions of insuf-

ficient cyber-security standards for future autonomous transport as a
Harm Enabler, with the Danger Description of harm inflicted both by tak-
ing control of the vehicles themselves and stealing data for “malicious,
criminal or terrorist purposes”. Data security in future infrastructure is
the Referent Object, which it seeks to protect through proactively estab-
lishing international cyber-security technical standards as a Remedial
Measure (Hansard, 20 December 2017, col 2180).
The constitutive conditions of the increasing success of economic cyber-

crime are cited as a Harm Enabler, enabling the infliction of harm
through financial loss (Danger Description) to the Referent Object of the
economic wellbeing of individuals and companies. Increased investiga-

tory powers for law enforcement agencies (Remedial Measures) are
called for in order to govern the constitutive conditions by reducing the
success rate of cyber-crime (Hansard, 15 March 2016, col 883).
The Harm Enabler is the rapid pace of technological change which is a

constitutive condition as it enables cyber-criminal methods to evolve
more quickly than police powers, putting law enforcement at a disad-
vantage and creating the conditions for cyber-crime to be committed and
harm the Referent Object of individual citizen safety. His Remedial
Measures are greater police powers to govern the constitutive condition
by expanding police powers, hopefully enabling them to keep step with
the evolving risk of cyber-crime (Hansard, 20 December 2017, col 2180).
38
Baroness Jones cites the constitutive conditions of private-sector inac-

tion on cyber-security as well as a lack of information-sharing about at-
tacks that do occur as a Harm Enabler, enabling the infliction of economic
harm through cyber-criminal data theft (Danger Description) from busi-
nesses (Referent Object). A legal reporting requirement is demanded as
a Remedial Measure in order to govern the constitutive conditions of
businesses’ vulnerabilities by creating a legal obligation for them to ad-
here to more stringent security practices (Hansard, 06 February 2017,
col 1561).
Lord Arbuthnot contends that the Harm Enabler is the insufficient pri-
vate-sector action to secure networks and supply chains against cyber-
attack (constitutive conditions), leaving them vulnerable to data theft by
cyber-criminals (Danger Description). He proposes an annual audit of
cyber-security measures and practices (Remedial Measure) to govern
the conditions of business inaction and protect businesses (Referent Ob-
ject), to “gradually begin to address the issue of cybersecurity” to reduce
risk gradually by governing it over a longer policy horizon (Hansard, 06
February 2017, col 1559-60).
INTERPRETATION AND DISCUSSION
6 Interpretation and Discussion
This section interprets the results and advances several arguments evi-
dent from the results which contribute to further understanding of the
field.
Substantively, this research contributes to existing literature by reveal-

ing terrorism to have been virtually non-existent in UK cyber-threat
framing hitherto. This stands in stark contradistinction to US cyber-dis-
course which, according to the consensus in existing literature, has been
dominated by a frame of terrorist threats to critical infrastructure (Ben-
drath, Eriksson & Giacomello, 2007; Cavelty, 2008; Hansen & Nissen-
baum, 2009). The issue of cyber-terrorism was raised only three times
and was not developed beyond brief references, while cyber-terrorists
were invoked as a threat subject on a mere four occasions and
Daesh/ISIS/ISIL only once. This research argues that terrorism holds
greater cultural resonance in the US due to the timeline of high-profile
terrorist attacks in the US, from the first World Trade Center attack in
1993 to the Oklahoma city attack in 1995, culminating in the 11 Septem-
ber 2001 attacks (Cavelty, 2008). Despite the perpetration of several ter-
rorist attacks on UK territory resulting in loss of life, the lack of a compa-
rable timeline of consistent and symbolically spectacular attacks has hin-
dered terrorism from gaining the frequency of repetition and the discur-
sive prominence, at least in cyber-threat discourse, that achieve high
frame magnitude and increase the chances of successful framing accord-
ing to Entman.
This research supports Cavelty’s (2008) conclusion that the lack of a

comprehensive understanding of potential cyber-harm to which coun-
tries are exposed confounds the task of addressing these vulnerabilities.
Similar to Cavelty’s conclusions about US cyber-discourse, UK discourse
also perceived information infrastructure both as a Referent Object in it-
self and as a vehicle of harm to other Referent Objects. Allusion was com-
monly made to how the rapid pace of technological development and dig-
itisation of daily life geometrically multiply the complex interdependen-
cies between and interconnection of infrastructure, making it more diffi-
cult for technical and non-technical decision-makers to maintain an ac-
40
curate overview of technical vulnerabilities. This is reflected in the diver-

sity of constitutive conditions coded under the Harm Enabler category in
this research, such as the perceived lack of technical knowledge and the
recurrent theme of the cyber-insecurity of nuclear command-and-con-
trol systems. The asymmetric nature of cyber-threats corroborates this
argumentation. This research agrees with scholars who have argued that
states are more likely to be the actors with the resources and intent to
mount advanced and persistent threats over the long term (Cavelty,
2008, p.100). However, currently the asymmetric nature of cyber-
threats renders states vulnerable to attack from an unprecedentedly
wide range of actors, breeding uncertainty not just about the ‘what’ of
the threats being faced but also about the ‘who’ – whom it is necessary
to protect against. This supports Valeriano’s & Maness’ assertion that
“the state is incapable of maintaining its monopoly on security…anything
networked can be hacked and is vulnerable to infiltration” (2018, p.260).
State anxieties around the inability to exercise sovereign control over ac-
tivity in cyber-space concur with the consensus in legal literature about
the practical and legal difficulties of establishing international cyber-at-
tack attribution (Hansen & Nissenbaum, 2009; Shackelford & Andres,
2010; Brenner, 2009; Green (ed.), 2015).
This research therefore argues that current uncertainty around
threat subjects and threats themselves as well as a superficial under-
standing of existing technical vulnerabilities for attackers to exploit has
inclined UK cyber-threat discourse away from clearly defined securitisa-
tion logic and towards risk logic of governance, as evidenced by the
higher number of riskification moves compared to securitisation moves
found in the discourse. Furthermore, the existing policy response in the
2016 National Cyber Security Strategy armed ministers with a tool to
parry attempts to emphasise the urgency of responding to cyber-threats,
which could have contributed to a high discursive threshold of urgency
necessary to successfully claim that the existing measures were insuffi-
cient. This may have prevented some of the less self-assured attempts at
securitisation from being realised.
Further to the quantitative proof presented of Russia’s dominance as a

threat subject in UK discourse, it can qualitatively be concluded from the
coding process that Russia is a highly charged threat subject that occu-
pies an established place in UK political discourse. Beyond the obvious
historic geopolitical and ideological grounds for enmity between Russia
and the UK, the UK’s strategic ambitions and fears concerning Russia
found renewed expression following the much-publicised ‘Salisbury In-
cident’ in 2018, in which the parties held responsible for the poisoning
of a former Russian intelligence officer and his daughter with a nerve
agent were publicly linked to the Russian state. This incident added to
the presumption of Russia’s intention to threaten the UK, adding to. It
comprised no cyber-component itself, which renders the repeated refer-
ences to perceived Russian cyber-machinations in its aftermath an all-
the-more pertinent indicator of the perceived virility and imminence of
cyber-threats within the hierarchy of threats to the UK’s national secu-
rity. This supports constructivist approaches to the external context in
securitisation theory as it clearly builds upon the “pre-existing body of
socially constructed knowledge” (Watson, 2012, p.294) already assigned
to Russia in the public consciousness by successful threat framing in past
discourse and therefore provides further evidence in favour of Stritzel’s
“distinct linguistic reservoir” or Salter’s “local regime of truth” upon
which discourse can draw when constructing meaning (Stritzel, 2007,
p.369; Salter, 2008, p.322; Watson, 2012; Buzan, Wæver & de Wilde,
1998). The clear dominance of Russia as a Harm Enabler furthermore
questions suggestions in existing literature that non-state actors will
gain more prevalence in cyber-threat framing as the boundaries between
conflict and war become increasingly blurred (Bendrath et al 2007;
Cavelty, 2007).
42
CONCLUSION
7 Conclusion
This research has shown UK cyber-threat discourse to be dominated by

a War Frame which projects a logic of inter-state cyber-conflict or cyber-
war threats to national security, as well as a Crime Frame projecting a
logic of a domestic law enforcement response to an asymmetric threat to
a variety of primarily economic, non-state Referent Objects. It has also
shown an Interference Frame to have been unsuccessful as it primarily
relied upon Danger Descriptions, Entman’s framing practice of defining
conditions or effects as problematic, unable to establish itself coherently
as it neglected the other three framing practices.
The most common Danger Descriptions were cyber-security as data
security, cyber-vulnerabilities of traditional defence capabilities and
state-sponsored cyber-attacks. The threat subject Russia was shown to
clearly dominate the discourse as a Harm Enabler, followed by cyber-
criminals. The most common constitutive conditions of harm were out-
dated defence technology, the rapid pace of technological change and the
lack of technical knowledge in the workforce. National security was
clearly the most common Referent Object, followed by economic and
then critical infrastructure Referent Objects. Greater defence spending
on cyber-capabilities, greater law enforcement powers and improving
cyber-resilience were most commonly called for as Remedial Measures.
Two securitising moves and five riskifying moves were identified in the
discourse.
Although critical infrastructure appeared as a Referent Object in the
discourse with relative prominence (see Figure 3), energy infrastructure
itself was never explicitly discussed in relation to cyber-threats and only
appeared where critical infrastructure sectors were listed in a catch-all
manner. It can therefore be concluded that critical energy infrastructure
itself has so far not been recognised as a significant target of potential
cyber-harm in UK political discourse, despite recent attacks on the
Ukrainian electricity grid, intrusions into the Irish electricity grid and
significant disruption to the National Health Service following a cyber-
attack in 2017, the latter incident being raised in several parliamentary
debates. In this context, the publication of the Joint Committee Report on
the Cyber Security of the UK’s Critical National Infrastructure towards
the end of 2018 is perhaps all the more pertinent. This research has
therefore established a detailed picture of the landscape of cyber-threat
CONCLUSION
perception in UK political discourse, both to inform and guide those at-

tempting to tackle cyber-threats and inform those for whom cyber-secu-
rity has not been a priority until now.
As this research has focused on political discourse, further research
on the role of expert knowledge in the framing of cyber-threats would be
insightful. Furthermore, research into how frames have changed over
time since the first National Cyber Security Strategy in 2009 would fur-
ther develop understanding of UK discourse, as would analysis of rheto-
ric and framing in the official documents themselves to explore the nexus
of cyber-security policy and critical infrastructure protection. More gen-
erally, research on the interplay between the private and public sector in
countries with a high proportion of private critical infrastructure owner-
ship such as the UK would be illuminating, both into how regulation of
the private sector can increase cyber-resilience and how governments
and private-sector organisations cooperate and interact when respond-
ing to cyber-incidents.
44
BIBLIOGRAPHY
Bibliography
1. Allen, J. (2011). Powerful assemblages?. Area, 43(2), 154-

157.
2. Aradau, C. (2010). Security that matters: Critical infrastruc-
ture and objects of protection. Security Dialogue, 41(5),
491-514.
3. Arquilla, J., & Ronfeldt, D. (1997). In Athena's camp: prepar-
ing for conflict in the information age. Rand corporation.
4. Balzacq, T. (Ed.). (2010). Understanding Securitisation The-
ory: How Security Problems Emerge and Dissolve.
Routledge.
5. Balzacq, T., Basaran, T., Bigo, D., Guittet, E. P., & Olsson, C.
(2010). Security practices. International studies encyclope-
dia online, 18.
6. Bendrath, R. (2001). I&S THE CYBERWAR DEBATE: PERCEP-
TION AND POLITICS IN US CRITICAL INFRASTRUCTURE PRO-
TECTION. Special Issue of Information & Security, 65.
7. Bendrath, R., Eriksson, J., & Giacomello, G. (2007).
From’cyberterrorism’to’cyberwar’, back and forth. Interna-
tional Relations and Security in the Digital Age. Hrsg. von Jo-
han Eriksson und Giampiero Giacomello. Abingdon:
Routledge, 57-82.
8. Benford, R. D., & Snow, D. A. (2000). Framing processes and
social movements: An overview and assessment. Annual re-
view of sociology, 26(1), 611-639. https://www.annualre-
views.org/doi/pdf/10.1146/annurev.soc.26.1.611
9. Bigo, D. (2002). Security and immigration: Toward a cri-
tique of the governmentality of unease. Alternatives,
27(1_suppl), 63-92.
10. Brenner, S. W. (2009). Cyberthreats: The emerging fault
lines of the nation state. Oxford University Press.
11. Bright, J. (2012). Securitisation, terror, and control: towards
a theory of the breaking point. Review of International Stud-
ies, 38(4), 861-879.
BIBLIOGRAPHY
12. de Bruijn, H., & Janssen, M. (2017). Building cybersecurity

awareness: The need for evidence-based framing strategies.
Government Information Quarterly, 34(1), 1-7.
13. Buzan, B., Waever, O., (2003). Regions and powers: the
structure of international security (Vol. 91). Cambridge Uni-
versity Press.
14. Buzan, B., Wæver, O., & de Wilde, J. (1998). Security: a new
framework for analysis. Lynne Rienner Publishers.
15. Cavelty, M. D. (2007). Cyber-security and threat politics: US
efforts to secure the information age. Routledge.
16. Cavelty, M. D. (2008). Cyber-terror—looming threat or
phantom menace? The framing of the US cyber-threat de-
bate. Journal of Information Technology & Politics, 4(1), 19-
36.
17. Charter of the United Nations, June 1945, available from
https://www.un.org/en/charter-united-nations/index.html
18. Christou, G. (2016). Cybersecurity in the European Union:
Resilience and Adaptability in Governance Policy. Springer.
19. von Clausewitz, C. (1998) Vom Kriege. Ullstein, Berlin.
20. Cornish, P., Hughes, R., & Livingstone, D. (2009). Cyberspace
and the National Security of the United Kingdom. Threats
and Responses. Chatham House, London.
21. Corry, O. (2012). Securitisation and ‘riskification’: Second-
order security and the politics of climate change. Millen-
nium, 40(2), 235-258.
22. Czosseck, C., Ottis, R., & Talihärm, A. M. (2011). Estonia after
the 2007 cyber attacks: Legal, strategic and organisational
changes in cyber security. International Journal of Cyber
Warfare and Terrorism (IJCWT), 1(1), 24-34.
23. Della Porta, D., & Keating, M. (Eds.). (2008). Approaches and
methodologies in the social sciences: A pluralist perspec-
tive. Cambridge University Press.
24. Entman, R. M. (1993). Framing: Toward clarification of a
fractured paradigm. Journal of communication, 43(4), 51-
58.
46
BIBLIOGRAPHY
25. Entman, R. M. (2004). Projections of power: Framing news,

public opinion, and US foreign policy. University of Chicago
Press.
26. Friis, K., & Reichborn-Kjennerud, E. (2016). From cyber
threats to cyber risks. In Conflict in Cyber Space (pp. 43-60).
Routledge.
27. Gamson, W. A., Croteau, D., Hoynes, W., & Sasson, T. (1992).
Media images and the social construction of reality. Annual
review of sociology, 18(1), 373-393.
28. Geers, K. (2011). Strategic cyber security. Kenneth Geers.
29. Green, J. A. (Ed.). (2015). Cyber Warfare: A multidisciplinary
analysis. Routledge.
30. Greenberg, A. (2017). 'CRASH OVERRIDE': THE MALWARE
THAT TOOK DOWN A POWER GRID. Wired. Retrieved
20.05.2019 from https://www.wired.com/story/crash-
override-malware/
31. Hansard HC Deb volume 607 columns 883, 895-896 (15
March 2016) [Electronic version]. Accessed 19.05.2019
from https://publications.parlia-
ment.uk/pa/cm201516/cmhansrd/cm160315/debtext/16
0315-0003.htm
32. Hansard HC Deb volume 643 column 428 (20 June 2018)
[Electronic version]. Accessed 19.05.2019 from https://han-
sard.parliament.uk/Commons/2018-06-20/de-
bates/D8B9C284-0C34-4743-B8C5-C2AD2046DD11/NATO
33. Hansard HL Deb volume 767 column 2180 (20 December
2017) [Electronic version]. Accessed 19.05.2019 from
https://hansard.parliament.uk/Lords/2017-12-20/de-
bates/B508C183-177A-4082-811F-E83D707742E5/Con-
nectedAndAutonomousVehicles(ScienceAndTechnolo-
gyReport)
34. Hansard HL Deb volume 778 columns 1559-1561 (06 Febru-
ary 2017) [Electronic version]. Accessed 19.05.2019 from
https://hansard.parliament.uk/Lords/2017-02-06/de-
bates/A615B47A-7186-4518-BA56-DC2D834F3ED9/Digi-
talEconomyBill
BIBLIOGRAPHY
35. Hansen, L., & Nissenbaum, H. (2009). Digital disaster, cyber

security, and the Copenhagen School. International studies
quarterly, 53(4), 1155-1175.
36. Harrop, W., & Matteson, A. (2015). Cyber resilience: A re-
view of critical national infrastructure and cyber-security
protection measures applied in the UK and USA. In Current
and Emerging Trends in Cyber Operations (pp. 149-166).
Palgrave Macmillan, London.
37. Healey, J. (Ed.). (2013). A fierce domain: Conflict in cyber-
space, 1986 to 2012. Cyber Conflict Studies Association.
38. Heinrich, A., & Szulecki, K. (2018). Energy Securitisation:
Applying the Copenhagen School’s Framework to Energy. In
Energy Security in Europe (pp. 33-59). Palgrave Macmillan,
Cham.
39. Huysmans, J., & Buonfino, A. (2008). Politics of exception
and unease: Immigration, asylum and terrorism in parlia-
mentary debates in the UK. Political studies, 56(4), 766-788.
40. Joint Committee on the National Security Strategy (2018)
Cyber Security of the UK’s Critical National Infrastructure.
Third Report of Session 2017-2019. HL Paper 222. HC 1708.
41. Kaufmann, C. (2004). Threat inflation and the failure of the
marketplace of ideas: The selling of the Iraq war. Interna-
tional Security, 29(1), 5-48.
42. Krippendorff, K. (2018). Content analysis: An introduction
to its methodology. Sage publications.
43. Lawson, S., & Middleton, M. K. (2019). Cyber Pearl Harbor:
Analogy, fear, and the framing of cyber security threats in
the United States, 1991-2016. First Monday, 24(3).
44. Leifeld, P., Gruber, J. & Bossner, R. F. (2019). Discourse Net-
work Analyzer Manual. Retrieved 20.04.2019 from
https://github.com/leifeld/dna/releases/tag/v2.0-beta.24
45. Neville-Jones, P., & Phillips, M. (2012). Where Next for UK
Cyber-Security?. The RUSI Journal, 157(6), 32-40.
46. The North Atlantic Treaty, April 1949, available from
https://www.nato.int/cps/en/natolive/offi-
cial_texts_17120.htm
48
BIBLIOGRAPHY
47. Nye, J. S. (2011). The future of power. Public Affairs.

48. Rattray, G. J. (2009). An environmental approach to under-
standing cyberpower. Cyberpower and National Security,
253-274.
49. Rid, T. (2013). Cyber war will not take place. Oxford Univer-
sity Press, USA.
50. Rychnovská, D. (2014). Securitization and the power of
threat framing. Perspectives: review of Central European af-
fairs, (2), 9-32.watson
51. Saldaña, J. (2015). The coding manual for qualitative re-
searchers. Sage.
52. Salter, M. B. (2008). Securitization and desecuritization: a
dramaturgical analysis of the Canadian Air Transport Secu-
rity Authority. Journal of international relations and devel-
opment, 11(4), 321-349.
53. Shackelford, S. J., & Andres, R. B. (2010). State Responsibility
for Cyber Attacks: Competing Standards for a Growing Prob-
lem. Geo. J. Int'l L., 42, 971.
54. Snow, D. A., & Benford, R. D. (1988). Ideology, frame reso-
nance, and participant mobilization. International social
movement research, 1(1), 197-217.
55. Stritzel, H. (2007). Towards a theory of securitization: Co-
penhagen and beyond. European journal of international re-
lations, 13(3), 357-383.
56. UK Parliament (n.d.) About Hansard Online. Retrieved
20.04.2019 from: https://hansard.parlia-
ment.uk/about?historic=false
57. Valeriano, B., & Maness, R. C. (2018). International Relations
Theory and Cyber Security. The Oxford Handbook of Interna-
tional Political Theory, 259.
58. Watson, S. D. (2012). ‘Framing’ the Copenhagen School: Inte-
grating the literature on threat construction. Millennium,
40(2), 279-301.
59. World Energy Council (2016) The Road to Resilience: Man-
aging Cyber Risks. World Energy Perspecitves.
APPENDIX A CODEBOOK
Appendix A Codebook
This appendix presents the codebook organised by category and themes

within each coding category.
APPENDIX A CODEBOOK
Coding Original Name used in

Theme Code explanation
category code this thesis
Unspecified harm
Unspecified Unspecified No harm enabler specified
enabler
Threat subject Russia was identified as harm enabler (state
Russia
- state - Russia threat subject)
Threat subject
Cyber-criminals identified as harm enabler
- non-state - Criminals
(non-state threat subject)
criminals
Threat subject
Harm enabler specified as an unspecified state
- state - Unspecified state(s)
or states (state threat subject)
unspecified
Threat subject
State + non-state Combination of state and non-state actors
- s+ns
combination specified (state threat subject)
combination
Threat subject China specified as harm enabler (state threat
China
Threat - state - China subject)
subject Threat subject
Harm enabler specified as North Korea (state
- state - North North Korea
threat subject)
Korea
Harm No particular actor was specified but threat was
Threat subject Unspecified threat
enabler described as direct in nature and coming from a
- unspecified subject
general source, e.g. “our adversaries”
TS - ns -
Groups of hackers or activist hackers (non-state
hackers/hackti Hackers
threat subject)
vists
TS - ns - Unspecified terrorist groups (non-state threat
Terrorists
terrorists subject)
TS - ns - Daesh/ISIS/ISIL as harm enabler (non-state
Daesh/ISIS/ISIL
Daesh/ISIS/ISIL threat subject)
Constitutive
conditions -
Lack of business- Lack of cooperation between private-sector
lack of
government businesses and governmental organisations and
cooperation -
cooperation agencies
business to
Constitutive
government
conditions
Constitutive
conditions -
Unspecified cyber Unspecified technical vulnerabilities to cyber-
unspecified
vulnerabilities attacks
cyber
vulnerabilities
52
APPENDIX A CODEBOOK
CC - poor Human users increasing system vulnerability by

Poor passwords
passwords setting weak passwords that are easy to guess
Threat subject
Non-state actors - A combination of non-state actors (non-state
- non-state -
multiple threat subjects)
multiple
The UK government is unable to ensure the
security of all public and private networks and
CC - gov cannot Government cannot
infrastructure through regulation without
defend alone defend UK alone
private sector bearing some responsibility for
increasing security voluntarily
CC - foreign Foreign
Foreign ownership of critical and non-critical
infra infrastructure
infrastructure
ownership ownership
Constitutive
conditions - Legislation too
Complexity of current legislative patchwork
legislation too complex
complex
CC - total
Total security 100% certainty of invulnerability to cyber-attack
security
impossible impossible to achieve
impossible
Insufficient co-operation between the UK
Lack of UK-EU
CC - LC - UK EU government and other EU Member-States or
cooperation
Institutions/agencies
Constitutive
conditions - old Current defence technology (both kinetic and
Outdated military
technology - cyber-capabilities) unprepared for modern
technology
military/defenc challenges/threats
e
Constitutive
conditions -
Rapid technological Difficulties keeping abreast of rapid pace of
fast
change technological development
technological
change
CC - poor Insufficient private-sector focus on or resource
Poor private-sector
private security allocation to cyber-security resilience,
security practice
practice monitoring and reporting
CC - LTK - Lack of technical Lack of relevant know-how and skills in
public sector knowledge - public governmental and publicly owned organisations
bodies sector bodies to ensure cyber-security
APPENDIX A CODEBOOK
Constitutive
conditions - Lack of technical
lack of knowledge - Lack of relevant know-how and skills in private-
technical businesses/private sector organisations to ensure cyber-security
knowledge - sector
businesses
Lack of relevant know-how and skills in
CC - LTK - Lack of technical
military/intelligence sectors to ensure cyber-
military knowledge - military
security of military systems
Constitutive
conditions -
Lack of capabilities -
lack of Lack of military “cyber-weapons”, offensive
military cyber-
capabilities - capabilities and defensive procedures/practices
defence/offence
military cyber
def/off
Constitutive
conditions -
lack of Lack of capabilities - Lack of appropriate and necessary legal powers
capabilities - legal enforcement for police, cyber-crime units and other
legal powers enforcement agencies
enforcement
powers
Constitutive
conditions - Lack of capabilities -
lack of traditional
Traditional/existing military defence capabilities
capabilities - capabilities
unable to deal with modern cyber-threats
traditional cap ineffective against
ineffective v cyber
cyber
Constitutive
conditions - Insufficient market Insufficient digital market regulation to secure
insufficient regulation public online economy
market
Constitutive
conditions - Lack of capabilities -
Insufficient focus on cyber-skills training in
lack of cyber skills in
national curriculum and higher
capabilities - national
education/vocational training schemes
education/skill education/training
s training
54
APPENDIX A CODEBOOK
Constitutive
conditions - Lack of cooperation UK co-operation bi- or
Lack of cooperation
lack of multilaterally or through international
- international
cooperation - organisations
internationally
Unspecified Unspecified Unspecified No referent object specified

Civilian -
political Political British political institutions or the political
institutions/pr institutions/process process (elections?
ocess
Civilian - All British businesses and private for-profit
Businesses
Businesses organisations
Civilian -
critical Critical British National Health Service as a part of the
infrastructure - infrastructure - NHS UK’s critical infrastructure
NHS
Civilian -
Personal privacy of citizens and personal data
personal Personal privacy
self-determination
privacy
Referent
Civilian - British
object Civilian British economy The British economy in general
economy
Civilian -
General citizen
general citizen Citizen or societal safety and order
safety
safety
Civilian -
Personal/individual economic well-being,
economic Economic wellbeing
financial security
wellbeing
Civilian -
Critical
critical
infrastructure - Unspecified UK critical infrastructure
infrastructure -
general
general
Civilian -
The UK “way of life”, democratic society, open
society/way of Society/way of life
political debate
life
APPENDIX A CODEBOOK
Civilian -
Critical
critical Telecommunications and information
infrastructure -
infrastructure - technology infrastructure as critical
information/teleco
information/tel infrastructure
ms
ecoms
Civilian -
Critical
critical Future transport infrastructure e.g.
infrastructure -
infrastructure - autonomous vehicles as critical infrastructure
transport
transport
Civilian - public Public Ability of public-sector bodies to perform state
sector/govt sector/government services more generally, e.g. ability of
functions functions parliament to meet
Civilian -
Public & private
public+private Combination of public and private organisations
organisations
organisations
Specifically small and medium-size enterprises
Civilian - SME SME
and the self-employed
International stability and order in the form of
State-level -
Rules-based an international system of interaction based on
rules-based int
international order an established consensus of acceptable state
order
behaviour
State-level - int International
International alliances/organisations such as
alliances/organ alliances/organisati
NATO or the EU
isations ons
Military/intellig
National defence Ability to successfully ensure national defence,
ence - defence
Military/stat systems e.g. nuclear deterrent
systems
e
Other - general
General invocation A general but explicit invocation of national
national
of national security security
security
Where defending national security was implied
Unspecified - by a combination of the debate context (e.g.
implicit Implicit national NATO, nuclear deterrent, defence) and the
national security speaker used security language such as
security “defend” or “protect” but without explicitly
saying “national security”
Unspecified Unspecified Unspecified No remedial measure specified
56
APPENDIX A CODEBOOK
General - ditch Retire the UK’s nuclear deterrent system

Ditch nuclear
nuclear
deterrent
deterrent
General - Maintain/renew the UK’s nuclear deterrent
maintain Maintain nuclear system
General nuclear deterrent
deterrent
Governing - Spending and measures already planned under
Existing government
government the 2016 National Cyber Security Strategy
spending under
spending under
NCSS
NCSS
Governing - Elevating cyber-capabilities to a high(er) priority
defence Cyber as defence in defence spending
spending spending priority
priority cyber
Governing - More extensive powers for police and law
Greater law
greater law enforcement agencies
enforcement
enforcement
powers
Remedial powers
measures General - General call to improve cyber-defence,
Improve general
improve cyber specifically mentioning the word “resilience”
cyber resilience
resilience
Governing - Increase national focus on cyber-skills training
Measures
increase focus Increase focus on in national curriculum, higher education and
governing
on cyber skills cyber skills training vocational training
constitutive
training
conditions
Governing - Maintain or increase EU-UK cooperation in the
Continued EU
continued EU future/after Brexit
cooperation
cooperation
Increase international cooperation on cyber-
Governing - int International
security through forums e.g. NATO, UN or
cooperation cooperation
greater US-UK cooperation
Governing - Greater public-private cooperation on improving
Public-private
public-private cyber-security of organisations and fostering
cooperation
cooperation innovation in cyber-security products
Mandatory annual audit of cyber-security
Governing - Private-sector cyber
practices and measures for private-sector
cyber audit audit
organisations
APPENDIX A CODEBOOK
Embed Improve cyber-security of public and private-

G - embed
cybersecurity in sector organisations through corporate culture
cybersec in org
organisational change and process ownership of employees
practice
practice
Develop Take steps to develop collaborative international
G - int tech
international minimum technical security standards for new
cyber
technical cyber digital technology
standards
standards
General - Do not sacrifice spending on conventional
Maintain strong
strong kinetic military capabilities in favour of cyber
conventional
conventional
defence force
defence force
Governing - Obligation for private-sector organisations to
company Company cyber report all incidents
breach breach reporting
reporting obligation
obligation
Governing - Increase dialogue and cooperation between
Increase public
public sector different public-sector bodies
sector cooperation
cooperation
G - high data High data Improve organisational data protection and
protec/sec protection/security security standards
standards standards
G - civilian Making cyber-security a high(er) civilian
more Cyber as civilian spending priority
spending/priori spending priority
ty
Increased cooperation with other states (non-
G - more state More state
urgent, longer policy horizon, governing
cooperation cooperation (M)
measure)
G - citizen Citizen Public awareness/information campaigns
info/education info/education
campaign campaign
Governing - Not spend wildly and impose unrealistic
Balance
balance obligations on the private sector in the name of
economy/security
economy/secur cyber-security
objectives
ity
G - more Broadcast more news media in the Russian
More British media
British media in language to provide alternative narratives to
in Russian
Russian Russian state media
58
APPENDIX A CODEBOOK
Governing - Greater private-sector investment in developing

Private sector
private sector new cyber-security products and innovation
investment
investment
G - minimum Legal requirements for minimum password
Minimum password
password standards
standards
standards
Broaden or increase NATO powers to better
G - increase Increase NATO
address cyber-threats (longer-term policy
NATO powers powers (m)
horizon, governing measure)
General - Consolidate and simplify legislation to increase
simplify/consol Simplify/consolidate clarity and certainty
idate legislation
legislation
Governing - Establish a deterrent against cyber-attacks
Establish cyber
cyber
deterrent
deterrence
Urgent - direct An urgent and direct response to specific forms
Direct cybercrime
cybercrime of cyber-crime
response (U)
response
Urgent - Impose international sanctions on offending
International
international party
sanctions
sanctions
Urgent - nat Respond to a cyber-attack as to an armed
National response
response as attack under international law
as armed attack
armed attack
Urgent - EU Coordinated sanctions or diplomatic response
EU
sanctions/resp through the EU
sanctions/response
Urgent onse
measures Urgent - NATO Coordinated sanctions, diplomatic or military
NATO response
response response through NATO
Urgent - Urgently and directly expand NATO powers to
Increase NATO
increase NATO address impending cyber-threat
powers (U)
powers
establish Make greater efforts to establish international
Urgent -
international cyber- attribution of cyber-attacks and enable
attribution
attack attribution appropriate response
Urgent -
improve Improve interstate
interstate relations
relations
APPENDIX A CODEBOOK
General Cyber-threat not specified

Unspecified
Unspecified cyberthreats -
cyber-threats
unspecified
Cybersecurity Cybersecurity as Cyber-security defined as data security
as data security data security
Channelling Cyber-security is a threat as it channels defence
Channelling funds
funds away spending away from underfunded conventional
away from
from military capabilities (therefore negative
conventional
conventional conception of cyber-security)
General
General A combination of different cyber-threats
General cyber-
cyberthreats -
threats – multiple
multiple
Cybersecurity Cyber-security as personal/individual privacy
Cybersecurity as
as personal
personal privacy
privacy
Cyberwar/confl Cyber-vulnerabilities of traditional military
Danger
ict - Cyber- systems and defence capabilities
descripti-
vulnerabilities vulnerabilities of
on
in traditional traditional
defence defence
capabilities
Cyberwar/confl A cyber-attack linked, though not necessarily
State-sponsored
ict - state cyber directly attributed to a state
cyber-attack
armed attack
Cyber-war Cyberwar/confl State-led An advanced and persistent cyber-attack by one
ict - international state on another leading to a state of
unspecified cyber conflict international conflict
Cyberwar/confl State-led cyber- An attack by one state on anther using a
ict - state cyber and kinetic combination of cyber and conventional
+ kinetic action attack capabilities
General - Cyber-space as a new sphere for traditional
Cyberspace as
cyberspace geopolitical/military rivalries and conflicts
new sphere of
new sphere
conflict
conflict
60
APPENDIX A CODEBOOK
General Cyber-threats classified as a tier-1 threat to UK

cyberthreats - national security
Cyber tier 1
cyber as tier 1
national security
threat to UK
threat
national
security
General Asymmetric nature of cyber-threats (e.g.
cyberthreats - Asymmetric individuals vs. states)
asymmetric cyber-threat
threat
Cybercrime - Unspecified type of cyber-crime
Unspecified
unspecified
cyber-crime
cybercrime
Cybercrime - Unspecified cyber-crime explicitly for economic
General
general gain
economic cyber-
economic
crime
cybercrime
Cybercrime Cyber-crime for economic gain committed
Economic cyber-
against against individual citizens
crime -
individuals for
individuals
Cyber-crime economic gain
Cybercrime - Cyber-threats as the theft of personal,
Cybersecurity as
cybersecurity commercial or governmental information/data
data security
as data security
Cybercrime - Individual identity theft
Identity theft
identity theft
Cybercrime Cyber-crime for economic gain against private or
against Economic cyber- public-sector organisations
organisations crime -
for economic organisations
gain
Int/disr attacks Attacks on Attacks on political institutions intending to
on political political disrupt politics
institutions institutions
Cyber-
Int/disr - Attacks or interference intending to steal
interference Espionage
espioniage sensitive information
/disruption
Int/disr - Cyber-actions influencing public opinion or
Mis/disinformati
mis/disinforma spreading certain narratives intending to sow
on
tion societal instability
APPENDIX A CODEBOOK
Int/disr - Unspecified attacks intending to disrupt

General
general
disruptive
disruptive
attacks
attacks
Cyberinterfere Cyber-actions leading up to elections intending
nce/disruption Election to influence the outcome of the election
- election meddling
meddling
Cyber- Cyberterrorism Cyber-actions aiming to spread fear for public
Cyberterrorism safety and cause damage
terrorism - general
62
APPENDIX B RESULTS
Appendix B Results
Danger Descriptions
Danger Description Count

Unspecified cyber-threats 103
Economic cyber-crime - individuals 8
Channelling funds away from conventional 8
Espionage 7
General cyberthreats – multiple 7
Attacks on political institutions 6
Cyber tier 1 national security threat 5
Cyberspace as new sphere of conflict 5
Asymmetric cyber-threat 3
Cybersecurity as personal privacy 3
Cyberterrorism 3
Identity theft 1
Grand Total 394
APPENDIX B RESULTS
Danger Descriptions

0 10 20 30 40
Frequency
Figure 5 All Danger Description codes with frequency>10
64
APPENDIX B RESULTS
Harm Enablers
Harm Enablers Count
Russia 103
Unspecified 79
Criminals 43
Outdated military technology 19
Unspecified state(s) 17
Rapid technological change 13
State + non-state combination 12
Lack of technical knowledge - businesses/private sector 9
Poor private-sector security practice 9
Lack of technical knowledge - public sector bodies 9
China 8
North Korea 7
Lack of technical knowledge - military 7
Lack of capabilities - military cyber-defence/offence 7
Lack of capabilities - legal enforcement powers 6
Lack of capabilities - traditional capabilities ineffective against cyber 6
Unspecified threat subject 5
Insufficient market regulation 5
Lack of capabilities - cyber skills in national education/training 5
Terrorists 4
Lack of business-government cooperation 3
Lack of cooperation - international 3
Poor passwords 2
Unspecified cyber vulnerabilities 2
Non-state actors - multiple 2
Hackers 2
Government cannot defend UK alone 2
Legislation too complex 1
Daesh/ISIS/ISIL 1
Total security impossible 1
Lack of UK-EU cooperation 1
Foreign infrastructure ownership 1
Grand Total 394
APPENDIX B RESULTS
State vs Non-state Harm Enablers

45
40
35
30
25
Frequency
20
15
10
5
0
State Non-state
66
APPENDIX B RESULTS
APPENDIX B RESULTS
Harm Enablers: Constitutive Conditions

20 19
18
16
14 13
12
Frequency
10 9 9 9
8 7 7
6 6
6 5 5
4 3 3
2 2 2
2 1 1 1 1
0
Harm Enablers: Threat Subjects

100 103
90
80
70
Frequency
60
50 43
40
30
20 17 12
10 8 7 5 4 2 2 1
0
Figure 2 All threat subjects coded in the Harm Enablers category.
68
APPENDIX B RESULTS
Referent Objects
Referent Objects Count

General invocation of national security 86
Unspecified 57
Implicit national security 53
Political institutions/process 32
Businesses 27
Critical infrastructure - general 19
Critical infrastructure - NHS 17
National defence systems 17
Personal privacy 16
British economy 13
General citizen safety 12
Economic wellbeing 12
Critical infrastructure - information/telecoms 7
Rules-based international order 6
Critical infrastructure - transport 6
Public sector/government functions 4
Public & private organisations 4
International alliances/organisations 4
SME 2
Grand Total 394
APPENDIX B RESULTS
Civilian/Domestic Referent Objects Count

Civilian - political institutions/process 32
Civilian - Businesses 27
Civilian - critical infrastructure - NHS 17
Civilian - personal privacy 16
Civilian - British economy 13
Civilian - general citizen safety 12
Civilian - economic wellbeing 12
Civilian - critical infrastructure - general 11
Civilian - society/way of life 8
Civilian - critical infrastructure - information/telecoms7
Civilian - critical infrastructure - transport 6
Civilian - public+private organisations 4
Civilian - public sector/govt functions 4
Civilian - SME 2
Total 171
Military/State Referent Objects Count

General invocation of national security 86
Implicit national security 53
Military/intelligence - defence systems 17
State-level - rules-based int order 6
State-level - int alliances/organisations 4
Total 166
70
APPENDIX B RESULTS
Referent Objects
139
140
120
100
Frequency
80
60
32 27
40 19 17 17 16 13 12 12
20 7 6 6 4 4 4 2
0
Remedial Measures
Referent Objects - Grouped

139
140
120
100
80 54
60 49 46
Frequency
40 17
20
0
APPENDIX B RESULTS
Remedial Measures Count

Unspecified 174
Private-sector cyber audit 7
Maintain nuclear deterrent 5
Embed cybersecurity in organisational practice 5
Increase NATO powers (U) 4
Maintain strong conventional defence force 4
Company cyber breach reporting obligation 4
Develop international technical cyber standards 4
Ditch nuclear deterrent 3
Increase public sector cooperation 3
establish international cyber-attack attribution 3
Cyber as civilian spending priority 3
High data protection/security standards 3
Improve interstate relations 3
National response as armed attack 2
Private sector investment 2
NATO response 2
International sanctions 2
Minimum password standards 2
EU sanctions/response 2
Citizen info/education campaign 1
Establish cyber deterrent 1
Increase NATO powers (G) 1
Direct cybercrime response (U) 1
Simplify/consolidate legislation 1
Balance economy/security objectives 1
More British media in Russian 1
More state cooperation (G) 1
Grand Total 394
72
APPENDIX B RESULTS
Remedial Measures
0 5 10 15 20 25 30
Frequency
APPENDIX B RESULTS
Most Common Harm Enablers

Russia North Korea China Criminals Outdated Military Technology
35
30
25
FREQUENCY
20
15
10
Figure 7 Timeline of utterances of the five most common Harm Enablers.
Most Common Referent Objects

National Security Critical Infrastructure Political Institutions/Process Businesses
35
30
25
Frequency
20
15
10
Figure 8 Timeline of utterances of the four most common Referent Objects
74
APPENDIX C FRAMES
Appendix C Frames
War Frame 105 203 27 68 403
Russia 103 103
Cyber-vulnerabilities of traditional defence 27 27
Cyber as defence spending priority 25 25
State-sponsored cyber-attack 25 25
State-led international cyber conflict 19 19
Outdated military technology 19 19
Unspecified state(s) 17 17
National defence systems 17 17
State-led cyber- and kinetic attack 13 13
State + non-state combination 12 12
International cooperation 12 12
China 8 8
Channelling funds away from conventional 8 8
Lack of capabilities - military cyber-defence/offence 7 7
Lack of technical knowledge - military 7 7
North Korea 7 7
Rules-based international order 6 6
Lack of capabilities - traditional capabilities
ineffective against cyber 6 6
Cyberspace as new sphere of conflict 5 5
Maintain nuclear deterrent 5 5
Cyber tier 1 national security threat 5 5
Unspecified threat subject 5 5
International alliances/organisations 4 4
Increase NATO powers (U) 4 4
Terrorists 4 4
Maintain strong conventional defence force 4 4
Improve interstate relations 3 3
Ditch nuclear deterrent 3 3
Asymmetric cyber-threat 3 3
establish international cyber-attack attribution 3 3
NATO response 2 2
Hackers 2 2
Government cannot defend UK alone 2 2
National response as armed attack 2 2
International sanctions 2 2
Non-state actors - multiple 2 2
More state cooperation (M) 1 1
Total security impossible 1 1
Daesh/ISIS/ISIL 1 1
Increase NATO powers (m) 1 1
Establish cyber deterrent 1 1
APPENDIX C FRAMES
Crime Frame 99 79 74 68 320

Criminals 43 43
Cybersecurity as data security 35 35
Businesses 27 27
Greater law enforcement powers 24 24
Unspecified cyber-crime 20 20
Economic cyber-crime - organisations 19 19
Personal privacy 16 16
Continued EU cooperation 14 14
British economy 13 13
General economic cyber-crime 13 13
Economic wellbeing 12 12
Public-private cooperation 11 11
Lack of technical knowledge - public sector bodies 9 9
Poor private-sector security practice 9 9
Economic cyber-crime - individuals 8 8
Lack of capabilities - legal enforcement powers 6 6
Insufficient market regulation 5 5
Company cyber breach reporting obligation 4 4
Public & private organisations 4 4
Develop international technical cyber standards 4 4
Cybersecurity as personal privacy 3 3
Lack of business-government cooperation 3 3
Increase public sector cooperation 3 3
High data protection/security standards 3 3
Poor passwords 2 2
SME 2 2
Minimum password standards 2 2
Simplify/consolidate legislation 1 1
Legislation too complex 1 1
Citizen info/education campaign 1 1
Lack of UK-EU cooperation 1 1
Direct cybercrime response (U) 1 1
Identity theft 1 1
Political institutions/process 32 32
Election meddling 23 23
General disruptive attacks 22 22
Mis/disinformation 19 19
Espionage 7 7
Critical infrastructure - transport 6 6
Attacks on political institutions 6 6
More British media in Russian 1 1
Foreign infrastructure ownership 1 1
Grand Total 281 283 139 137 840
76
APPENDIX C FRAMES
Codes by Frame
450
400 27
350
Cumulative Code Frequency
55
13 Referent Objects
300
42 74
250 Remedial Measures - Governing
200 67 Remedial Measures - Urgent

161 1
150 36 Harm Enablers - Const. Conditions
43 1
Harm Enablers - Threat Subjects
100 38 0
1 Danger Descriptions
50 105 99 77 0
0
War Crime Interference
Frame
Figure 9 Code frequency by category for each frame

War Frame 105 203 27 68 403
Crime Frame 99 79 74 68 320
Grand Total 281 283 139 137 840
Figure 10 Sum of code frequency by category for each frame
Count of Codes by Frame

War Frame 8 16 3 14 41
Crime Frame 7 9 6 11 33
Grand Total 20 26 11 26 83
Figure 11 Count of the number of distinct codes assigned to each frame by category
APPENDIX C FRAMES
Sum of Code Frequency by Theme

War Frame 105 203 27 68 403
Constitutive Conditions 42 42
Cyber-war 105 105
Governing 55 55
State/military 27 27
Threat Subject 161 161
Urgent 13 13
Crime Frame 99 79 74 68 320
Civilian 74 74
Cyber-crime 99 99
Governing 67 67
Threat Subject 43 43
Urgent 1 1
Civilian 38 38
Cyber-interference 77 77
Governing 1 1
Grand Total 281 283 139 137 840
Overlapping codes Count Category Theme

General invocation of national security 86 RO State/military
Implicit national security 53 RO State/military
Improve cyber resilience 22 RM Governing
Increase focus on cyber skills training 21 RM Governing
Critical infrastructure - general 19 RO Civilian
Critical infrastructure - NHS 17 RO Civilian
General citizen safety 12 RO Civilian
Economic wellbeing 12 RO Civilian
Private-sector cyber audit 7 RM Governing
Critical infrastructure - information/telecoms 7 RO Civilian
Embed cybersecurity in organisational practice 5 RM Governing
Lack of capabilities - cyber skills in national education/training
5 HE Governing
Public sector/government functions 4 RO Civilian
Cyber as civilian spending priority 3 RM Governing
EU sanctions/response 2 RM Governing
Overlapping codes not included in quantitative frame analysis
78
APPENDIX C FRAMES
Unassigned codes Count Category

Unspecified 79 HE
Rapid technological change 13 HE
Lack of technical knowledge - businesses/private sector 9 HE
Insufficient market regulation 5 HE
Lack of cooperation - international 3 HE
Unspecified cyber vulnerabilities 2 HE
Unspecified 57 RO
Unspecified cyber-threats 103 DD
General cyberthreats – multiple 7 DD
Cyberterrorism 3 DD
Unspecified 174 RM
Existing government spending under NCSS 20 RM
Private sector investment 2 RM
Balance economy/security objectives 1 RM
Codes not assigned to any frame, not included in quantitative frame analysis
APPENDIX D SECURITISING AND
RISKIFYING MOVES
Appendix D Securitising and Riskifying

Moves
Securitising Moves
Securitising move 1 Luke Pollard, Labour/Co-op, NATO Commons debate

“NATO needs to be flexible and adaptable […it] does not seem able to cope with
understanding how hybrid warfare and online and cyber-threats face us as an al-
liance, and it needs to. We know that there is increased Russian activity threaten-
ing the alliance. We know that there is a very real risk of Russian cyber-attacks
in the UK, and there have been such attacks on our NATO allies. However, arti-
cle 5 has not been triggered, which means that we are in this limbo land, where
the Russians are getting away with these things, but if we were using the tactics
prevalent 100 years ago, they would have been in a conflict. We need to under-
stand that threat.”
(Hansard, 20 June
2018, col 428)
Securitising move 2 Alan Mak, Conservative, Investigatory Powers Bill Commons

debate I
“However, my remarks will focus on a new, growing and specific threat: eco-
nomic cybercrime carried out over the internet. The internet…has also become a
means of carrying out economic attack and espionage and of causing harm... the
National Security Council was right to categorise cyber-attacks as a tier 1 threat
to national security…every British company and every British computer network
is at risk. […] [T]he threat is real and growing […we must] protect our economy
from that growing threat. […] [C]ybercrime costs the British economy £34 billion
per year, including £18 billion from lost revenue. Cybercrime includes a broad
range of offences, from phishing for personal and financial information, to indus-
trial espionage, where businesses´ intellectual property is stolen, to the disruption
of this country´s critical national infrastructure, such as our banks and defence fa-
cilities. The threats come from a wide range of actors: hostile nation states, cross-
border crime syndicates, company insiders and so-called hacktivists. Those threats
are growing and very real, and the Bill therefore gives the police and our security
services the vital tools they need to fight back in the digital age, from intercept-
ing data to interfering with computer equipment. […]The powers in the Bill will
help to prevent and detect similar episodes in the future, keeping our economy
secure.”
(Hansard, 15 March
2016, col 895-896)
80
APPENDIX D SECURITISING AND RISKIFYING MOVES
Riskifying Moves
Riskifying move 1 Earl of Selborne, Conservative, Connected and Autonomous Ve-

hicles Lords debate
“We took evidence on the risks that CAV could be susceptible to hacking and used
for malicious, criminal or terrorist purposes. This is a very real threat, which
calls for collaboration to establish international standards of cybersecurity, and
we urge the Government to take a lead on this. International standards are
needed to address the ethical issues, such as ensuring that the data produced by
CAV comply with the relevant privacy and data protection legislation. The an-
nouncement in the White Paper of funding for a new centre for data ethics and in-
novation is welcome.”
(Hansard, 20 De-
cember 2017, col 2180)
Riskifying move 2 Stephen Hammond, Conservative, Investigatory Powers Bill

Commons debate I
“Investigatory powers are clearly […] essential in the fight against economic cy-
bercrime, which is what I want to touch on now. Overall, crime in the UK has
been falling, but behind that has been an ever-increasing threat from cybercrime.
Some 12% of European internet users have had their social media, email or pay-
ment systems hacked, and 7% have been victims of credit card or banking fraud
online. Recently, we have seen sensitive data stolen from companies and the tar-
geting of private payment systems and financial institutions’ websites. […] The
Opposition need to rethink their comments about economic wellbeing. […] Inter-
ference in a banking system might cause difficulties for one or many of our constit-
uents, and although it might not be as directly injurious to them as a bomb, surely
a threat to our banking system and people’s personal financial security is a
threat to them and more generally to our national security.”
(Hansard, 15 March
2016, col 883)
Riskifying move 3 Sir Simon Burns, Conservative, Investigatory Powers Bill Com-
mons debate II
“We must ensure that the powers that we give to our police and security agencies
[…] are also fit for purpose. Terrorists and other threats to my constituents’
safety are constantly evolving and adapting their techniques to trump the safety
system. They do not want to get caught, they want to catch us out, and that is why
we must be prepared to adapt our rules to keep pace with technology. We cannot
use an analogue approach to tackling criminals in a digital age. Such an atti-
tude just is not safe, and I am not prepared to go back to Chelmsford and explain
to my constituents there and in Great Baddow, Chelmer Village, Beaulieu Park
and Old Moulsham that I was not prepared to support measures designed to make
APPENDIX D SECURITISING AND
RISKIFYING MOVES
them all more secure. […] [W]e need these proposals […] to help our police and
security agencies to better identify the internet activity of potential threats, and
indeed victims of crime, so they can do their jobs more quickly and effectively.
[…] The Bill is about protecting those rights – the right to be irreverent or to dis-
agree, the right to surf the net without being at risk from those who would do us
harm. The Government […] have considered carefully, and we should be careful
not to assume that our police and security agencies do not need these powers as
amended, with the new safeguards that have been promised today.”
(Hansard, 20 De-
cember 2017, col 2180)
Riskifying move 4 Baroness Jones of Whitchurch, Labour, Digital Economy Bill

Lords debate
“We welcome the amendments, which would begin to address some of our con-
cerns, by putting a straightforward obligation on companies to prepare a cyberse-
curity report each year, detailing the measures being taken to ensure that data are
being kept safely. It is a simple ask, and it should not really be necessary, but the
all too frequent security breaches taking place underline why a legal require-
ment has to be imposed. An Institute of Directors report last year showed that
companies tend to keep quiet when there has been a security breach. As a result,
there are no accurate figures on the extent of this crime, or the extent to which
companies are being held to ransom. A survey of business leaders found that only
half had a formal strategy in place to protect themselves and just 20% held insur-
ance against an attack. Yet we also know that companies are also losing confi-
dence in their encryption systems, their staff capabilities and awareness and the
ability of their software to withstand a deliberate assault.”
(Hansard, 06 Febru-
ary 2017, col 1561)
Riskifying move 5 Lord Arbuthnot of Edrom, Conservative, Digital Economy Bill

Lords debate
“In view of the existential nature of our reliance on cyber nowadays, I therefore
suggest that we need to go further. Consumers, investors, executives and govern-
ment alike all need confidence that businesses are taking appropriate steps to
safeguard their data and their IT systems – and those of their supply chains as
well – from malicious activity. So, I have decided to be helpful. I propose these
amendments, which introduce the notion of a cyber audit. […] Everyone is now
accepting of, and accustomed to, the notion of external independent financial au-
dits, which have become the norm throughout the world. I believe that a similar
approach now needs to be followed in relation to cybersecurity. My suggestion is
that we should undertake cyber audits – perhaps as part of financial audits, or
perhaps separately, it does not really matter. Those audits could be based on
standards that could be evolved by industry, rather than by government, because
government legislation never manages to keep up with the astonishing pace of
technological change. […] So if we did this and went for cyber audits, we could
gradually begin to address the issue of cybersecurity, so that over time no longer
would it create quite the existential threat that it does now.”
82
APPENDIX D SECURITISING AND RISKIFYING MOVES
(Hansard, 06 Febru-
ary 2017, col 1559-60)
APPENDIX E SAMPLED DOCUMENTS
Appendix E Sampled Documents
Documents by Parliamentary House

Lords, 6
Commons,
53
Count of Document Type

18 17
16
16
14
12
10
8
8
6 5 5
4
2
2 1 1 1 1 1 1
0
84
List of Documents
Date Document Chamber Statements

15 March 2016 Debate: Investigatory Powers Bill Commons 10
06 June 2016 Bill: Investigatory Powers Commons 4
13 June 2016 Oral Questions: Cybercrime Commons 5
Select Committee Statement: Select Committee on Defence:
07 July 2016 Commons
Russia implications for UK Defence and Security 1
13 July 2016 Debate: Defence: Continuous At-Sea Deterrent Lords 7
18 July 2016 Debate: UK's Nuclear Deterrent Commons 20
08 September 2016 Debate: Fourth Industrial Revolution Commons 3
13 September 2016 Bill: Digital Economy Bill Commons 2
18 October 2016 Question for Short Debate: Brexit: Peace and Stability Lords 2
27 October 2016 Business of the House Commons 3
08 December 2016 Debate: Brexit: Armed Forces and Diplomatic Service Lords 8
19 December 2016 Debate: European Council 2016 Commons 3
Debate: Leaving the EU: Security, Law Enforcement and Criminal
18 January 2017 Commons
Justice 4
06 February 2017 Committee debate?: Digital Economy Bill Lords 8
21 February 2017 Debate: Criminal Finances Bill Commons 1
06 March 2017 Oral Question: Topical Questions Commons 5
22 March 2017 Oral Question: Cyber-security Commons 3
30 March 2017 Business of the House Commons 1
22 June 2017 Debate: Queen's speech cont Lords 7
26 June 2017 Statement: Speaker’s Statement Commons 1
26 June 2017 Debate: Queen's speech Lords 2
29 June 2017 Oral Question: Digital Infrastructure Commons 2
05 July 2017 Oral Question: Cyber-security Commons 7
10 July 2017 Debate: G20 Commons 2
13 July 2017 Question for Short Debate: Korean Peninsula Lords 3
05 September 2017 Oral Question: Cyber-crime Commons 5
12 October 2017 Debate: Leaving the EU: Data Protection Commons 7
23 October 2017 Debate: Automated and Electric Vehicles Bill Commons 3
16 November 2017 Oral Question: Cyber Attacks Commons 6
22 November 2017 Oral Question: Public Sector Cyber-security Commons 7
27 November 2017 Oral Question: Cyber-Warfare Defence Commons 8
Debate: Connected and Autonomous Vehicles (Science and
20 December 2017 Lords
Technology Report) 4
21 December 2017 Debate: Independent Complaints and Grievance Policy Commons 1
08 January 2018 Oral Question: Cyber-crime Commons 4

11 January 2018 Debate: Defence Commons 16
18 January 2018 Debate: Defence Review Lords 3
24 January 2018 Westminster Hall: British Armed Forces: Size and Strength Commons 4
29 January 2018 Question for Short Debate: Russia Lords 11
31 January 2018 Oral Question: Engagements Commons 4
20 February 2018 Question for Short Debate: Nuclear Weapons Lords 2
05 March 2018 Cyber-attack Protection Commons 5
12 March 2018 Debate: Salisbury Incident Commons 9
26 March 2018 Debate: National Security and Russia Commons 29
28 March 2018 Debate: Police Funding Commons 4
18 April 2018 Westminster Hall: UK Digital and Tech Industries Commons 5
23 April 2018 Oral Question: Russian Military Activity Commons 1
24 April 2018 Grand committee: Smart Meters Bill Lords 7
02 May 2018 Question: NHS: Cybersecurity Lords 6
04 June 2018 Oral Question: Cyber-attacks Commons 4
20 June 2018 Debate: NATO Commons 27
02 July 2018 Debate: June European Council Commons 2
03 July 2018 Westminster Hall: UK-Israel Trade Commons 2
09 July 2018 Oral Question: Cyber-attacks Commons 3
16 July 2018 Debate: NATO Brussels Summit 2018 Lords 5
05 September 2018 Debate: Salisbury Update Commons 5
06 September 2018 Debate: NHS: Healthcare Data Lords 3
18 October 2018 Debate: Cyber Threats Lords 69
22 October 2018 Debate: October EU Council Commons 3
14 November 2018 Oral Question: Cyber-security Commons 6
86
Timeline of Statement Frequency

80
70
Statement Frequency
60
50
40
30
20
10
0

Ed McDonald MA - Thesis - Cyber-Threat - Framing - in - UK - Discourse

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ed McDonald MA - Thesis - Cyber-Threat - Framing - in - UK - Discourse

Uploaded by

Copyright:

Available Formats

FACULTY OF SOCIAL STUDIES

Energy Security in the

Supervisor: Mgr. Lukáš Lehotský, Ph.D.

Department of International Relations and European

Author: Edward McDonald

While rapid digitisation of electricity grids, critical infrastructure and in-

26 May 2019, Brno

I acknowledge the irreparable contribution that my parents, Linda and

List of Tables and Figures 7

List of Abbreviations and Acronyms 8

5 Results and Observations 25

5.1 Dominant codes (RQ1) 25

5.2 Dominant frames (RQ2) 31

5.3 Securitising and riskifying moves (RQ3) 35

6 Interpretation and Discussion 40

Appendix D Securitising and Riskifying Moves 80

Appendix E Sampled Documents 84

List of Tables and Figures

List of Abbreviations and Acronyms

The information revolution has engendered “two types of power shifts

Although voluminous literature exists on the independent fields of fram-

Many authors have noted “that a combination of persistent computer

Addressing securitisation in cyber-threat framing, Hansen & Nissen-

ter due to reliance on and the interconnected nature of computer net-

Substantive content analysis of cyber-threat framing and securitisation

Several authors have substantively reviewed the cyber-security

This research draws on framing theory to explain how cyber-threats

Framing has long been recognised as a process of negotiating the mean-

[s]electing and highlighting some facets of events or is-

Entman’s framing landscape consists of a “communicator, […]text, […]re-

measures that are exceptional (thus requiring audience acceptance) and

Finally, having established this conception of securitisation theory,

the existence of certain conditions that are conducive to the infliction of

This research aims to establish how cyber-threats have been framed in

RQ2: What frames dominated British political discourse on cyber-

RQ3: Can any securitising moves or riskifying moves be observed

Entman’s “communicator, […]text, […]receiver and […]culture” (2004,

these identified internal constitutive conditions over a longer policy hori-

4.2 Case definition

The UK provides an interesting case study as a populous and culturally

The Parliamentary Archives and Parliament website publish official

4.3 Case selection & data collection

The research questions are answered by analysing British Parliamentary

This research performs qualitative data analysis, employing several cod-

5 Results and Observations

Detailed tables of results are presented in Appendix B. This section pre-

5.1 Dominant codes (RQ1)

Harm Enablers: Threat Subjects

Figure 1 All threat subjects coded in the Harm Enablers category.

Harm Enablers: Constitutive Conditions

Figure 2 All consitutive conditions coded in the Harm Enablers category.

Referent Objects - Grouped

Figure 3 Referent Objects combined into groups.

Economic comprises codes Businesses, British economy, Economic wellbeing, SME.

Figure 4 All specified Referent Objects. Unspecified=57.

In contrast to these clear results, the categories Danger Description and

General economic cyber-crime 13

Figure 6 All Remedial Measures codes with frequency>10

Most Common Harm Enablers

Figure 7 Timeline of utterances of the five most common Harm Enablers.

Most Common Referent Objects

Figure 8 Timeline of utterances of the four most common Referent Objects

5.2 Dominant Frames (RQ2)