Cyber Security

by

Hannes Ebert, Tim Maurer

• LAST REVIEWED: 07 July 2020
• LAST MODIFIED: 11 January 2017
• DOI: 10.1093/obo/9780199743292-0196

Introduction

The Internet has expanded rapidly since its commercialization in the mid-1990s. In the early 21st century, a third of the world’s population has access to the technology, with another 1.5 billion expected to gain access by 2020. Moreover, the “Internet of Things” will lead to an exponential number of devices being connected to the network. As a result, the economic and political incentives to exploit the network for malicious purposes have also increased, and cybersecurity has reached head-of-state-level attention. In parallel, publications on the topic by academic, policy, industry, and military institutions have multiplied. Scholars within the international relations (IR) discipline and its subfields of security studies and strategic studies increasingly focus on the technology’s implications on national and international security. This includes studying its effect on related concepts such as power, sovereignty, global governance, and securitization. Meanwhile, the meaning of cybersecurity and information security has been highly contested. Broad definitions of the concept incorporate a wide range of cyberthreats and cyberrisks, including cyberwarfare, cyberconflict, cyberterrorism, cybercrime, and cyberespionage as well as cybercontent, while narrower conceptualizations focus on the more technical aspects relating to network and computer security. This article focuses on cybersecurity in the IR context from the perspective of political conflict, including the scholarship on cyberwarfare, cyberconflict, and cyberterrorism. The literature on cybercrime deserves a stand-alone article, as does cyberespionage from the perspective of surveillance and intelligence activities. This article references only a few publications from the latter two categories as they relate to cyberconflict. While scholars take the technology’s implications for international security increasingly seriously, they continue to disagree about the level and nature of threat and the appropriate policy responses that governments and other stakeholders should adopt. States also have very different perspectives on cyberspace and its appropriate use, with an increasing number developing offensive cybercapabilities. Cybersecurity has become an integral part of governments’ national defense and foreign and security policies and doctrines, contributing to the construction of cybersecurity as a new domain of warfare. Efforts to develop rules of the road for cyberspace focus on the applicability of existing international law, potential gaps, the development of norms, confidence-building measures, and postulating deterrence postures. As a consequence, a cybersecurity regime complex has evolved, encompassing multiple regional and international institutions that play pivotal roles in shaping policy responses. This article offers a selective list of relevant literature. The coauthors would like to thank the experts in China, India, Russia, Switzerland, and the United States who responded to their request to share their top-ten most relevant cybersecurity publications. The coauthors incorporated this feedback in their process for developing this article to reduce bias and to include international perspectives on the most-relevant English-language literature.

General Overviews

Since 2007, a number of in-depth, book-length studies have been published that build on the largely conceptual and hypothetical literature of the 1990s on information security and its evolution and focus on cybersecurity. There had been a noteworthy gap and shift in the literature following the 9/11 terrorist attacks, until the high-profile cyberincidents toward the end of the first decade of the 21st century reignited interest and scholarship on cybersecurity. Singer and Friedman 2014 offers a highly accessible introduction to definitions, relevance, and policies of cybersecurity. Segal 2016 describes how the expansion of the Internet reshapes traditional forms and rules of international power struggles more broadly and ushers in a new era of geopolitics. The history of this development is the focus of a strategic dossier compiled by the London-based International Institute for Strategic Studies (Tikk-Ringas 2015), detailing the technology’s evolution and political implications starting with the 1950s. Healey 2013, a historical account of cyberconflict, argues that the first cyberincident occurred in 1986, and it deduces lessons from ten major incidents that followed thereafter for early-21st-century cybersecurity debates. The limitations and benefits of various historical analogies to other military domains for understanding and improving cybersecurity are discussed extensively in Goldman and Arquilla 2014. In-depth discussions of the implications of cybersecurity include Libicki 2007, with Kramer, et al. 2009 providing a strategic framework for US cybersecurity policymaking. Clark, et al. 2014 presents a comprehensive catalogue of relevant research and policy questions informed by the authors’ technical expertise.

• Clark, David, Thomas Berson, and Herbert Lin, eds. At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues. Washington, DC: National Academic Press, 2014.

  Reviews key cybersecurity policy challenges from a technically informed perspective of three leading scholars at the nexus of information technology and policy. Fully readable and highly accessible online.

• Goldman, Emily O., and John Arquilla, eds. Cyber Analogies. Monterey, CA: Naval Postgraduate School, 2014.

  Edited volume sponsored by the US Cyber Command assessing the value of historical and cross-domain analogies, ranging from military surprise attacks and nuclear planning to economic warfare, air defense, and offense-defense balances. Fascinating testimony of how analysts and practitioners seek to understand and solve problems in a nascent, understudied area perceived as vitally important.

• Healey, Jason, ed. A Fierce Domain: Conflict in Cyberspace, 1986 to 2012. Vienna: Cyber Conflict Studies Association, 2013.

  One of the first comprehensive historical accounts of cyberconflict, written from the practitioner’s perspective of a former member of the US Air Force. The edited volume includes systematic analyses of ten case studies of important cyberconflicts between 1986 and 2012.

• Kramer, Franklin D., Stuart H. Starr, and Larry Wentz, eds. Cyberpower and National Security. Washington, DC: Potomac, 2009.

  This comprehensive edited volume develops conceptual policy recommendations for how the US government should strategically use cyberpower to enhance its national and security interests. Key compendium of US military, scholarly, and industry voices on a broad range of policy issues.

• Libicki, Martin C. Conquest in Cyberspace: National Security and Information Warfare. Cambridge, UK: Cambridge University Press, 2007.

  DOI: 10.1017/CBO9780511804250

  An early and important analysis of the prospects for information warfare. The author contends that threats to information systems, including in the areas of defense and command and control, are exaggerated, since control over these is difficult to sustain.

• Segal, Adam. The Hacked World Order: How Nations Fight, Trade, Maneuver, and Manipulate in the Digital Age. New York: PublicAffairs, 2016.

  A nonalarmist account of how cyberconflict and competition evolve internationally, written by a China expert. Argues that cyberattacks pose less of a threat of bodily harm but more to infrastructures such as financial institutions, power grids, and security networks and that the post-pax digital Americana order will once again be dominated by geopolitical maneuvers.

• Singer, Peter W., and Allan Friedman. Cybersecurity and Cyberwar: What Everyone Needs to Know. What Everyone Needs to Know. Oxford: Oxford University Press, 2014.

  Highly readable, informative, and accessible entry point, with its own website providing a detailed table of contents and discussion questions. Explores “How It All Works,” “Why It Matters,” and “What Can We Do?” Contends that transnational cyberthreats increasingly undermine the prospects for effective international cooperation, which requires building more-resilient systems.

• Tikk-Ringas, Eneken, ed. Evolution of the Cyber Domain: The Implications for National and Global Security. London: Routledge, 2015.

  This comprehensive historical analysis illustrates key developments and trends shaping cybersecurity since the inception of computer networking in the 1950s. Dedicates separate chapters to each decade as well as to the themes of Internet governance, normative approaches to cybersecurity, intelligence, and military affairs. Attaches appendixes on international instruments and standards.