Desecuritising cybersecurity: towards a societal approach
Permanent link to Research Commons versionhttps://hdl.handle.net/10289/15368
Cybersecurity is often treated as a national security issue with responses to attacks implemented by military and intelligence agencies. This has created path dependencies in which tensions between the private sector and government have continued, where over-classification of cyberthreats has occurred, and where the broader societal impacts of malicious use of the internet have been underestimated. Drawing on the societal security concept established by the Copenhagen School of International Relations, we seek to reframe cybersecurity theory and policy. In the first section of the article we establish a theoretical approach to cybersecurity that emphasises the impact of cyberattacks on society, including on the health, energy and transport sectors. The second section draws on the history of cyberconflict to assess the ways the internet has been used to exacerbate societal tensions between identity groups and to create incohesion and societal security dilemmas. This section reinterprets the way the Kosovo War, Millennium (Y2 K) Bug, 9/11 and the WannaCry incident shaped and reflected cyber policy. The final section explores how a process of cyber desecuritisation might be achieved, including through discursive change and an enhanced role for the societal sector in the event of major cyberattacks.
Informa UK Limited
© 2020 The Author(s). Published by Informa UK Limited, trading as Taylor & Francis Group This is an Open Access article distributed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives License (http://creativecommons.org/licenses/by-nc-nd/4.0/), which permits non-commercial re-use, distribution, and reproduction in any medium, provided the original work is properly cited, and is not altered, transformed, or built upon in any way.