See

discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/233310365

Cyber-Terror—Looming Threat or Phantom

Menace? The Framing of the US Cyber-Threat
Debate

Article in Journal of Information Technology & Politics · April 2008

DOI: 10.1300/J516v04n01_03

CITATIONS READS

32 175

1 author:

Myriam Dunn Cavelty

ETH Zurich
50 PUBLICATIONS 376 CITATIONS

SEE PROFILE

All content following this page was uploaded by Myriam Dunn Cavelty on 13 October 2014.

The user has requested enhancement of the downloaded file.

 Cyber-Terror–
Looming Threat or Phantom Menace?
The Framing of the US Cyber-Threat Debate
Myriam Dunn Cavelty

ABSTRACT. For some years, experts and government officials have warned of cyber-terrorism
as a looming threat to national security. However, if we define cyber-terror as an attack or series of
attacks that is carried out by terrorists, that instills fear by effects that are destructive or disruptive,
and that has a political, religious, or ideological motivation, then none of the disruptive cyber-inci-
dents of the last years qualify as examples of cyber-terrorism. So why has this fear been so persis-
tent? Instead of trying to answer how long cyber-terror is likely to remain a fictional scenario, this
paper analyzes the US cyber-terror discourse from a constructivist security studies angle: It looks
at how cyber-threats in general, and cyber-terror in particular are framed, and speculates on
characteristics that are responsible for the rapid and considerable political impact of the widespread
conceptualization of aspects of information technology as a security problem in the 1990s.
doi:10.1300/J516v04n01_03 [Article copies available for a fee from The Haworth Document Delivery Service:
1-800-HAWORTH. E-mail address: <docdelivery@haworthpress.com> Website: <http://www.HaworthPress.
com> © 2007 by The Haworth Press. All rights reserved.]

KEYWORDS. Cyber-terrorism, security studies, threat framing, information infrastructure

INTRODUCTION1 ist may be able to do more damage with a key-

The link between terrorism and computer
technology has been a theme in the US national
security literature for more than a decade. As
early as 1991, a report on computer security de-
clared: “We are at risk. Increasingly, America
depends on computers. . . . Tomorrow’s terror-
board than with a bomb” (National Academy of
Sciences, 1991, p. 7). Subsequent years saw the
gradual refinement of the threat image and an
increasing amount of grim warnings, with the
1995 Oklahoma City bombing and the political
activity in its aftermath marking the beginning
of the firm establishment of a cyber-terror con-

Myriam Dunn Cavelty, PhD, is Head of the New Risks Research Unit, Center for Security Studies (CSS), ETH
Zurich, Switzerland; Coordinator of the Crisis and Risk Network (CRN), a Swiss-Swedish Internet and workshop
initiative for international dialog on national-level security risks and vulnerabilities; and Lecturer at the University
of Zurich and the Swiss Federal Institute of Technology. Dr. Dunn Cavelty holds a degree in political science, mod-
ern history, and international law from the University of Zurich.
Address correspondence to: Myriam Dunn Cavelty, Center for Security Studies (CSS), ETH Zurich, WEC,
Weinbergstrasse 11, CH-8092 Zurich, Switzerland (E-mail: dunn@sipo.gess.ethz.ch).
This paper has won the “Millennium Award 2006 for an Outstanding Research Paper by a Younger Scholar”
from the Comparative Interdisciplinary Studies Section of the International Studies Association. The author would
like to thank seven anonymous reviewers for their insightful comments and suggestions for improvements.
Journal of Information Technology & Politics, Vol. 4(1) 2007
Available online at http://jitp.haworthpress.com
© 2007 by The Haworth Press. All rights reserved.
doi:10.1300/J516v04n01_03 19
20 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS
cept that was closely linked to the critical infra-
structure protection (CIP) debate on the
national security agenda.
While governments and the media repeat-
edly distribute information about cyber-
threats, real cyber-attacks resulting in deaths
and injuries remain largely the stuff of Holly-
wood movies or conspiracy theory. In fact,
menacing scenarios of major disruptive occur-
rences in the cyber-domain, triggered by mali-
cious actors, have remained just that–
scenarios. Nonetheless, for the US government
(and to a lesser degree other governments
around the world), the decision has been far
more straightforward: it considers the threat to
national security to be real, has extensively
studied various aspects of cyber-threats, and
spends considerable sums on a variety of coun-
termeasures (Abele-Wigert & Dunn, 2006).
This observation raises interesting questions
from a security studies perspective: Why and
how is a threat that has little or no relation to
real-world occurrences included on the secu-
rity political agenda? Are there specific
characteristics that make it particularly likely to
be there?
Due to its vague nature, cyber-terrorism is a
playfield for very different and diverse commu-
nities, concerned with topics such as freedom
of speech and Internet censorship (Gladman,
1998; Weimann, 2004a); cyber crime in con-
nection with terrorism (Sofaer & Goodman,
2000); or information warfare and sub-state
groups (Devost, Houghton, & Pollard, 1997;
Rathmell, Overill, Valeri, & Gearson, 1997).
This article will focus on cyber-threats and
cyber-terror broadly framed as a national secu-
rity issue. Previous research on the topic has
generally been highly specific and policy-ori-
ented (Alberts & Papp, 1997; Arquilla &
Ronfeldt, 1996) and has often uncritically
adopted arguments on the nature and scale of
cyber-terrorism from official statements or
pieces of media coverage.2 This is epitomized
in the tendency of many authors to hype the is-
sue with rhetorical dramatization and alarmist
warnings (cf. Arquilla, 1998; Schwartau,
1994). On the other hand, the considerable hype
has brought forth a counter-movement of more
cautious voices that are deliberately more spe-
cific in their estimates of the threat (cf. Lewis,
2002; Wilson, 2003). The key question on
which these two groups differ is whether or to
what degree there is a credible or likely connec-
tion between terrorism and cyber-terrorism be-
yond the suspected vulnerability of critical
infrastructures (cf. Nicander & Ranstorp, 2004,
p. 15) and consequently, at what point in future
time such an attack might occur. While it is
undisputed in both communities that cyber-at-
tacks and cyber-incidents cause major incon-
veniences and have cost billions of US dollars
in lost intellectual property, maintenance and
repair, lost revenue, and increased security in
the last couple of years (Cashell, Jackson,
Jickling, & Webel, 2004), these two groups dif-
fer considerably in their assessment of the fu-
ture point in time at which such an attack might
occur, and some even doubt whether there truly
is a national security threat linked to the Internet
and the information infrastructure.
The main reason for this controversy is that
cyber-threats have not materialized as a na-
tional security threat, even granted that there
have been some few incidents with at least
some potential for grave consequences. Inter-
estingly enough, both hypers and de-hypers
tend to agree on this point. But while the first
group assumes that vicious attacks that wreak
havoc and paralyze whole nations are immi-
nent, more cautious researchers often point to
the practical difficulties of a serious cyber-
attack (Ingles-le Nobel, 1999), question the as-
sumption of critical infrastructure vulnerabilities
(Lewis, 2002; Smith, 1998, 2000), or point to
unclear benefits of cyber-attacks for terrorist
groups (Barak, 2004). Despite this caution,
however, even the second group contends that
one “cannot afford to shrug off the threat”
(Denning, 2001a) due to unclear and rapid fu-
ture technological development as well as dy-
namic change of the capabilities of terrorism
groups themselves (Technical Analysis Group,
2003). To summarize the debate in a nutshell:
due to too many uncertainties concerning the
scope of the threat, experts are unable to con-
clude whether cyber-terror is fact or fiction, or,
since they are unwilling to dismiss the threat
completely, how long it is likely to remain fic-
tion.
So far, relatively few attempts have been
made to apply IR theory in analyzing this devel-
opment, with a few exceptions (Eriksson &
Giacomello, 2006; Giacomello & Eriksson,
 Myriam Dunn Cavelty
2007; partly Latham, 2003). Research that has
focused particularly on aspects of the construc-
tion of information-age security threats is also
little influenced by theory or is mostly outdated
(Bendrath, 2001, 2003; Eriksson, 2001b; newer:
Bendrath, Eriksson, & Giacomello, 2007; Dunn
Cavelty, in press). There is an agreement,
though, that the elusive and unsubstantiated na-
ture of cyber-threats means that approaches
rooted in the constructivist mindset with a sub-
jective ontology are particularly suitable for its
analysis. Such approaches are typically linked
to the constructivist research agenda and apply
critical self-reflection to the inherently contra-
dictory and problematic concept of security.
These approaches were particularly influenced
by the question of how and why new threats
were moved onto the security agendas after the
end of the Cold War.
Traditional security policy research views
threat images as given and actually out there,
and assumes that security policies are re-
sponses to an objective increase of threats and
risks (Walt, 1991). With constructivist ap-
proaches however, the focus is on how, when,
and with what consequences political actors
frame something–anything–as a security issue,
with a strong emphasis on speech acts, that is,
political language, and the implications this has
for political agenda-setting and political rela-
tions (Adler, 1997; Buzan, Wæver, & Wilde,
1998; Reus-Smit, 1996; Wæver, 1995). In or-
der to analyze why cyber-threats occupy such a
prominent position on the security political
agenda, this paper introduces a framework for
the analysis of threat frames (Eriksson, 2001b;
Eriksson & Noreen, 2002; Eriksson, 2001a),
partly based on the Copenhagen school’s secu-
ritization approach (Buzan, Wæver, & Wilde,
1998). Threat framing refers to the process
whereby particular agents develop specific in-
terpretive schemas about what should be con-
sidered a threat or risk, how to respond to this
threat, and who is responsible for it.
The paper focuses on the characteristics that
might be responsible for the swiftness and con-
siderable political impact of the widespread
conceptualization of IT as a security problem.
In doing so, it aims to shed light on how the is-
sue of cyber-terrorism is perceived and repre-
sented by the US government, and what the
consequences of this perception are. Thus, by
21
considering the salience of this threat rather
than simply arguing over its significance, it
pushes the debate in a new direction and pro-
vides much-needed grounding and reference
for the public debate on cyber-security.
This paper has three parts. First, the theoreti-
cal framework is introduced. Second, the paper
reconstructs how cyber-threats in general and
cyber-terror in particular have been framed and
treated over the years. Third, specific traits of
cyber-threat frames are analyzed.
THE FRAMING
OF SECURITY THREATS
As the end of the Cold War by and large coin-
cided with the beginnings of the information
revolution, this technological development–
which is about a special set of technologies, of-
ten subsumed under the heading of information
and communication technologies (ICT) (Al-
berts, Papp, & Kemp, 1997)–had a consider-
able impact on the perception and shaping of
new threats. Next to the vast opportunities of an
ICT-dominated age in terms of economic de-
velopment and democratization (Dutton, 1999;
Loader, 1997; Thornton, 2001) worries about
the security or rather the insecurity of digital
networks were of major concern from the be-
ginning. While extensively discussed on the
technical level under the heading of IT-secu-
rity, the information revolution was early on
perceived to have a number of negative impli-
cations for national security (Abele- Wigert &
Dunn, 2006; Dunn & Wigert, 2004; Hundley &
Anderson, 1997).
It has become common in the information
age to coin new terms by simply placing the pre-
fixes cyber, computer, or information before
another word. Thus, an entire arsenal of expres-
sions–among them cyber-crime, information
warfare, and cyber-terrorism–has been created.
Due to the newness of the topic and the sensa-
tionalist nature of the discourse on it, there have
been few semantic walls erected around the rel-
evant concepts in the information security tax-
onomy, with the result that these terms have so
many meanings and nuances that the words
quickly become confusing or lose their mean-
ing altogether (Dunn, 2007; Fisher, 2001).3 The
term cyber-threats, for example, denotes a rather
22 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS
vague notion signifying the malicious use of in-
formation and communication technologies ei-
ther as a target or as a weapon. Cyber-terrorism
is one clear case of a cyber-threat. As the issue
of cyber-terrorism has grown in popularity over
the years, it has also acquired a range of mean-
ings, depending on the context in which it is
used.
The term cyber-terrorism was allegedly
coined in the 1980s by Barry Collin, a senior re-
search fellow at the Institute for Security and
Intelligence in California, as a hybrid term that
encompasses the concepts of cybernetics and
terrorism (Collin, 1997; Conway, 2002). In
subsequent years, the term cybernetics was re-
placed by the term cyberspace, so that the con-
cept is now composed of two elements: cyber-
space and terrorism. As both concepts are noto-
riously difficult to define, cyber-terror itself
was and still is a very elusive and poorly-de-
fined concept. Academics agree in general that
to be labeled cyber-terrorism, cyber-incidents
must be mounted by sub-national terrorist
groups,4 be aimed at parts of the information in-
frastructure, instill terror by effects that are suf-
ficiently destructive or disruptive to generate
fear, and must have a political, religious, or
ideological motivation (Denning, 2000, 2001a,
2001b; Devost, Houghton, & Pollard, 1997;
Nelson, Choi, Iacobucci, Mitchell, & Gagnon,
1999; Pollitt, 1997).
According to this definition, none of the
larger and smaller disruptive cyber-incidents
that we have experienced in the last couple of
years has been an example of cyber-terrorism.
Even though most terrorist groups have seized
on the opportunity accorded by the information
revolution through an established multiple
Web presence, access to uncensored propa-
ganda, and by using the Web as an auxiliary re-
cruitment and fundraising tool (Thomas, 2003;
Weimann, 2004a; Weimann, 2004b), cyber-
space has so far mainly served as a force-multi-
plier in intelligence gathering and target-acqui-
sition for terrorist groups and not as an
offensive weapon. Despite this, the term is used
frequently in the political domain, detached
from any academic definition of the issue, as a
specter depicting a terrorist and a keyboard,
wreaking havoc that can disrupt an entire soci-
ety. Somewhat exemplary, Congressman Curt
Weldon (R-Pennsylvania) placed cyber-terror-
ism at the top of his list of modern threats to the
American way of life in 1999, when he said that
“in my opinion, neither missile proliferation nor
weapons of mass destruction are as serious as the
threat [of cyberterrorism]” (Poulsen, 1999). In
September 2002, Richard Clarke, former Spe-
cial White House Adviser for Cyberspace Secu-
rity, told ABC News: “[Cyber- terrorism is]
much easier to do than building a weapon of
mass destruction. Cyber-attacks are a weapon of
mass disruption, and they’re a lot cheaper and
easier” (Wallace, 2002).
What is the meaning of such statements, one
might ask? At all times, the cyber-threats de-
bate was (and is) highly political. It is not only
about predicting the future, but also about how
to prepare for it in the present. As a result of this,
turf battles on different levels of government
are the rule and ongoing. As there have been no
major destructive attacks on the cyber-level,
different scenarios, which are stories about
possible futures, are providing the grounds on
which decisions have to be made. The different
actors involved–ranging from government
agencies to the technology community to insur-
ance companies–with their divergent interests
are therefore competing with each other by
means of constructed versions of the future
(Bendrath, 2001, 2003). Ultimately, it is about
resources and about who is in charge to counter
the threat.
The so-called Copenhagen School of Secu-
rity, in particular, developed an approach that
focuses on the process of bringing an issue from
a politicized or even non-politicized stage into
the security domain. This process is called se-
curitization (Buzan, Wæver, & Wilde, 1998).
The process is seen as a socially constructed,
contextual speech act (Austin, 1962; Searle,
1969), meaning that by uttering the word secu-
rity or another term expressing the need for ex-
ceptional measures, a professional of security,
most often a state representative, claims a spe-
cial right to use any means necessary to counter
a certain threat (Wæver, 1995). Ultimately, this
means that issues become security issues not
necessarily because a real existential threat ex-
ists, but because the issue is successfully pre-
sented and established by key actors in the
political arena as such a threat. Securitization
studies aim to gain an understanding of who
securitizes (the actor) which issues (the threat
 Myriam Dunn Cavelty
subject), for whom or what (the referent ob-
ject), why (the intentions and purposes), with
what results (the outcome), and under what
conditions (the structure) (Buzan, Wæver, &
Wilde, 1998, p. 32).
To explain why certain issues seem more
susceptible to securitization than others, and
this is also the focus of this article, some schol-
ars have established a stronger link to (cogni-
tive) framing research that looks at special traits
of the threat frames employed by key actors
(Eriksson, 2001a; Eriksson, 2001b; Eriksson &
Noreen, 2002). Frame theory is rooted in lin-
guistic studies of interaction and points to the
way shared assumptions and meanings shape
the interpretation of any particular event (Oli-
ver & Johnston, 2000). We understand fram-
ing to refer to the subtle selection of certain
aspects of an issue in order to cue a specific re-
sponse; the way an issue is framed explains
who is responsible and suggests potential solu-
tions conveyed by images, stereotypes, mes-
sengers, and metaphors (Ryan, 1991, p. 59;
Snow & Benford, 1992; Snow, Rocheford,
Worden, & Benford, 1986). In threat framing,
government officials and experts use certain
phrases and also certain types of stories to add
urgency to their case. Specific uses of language
dramatize the actual threat: the use of specific
phrases and words make its construction as a
national security threat possible in the first
place. Since there is no real-world reference for
the threat, constant persuasion is required to
sustain the sense that it is a real danger. And be-
cause the national security dimension is not
completely obvious, it is necessary to use spe-
cific analogies (Cohn, 1987).
Frame analysis can be seen as a strand of dis-
course analysis that mainly focuses on relevant
content and argumentation (Gamson, 1992).
Framing is an empirically observable activity:
frames are rooted in and constituted by
group-based social interaction, which is avail-
able for first-hand observation, examination,
and analysis of texts (Snow & Benford, 1992).
The high relevance of frames as social patterns
is an outcome of the fact that frames define
meaning and determine actions. Specifically,
socially accepted frames influence the actions
of actors and define meaning in the public mind
(Gamson, 1992, p. 110; Snow, Rocheford,
Worden, & Benford, 1986, p. 464). Social con-
23
tests for the legitimate definition of reality are
held by ways of different categories as ex-
pressed in frames. In the case of threat framing,
the process of categorizing something as a par-
ticular threat has practical consequences when
key actors begin seeing the world according to
these categories.
Framing theory addresses three main ques-
tions, the second of which will be our main
focus: (a) how frames influence social action;
(b) which frames are particularly successful for
what reasons; and (c) how frames can be changed
(Snow & Benford, 1988). There are three types
of framing (ibid. 199-202):
a. diagnostic framing, which is about
clearly defining a problem and assigning
blame for the problem to an agent or
agencies. In other words, this is about
designating that which appears to be
threatening (the subject of the threat im-
age or threat subject) and what is per-
ceived as threatened (the object of the
threat image or referent object);
b. prognostic framing, which is about of-
fering solutions, and proposing specific
strategies, tactics, and objectives by
which these solutions may be achieved;
c. motivational framing, to rally the troops
behind the cause or a call for action.
To this list, they add a fourth key element, frame
resonance, meaning that the frame content
must appeal to the existing values and beliefs of
the target audience to become effective.
In the following, we will conduct a mini-case
study on the framing of the US cyber-terror
discourse. Even though such an approach does
not help to determine whether cyber-terror is
fact or fiction or how long it will remain fiction,
we can identify those traits that have made
cyber-threats such prominent features on the
national security policy agendas. Data for the
case study was collected from official policy
papers, hearings, and other statements of key
actors. Top-level documents reflect actual
presidential intentions, as opposed to public
statements of purpose, which frequently leave
out sensitive details and, on occasion, directly
conflict with the stated goals of the administra-
tion.
24 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS
DEVELOPMENT AND PARAMETERS
OF THE US CYBER-TERROR
DISCOURSE
The beginnings of the cyber-threats debate
go back to the Reagan administration, which
was concerned with preventing what it viewed
as damaging disclosures of classified informa-
tion as well as the acquisition of sensitive but
unclassified information (DCI Center for
Security Evaluation Standards Group, 1995).
Subsequently, we find policy efforts in two
domains: the first one linked to the protection of
federal agencies’ computer data from espio-
nage, which was interlinked with the debate on
encryption technology and led to the Computer
Security Act of 1987,5 and the second one linked
to the growing problem of computer crime,
which led to the Computer Abuse Act of
1984/866 that laid the groundwork for the pros-
ecution of computer crimes in the US.
The first official threat frame can be found in
National Security Decision Directive Number
145 on National Policy on Telecommunica-
tions and Automated Information Systems Se-
curity issued on September 17, 1984 (The
White House, 1984):
The technology to exploit these elec-
tronic systems is widespread and is used
extensively by foreign nations and can be
employed, as well, by terrorist groups
and criminal elements. Government sys-
tems as well as those which process the
private or proprietary information of US
persons and businesses can become tar-
gets for foreign exploitation.
As we will see below, this threat frame al-
ready contains most of the ingredients of the
current threat frame, even though in a slight
variation. The threat subject ranges from for-
eign nations to terrorists to criminals. There is
an emphasis on foreign exploitation, which
seems to rule out that the problem could stem
from US citizens. The referent object at this
stage is limited to government systems and
business systems that carry relevant informa-
tion.
Further, we can see that it is a fairly narrow
threat frame that is concerned mainly about
classified material and not about the soci-
ety-threatening aspects of cyber-threats yet.
This can be attributed to the technological sub-
structure, which was still lacking the quality of
a mass phenomenon that it acquired when com-
puter networks turned into a pivotal element of
modern society (Ellison et al., 1997) and net-
works in a more abstracted sense became a met-
aphor for many aspects of modern life (Arquilla
& Ronfeldt, 1996; Arquilla & Ronfeldt, 2001;
Castells, 1996). Even though terrorist groups
are listed as potential perpetrators in this 1984
document, the cyber-terror specter as such has
not yet been born, for the same reason.
Apart from a change in the technological en-
vironment, the broadening of the vulnerability
aspect can be attributed to changing threat per-
ceptions and other developments in the US mil-
itary: We can observe a close link of the early
cyber-threats debate to the US Revolution in
Military Affairs–which refers to the strategic,
operational, and tactical consequences of the
marriage of systems that collect, process, and
communicate information with those that apply
military force (Tilford, 1995)–and the subse-
quent development of an information war-
fare-information operations doctrine (Dunn,
2002). While technology was seen mainly as a
force enabler for a considerable number of
years until after the end of the Cold War, the US
developed the fear that their huge conventional
military dominance would force any kind of ad-
versary–states or sub-state groups–to resort to
asymmetric means, such as weapons of mass
destruction, information operations, or terror-
ism in the future (Kolet, 2001). The 1991 Gulf
War played a large role in demonstrating the
benefits of the information differential pro-
vided by the information systems employed
(Campen, 1992; Eriksson, 1999), but it was
also the Gulf War that birthed fear of the down-
side of this development mainly through expe-
riences with the threat of data intrusion as
perpetrated by hacker attacks against 34
Department of Defense computer sites during
the conflict (Devost, 1995).
In the aftermath of the Oklahoma City bomb-
ing in April 1995, the issue of cyber-threats was
definitely established as one the military estab-
lishment could and should not deal with alone,
and it was closely connected to the concept of
critical infrastructure protection. The advan-
tages in use and dissemination of ICT were seen
 Myriam Dunn Cavelty
to connote an over-proportional vulnerability,
which caused experts to fear that enemies who
were likely to fail against the US war machine
might instead plan to bring the US to its knees
by striking vital points at home (Berkowitz,
1997)–these points being fundamental to the
national security and the essential functioning
of industrialized societies as a whole, and not
necessarily to the military in specific. Due to
the nature of cyber-attacks, it became clear that
is was often impossible to determine at the out-
set whether an intrusion is an act of vandalism,
computer crime, terrorism, foreign intelligence
activity, or some form of strategic attack. The
only way to determine the source, nature, and
scope of the incident is to investigate. And the
authority to investigate such matters and to ob-
tain the necessary court orders or subpoenas
clearly resides with law enforcement (Vatis,
1998). US domestic law also gave the armed
forces’ lawyers headaches, because an attack
on US infrastructures could originate in Iraq as
well as in the US. A military counter-strike
through cyberspace might therefore unwit-
tingly constitute an operation of US armed
forces on domestic territory, which is prohib-
ited by the Posse Comitatus Act of 1878.7
One direct outcome of the Oklahoma City
bombing was Presidential Decision Directive
39, which directed Attorney-General Janet
Reno to lead a government-wide effort to re-ex-
amine the adequacy of the available infrastruc-
ture protection. As a result, Reno convened a
working group to investigate the issue and re-
port back to the cabinet with policy options
(Freeh, 1997). The review, which was com-
pleted in early February 1996, particularly
highlighted the lack of attention that had been
given to protecting the cyber-infrastructure of
critical information systems and computer net-
works. Thus, the topic of cyber-threats was
linked to the topics of critical infrastructure
protection and terrorism. Subsequently, Presi-
dent Bill Clinton started to develop a national
protection strategy with his Presidential Com-
mission on Critical Infrastructure Protection
(PCCIP) in 1996, and the issue remained a very
high priority during his presidency and had a
strong position in all the National Security
Strategies between 1995 and 1999.
The years 1997/1998 in particular were a wa-
tershed in terms of the views on cyber-threats.
25
When comparing open hearings concerning na-
tional security or the annual defense reports
over the years, we see how the issue takes a
quantum leap in 1998: there is a great quantita-
tive increase in the time and space given to the
topic in public hearings. In addition, cyber-
threats came to be depicted as one of the prime
dangers among the new threats. CIA director
John Deutch, for example, had regularly
warned of threats to national security from
cyber-attacks since the mid-1990s. Asked in a
Senate hearing to compare the danger with nu-
clear, biological, or chemical weapons, he an-
swered, “it is very, very close to the top”
(Deutch, 1996).
The PCCIP presented its report in the fall of
1997 (PCCIP, 1997). The international impact
of this document was such that it led to the firm
establishment of the topic of cyber-threats and
critical infrastructure protection on the security
agenda of various countries (Abele-Wigert &
Dunn, 2006; Dunn & Wigert, 2004). Clinton
followed the recommendations of the PCCIP in
May 1998 with his Presidential Decision Direc-
tives (PDD) 62 and 63 (White House, 1998a,
1998b). Clinton’s master plan adopted a two-
fold response to cyber-threats: On the one hand,
the intelligence community and the law en-
forcement agencies together built up further ca-
pacities for investigations of cyber-crimes, like
computer forensics tools or close surveillance
of the hacker community; On the other hand,
because of the amorphous nature of these
non-state actors and unknown enemies, a lot of
effort was put into hardening the critical infra-
structures (Bendrath, 2001).
The distinct image of the cyber-terrorist also
appears during these years. First mentioned in a
public hearing in 1998, cyber-terror quickly
became one of the catchphrases of the debate.
Poor definitions and careless use of terminol-
ogy by many government officials is a major
obstacle for meaningful discussion of the
cyber-terror issue. A statement of President
Bill Clinton, who was very influential in shap-
ing the perception of the issue, can serve as an
example of this semantic ambiguity. In his for-
eign policy farewell lecture at the University of
Nebraska at Kearney in December 2000, he
identified the need to pay attention to new
security challenges like cyber-terrorism, and
said:
26 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS
One of the biggest threats to the future is
going to be cyberterrorism–people fool-
ing with your computer networks, trying
to shut down your phones, erase bank re-
cords, mess up airline schedules, do
things to interrupt the fabric of life.
(Bowman, 2000, para. 7)
Both the PDD 62 and 63 and the National
Plan follow the PCCIP’s reasoning and cement
the winning and dominant threat frame. After
that date, all the threat frames that are employed
in public hearings and other documents resem-
ble the PCCIP’s threat frame. In the report, it is
stressed that dependence on the information
and communications infrastructure have cre-
ated new cyber-vulnerabilities (PCCIP, 1997,
p. 5) and that potential adversaries include a
very broad range of actors–“from recreational
hackers to terrorists to national teams of infor-
mation warfare specialists” (ibid., p. 15). This
very broad and indeterminate framing of the
threat subject is one of the hallmarks of the
cyber-threat frame. On the referent object
side, it was clearly established that “the nation
is so dependent on our infrastructures that we
must view them through a national security
lens. They are essential to the nation’s security,
economic health, and social well being” (ibid,
p. vii). The dependence of society on the
information and communication infrastructure
on the one hand, and the ever-more complex in-
terdependencies between infrastructures on the
other, were identified as creating new dimen-
sions of vulnerability, “which, when combined
with an emerging constellation of threats, poses
unprecedented national risk” (ibid., p. ix).
In the PCCIP report, cyber-threats are de-
scribed as being even more dangerous than
other new threats, especially because the neces-
sary weapons are so easy to acquire (PCCIP,
1997, p. 14). On the whole, there is little empha-
sis on the foreign intelligence threat, though it
still remains a concern. Among the far more vir-
ulent topics are scenarios of states using infor-
mation warfare means, or sub-state actors using
the information infrastructures for their attack.
This development was accompanied by an ex-
pansion of the vocabulary to incorporate new
terminology such as cyber-war, cyber-terror-
ism, or electronic Pearl Harbor (Bendrath,
2001), terms that are frequently used in
hearings, interviews, and press articles.
The events of 11 September 2001 served to
further increase the awareness of vulnerabili-
ties and the sense of urgency in protecting criti-
cal infrastructures (Bush, 2001a, 2001b). First
and foremost, the attacks of 9/11 provided a
reason to restructure the overall organizational
framework of critical infrastructure protection
(CIP) in the US. In the immediate aftermath of
9/11, President George W. Bush signed two
Executive Orders (EO) affecting CIP. With EO
13,228, entitled Establishing the Office of
Homeland Security and the Homeland Security
Council of 8 October 2001, Bush set up an Of-
fice of Cyberdefense at the White House, as
part of the new Homeland Security Office,
which in turn was part of the National Security
Council (Executive Order No. 13,228, 2001).
The mission of this office was to “develop and
coordinate the implementation of a compre-
hensive national strategy to secure the US from
terrorist threats and attacks.” The second Exec-
utive Order, EO 13,231 Critical Infrastructure
Protection in the Information Age, established
the President’s Critical Infrastructure Protec-
tion Board, whose responsibility was to “rec-
ommend policies and coordinate programs for
protecting information systems for critical
infrastructure” (Executive Order No. 13,231,
2001).
The Bush administration’s policy regarding
critical infrastructure protection represented a
continuation of PDD-63 in many respects: The
fundamental policy statements are essentially
the same, as are the infrastructures identified
as critical, although they were expanded and
emphasis was placed on targets that would re-
sult in large numbers of casualties (Moteff,
2007, p. 12). There was one primary difference,
however. First, the Office of Homeland Secu-
rity was given overall authority for coordinat-
ing critical infrastructure protection against
terrorist threats and attacks. Those responsibil-
ities associated with information systems of
critical infrastructures were delegated to the
President’s Critical Infrastructure Protection
Board. Furthermore, the board’s responsibili-
ties for protecting the physical assets of the na-
tion’s information systems were to be defined
by the assistant to the president for national se-
curity and the assistant to the president for
 Myriam Dunn Cavelty
homeland security. While Clinton’s PDD-63
focused primarily on cyber-security, it gave the
national coordinator responsibility to coordi-
nate the physical and virtual security for all
critical infrastructures. The above-mentioned
Executive Orders not only segregated respon-
sibility for protecting the nation’s information
infrastructure, but also considerably strength-
ened the physical aspect vis-à-vis the aspect of
cyber- attacks.
As a result of this, many critical voices were
heard disapproving of the extent of the atten-
tion given to the cyber-dimension. The fact that
the government’s first cyber-security chief
abruptly resigned after one year with the US
Department of Homeland Security raised seri-
ous questions in the press about the Bush ad-
ministration’s ability to quickly improve the
nation’s cyber-security (cf. Gross, 2004; Mark,
2004; Verton, 2004). Negative press was part
of the reason why the second secretary of home-
land security, Michael Chertoff, proposed to
restructure the IAIP Directorate responsible
for CIP and rename it the Directorate of Pre-
paredness as one of his Second Stage Review
recommendations in 2005 (Chertoff, 2005).
Later, the Information Analysis function was
merged into a new Office of Intelligence and
Analysis. The Infrastructure Protection func-
tion, with the same missions as outlined in the
Homeland Security Act, remained, but was
joined by other existing and new entities. In
addition, the restructuring established the po-
sition of an assistant secretary for cyber secu-
rity and telecommunications, which had long
been advocated by many within the cyber-
security community, and of an assistant secretary
forinfrastructureprotection(Moteff,2007,p.15).
Generally speaking, the Bush administra-
tion became bogged down in the details of im-
plementing its own strategy. Shortly before the
beginning of Operation Iraqi Freedom in 2003,
the DHS identified a list of 160 assets or sites
that it considered critical to the nation, based on
their vulnerability to attack and potential con-
sequences. Over time, according to the DHS in-
spector general, this initial priority list evolved
into what is now called the National Asset Data-
base, which, as of January 2006, contained over
77,000 entries (Moteff, 2006; Moteff, 2007,
p. 25). While the DHS has reportedly made
progress on improving the reliability of the in-
27
formation contained in the database, it contin-
ues to draw criticism for including thousands of
assets that many believe have more local im-
portance than national importance. A DHS re-
port summarizing the results of Cyber Storm, a
four-day exercise designed to test how industry
and the government would respond to a con-
certed cyber-attack on key information sys-
tems, was seen as another indicator for
insufficient progress made (DHS, 2006).
Cyber Storm suggested that government and
private-sector participants had trouble recog-
nizing the coordinated attacks, determining
whom to contact, and organizing a response.
Despite this, it can be argued that the attacks
of 11 September 2001 did not bring many
changes for the overall strategy–and, regard-
less of what might be commonly expected, did
not bring any changes in the threat frames.
What we do see, however, is that at least ini-
tially, one main focus in public hearings was on
the possibility of terrorists using cyber-means
for attacks. In addition, a number of studies
were conducted in the aftermath of 9/11 that fo-
cused on Muslim terrorists and their cyber-ca-
pabilities (National Infrastructure Protection
Center, 2002; TAG, 2001; Vatis, 2001). At this
time, officials’ attention shifted from hackers
depicted as terrorists towards terrorist hackers,
and specifically Muslim ones. The few exam-
ples cited below again show how volatile and
unfounded the cyber-threat assessments still
were. In his Senate testimony on The Terrorist
Threat Confronting the United States in Febru-
ary 2002, Dale L. Watson, the FBI’s executive
assistant director on counter-terrorism and
counterintelligence, talked about an emerging
threat:
Beyond criminal threats, cyber space also
faces a variety of significant national se-
curity threats, including increasing threats
from terrorists . . . . Cyberterrorism–
meaning the use of cyber tools to shut
down critical national infrastructures
(such as energy, transportation, or gov-
ernment operations) for the purpose of
coercing or intimidating a government or
civilian population–is clearly an emerg-
ing threat. (Watson, 2002, Cyber/Na-
tional Infrastructure section, para. 2, 3)
28 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS
In March of 2002, the intelligence commu-
nity’s new global threat estimate was presented
to Congress. CIA director George J. Tenet,
when discussing possible cyber-attacks, talked
mostly about terrorists, after having focused his
attention on the whole range of actors in previ-
ous years (Tenet, 1997, 1998, 1999):
We are also alert to the possibility of
cyber warfare attack by terrorists . . . . At-
tacks of this nature will become an in-
creasingly viable option for terrorists as
they and other foreign adversaries be-
come more familiar with these targets,
and the technologies required to attack
them. (Tenet, 2002, terrorism section,
para. 9)
In the CIA Answers to Questions for the Re-
cord, dated April 8, 2002, it is further specified
that
Various terrorist groups including
al-Qa’ida and Hizballah are becoming
more adept at using the Internet and com-
puter technologies, and the FBI is moni-
toring an increasing number of cyber
threats . . . . These groups have both the
intentions and the desire to develop some
of the cyberskills necessary to forge an
effective cyber attack modus operandi.
(CIA, 2002, the threat of cyber-terrorism
section)
Others, too, feared that al-Qaida had these
abilities: For example, Vice Admiral Lowell E.
Jacoby, Director of the Defense Intelligence
Agency, stated that members of al-Qaida had
spoken openly of targeting the US economy as a
way of undermining US global power. As proof
for this claim, he stated that al-Qaida was using
publicly available Internet Web sites to recon-
noiter US infrastructure, utilities, and critical
facilities (Jacoby, 2003). Again others, such as
Robert S. Mueller, Director of the Federal Bu-
reau of Investigation, feared that though cur-
rent attacks were mere nuisances such as
denial-of-service attacks, their options might
increase (Mueller, 2003).
Detached from all of this, the cyber-threat
frame as developed under Clinton remained in
place. The reason for this is twofold: on the one
hand, the prevalent threat frame was widely ac-
cepted and therefore highly stable. Not only
was the diagnosis–a very wide range of poten-
tial perpetrators–accepted, but so was the prog-
nosis: Whether cyber-terror or cyber-warfare,
the countermeasures as laid out in the National
Plan and Bush’s National Strategy to Secure
Cyberspace seemed to satisfy decision-mak-
ers. In addition, all the turf battles between vari-
ous agencies had been fought in the 1990s, so
that this specific threat occurred in a more set-
tled phase: The lead of the law enforcement
community and the crucial importance of pub-
lic-private partnerships were widely accepted
by all actors involved. The establishment of the
DHS, propagated as a step towards pulling
down the artificial walls between institutions
that deal with internal threats and others that
deal with external ones, did not fundamentally
change this perception: it merely changed parts
of the organizational setting.
CHARACTERISTICS
OF THE US CYBER-THREATS/
CYBER-TERROR THREAT FRAME
Conceptions of cyber-threats are very broad
and also very vague, both in terms of what or
who is seen as the threat and what or who is
seen as being threatened. In theory, cyber-at-
tacks can be carried out in innumerable ways
by anyone with a computer connected to the
Internet, and for purposes ranging from juve-
nile hacking, to organized crime, to political
activism, to strategic warfare. Hacking-tools
are easily downloaded from the Internet, and
have become both more sophisticated and
user-friendly. Motivational framing became a
feature of threat frames in the 1990s, when the
threat is frequently called new in order to indi-
cate the inability of established structures and
instruments to deal with it. Cyber-terror is
more narrowly constructed as a subset of
cyber-threats, as it focuses on non-state actors
on the threat subject side, but the two threat im-
ages are so closely interlinked that the image of
the cyber-terrorist and that of the larger set of
cyber-perpetrators are never truly separated in
official statements.
On the whole, the cyber-terror frame as a
sub-theme of the general cyber-threats frame
 Myriam Dunn Cavelty
combines two of the great fears of the late 20th
century: The fear of random and violent victim-
ization and the distrust or outright fear of com-
puter technology, which both feed on the fear of
the unknown (Pollitt, 1997). Terrorism is
feared, and is meant to be feared, because it is
perceived as being random, incomprehensible,
and uncontrollable. Technology, including in-
formation technology, is feared because it is
seen as complex, abstract, and arcane in its im-
pact on individuals. Because computers do
things that used to be done by humans, there is
a notion of technology being out of control, a
recurring theme in political and philosophi-
cal thought (Winner, 1977) that is even
strengthened by the increase in connectivity
that the information revolution brings. They are
ultimately seen as a threat to society’s core val-
ues, especially national security, and to the eco-
nomic and social well-being of a nation.
Therefore, they are inevitably presented as a
national security issue.
That officials in various agencies struggle to
identify the most dangerous actors or to decide
whether states or non-state actors are more
likely to become a threat is a consequence of the
very wide prognostic threat frame, especially
on the threat subject side. At the end of the
1990s the general consensus emerged that
states were the ones to worry about, because
they had greater capabilities–but that it was
more likely that terrorists or criminals would at-
tack. As DIA Director Thomas Wilson said in
2000:
Foreign states have the greatest potential
capability to attack our infrastructure be-
cause they possess the intelligence assets
to assess and analyze infrastructure vul-
nerabilities, and the range of weap-
ons–conventional munitions, WMD, and
information operations tools–to take ad-
vantage of vulnerabilities. (Wilson,
2000, the growing asymmetric threat
section, para. 5)
The renewed focus on cyber-terrorists after
9/11 proved a fairly temporary thing, too.
About a year after 9/11, Richard Clarke, then
head of the White House Office for Cyber Secu-
rity, told the press that the government had be-
gun to regard nation-states rather than terrorist
29
groups as the most dangerous threat. He said,
“There are terrorist groups that are interested
[in conducting cyber attacks]. We now know
that al Qaeda was interested. But the real major
threat is from the information-warfare brigade
or squadron of five or six countries” (Cha &
Krim, 2002, p. A02).
Given this uncertainty, it is not surprising
that the prognostic part of the frame remained
far more contested than the diagnostic part dur-
ing the entire debate. Issues of how to counter
the threat, mainly questions concerning re-
sponsibilities, were discussed until approxi-
mately 1997, when the PCCIP threat frame
offered a solution that appealed to everyone.
Notions of cyber-threats have originated
among military as well as civilian actors. In the
law enforcement community, cyber-crime has
become a particularly salient threat image.
Within the military bureaucracy, the perceived
threats have been framed as information war-
fare, information operations, and cyber-war.
Both communities refer to cyber-terror, a
threat image that has remained very fuzzy.
Among computer scientists, technicians, and
network operators, the threat images are usu-
ally much narrower, with an emphasis on at-
tacks, exploits, and disruptions perpetrated
against computer networks, software conflicts,
and other bugs which can lead to systems
crashes. From the very beginning, the law en-
forcement community played a strong role in
the process due to existing resources, norms,
and institutions. Members of the military took
the place of a framing, but not of an executing
actor: they gave cyber-threats a new face, but
then had to cede responsibility and admit that
they could not provide the answer to them (De-
fense Science Board, 1994, 1996; Joint Secu-
rity Commission, 1994). The perceived nature
of the threat as well as restraints stemming
from norms and institutions made a bigger role
of the military establishment unfeasible. As a
result, they became more or less marginalized
in the broader debate after a certain point. Only
in the domain of information warfare, framed
as a traditional military task, did they retain pri-
mary responsibility and strive to advance de-
velopments in the domain.
Nonetheless, even though the issue of
cyber-threat is clearly linked to national secu-
rity on a rhetorical level, there are, in general,
30 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS
no exceptional measures envisaged that would
traditionally fall under the purview of national
security apparatus. Therefore, the cyber-
threats debate is an example of a failed securiti-
zation (cf. Bendrath, 2001). If we turn once
again to securitization theory, the criterion
given by securitization theory is that issues be-
come securitized when they are taken out of the
“normal bounds of political procedure,” which
in turn amounts to a call for exceptional mea-
sures (Buzan, Wæver & Wilde, 1998, p. 24). In
addition, securitization moves are only suc-
cessful if an audience accepts the security argu-
ment (ibid., p. 25). A study of cyber-threat
frames offer a possible interpretation of this:
Even though the diagnostic part of current
cyber-threat frames establishes a forceful link
to national security, the prognostic part does
not. And apparently, the prognostic part,
which is about offering solutions, and propos-
ing specific strategies, tactics, and objectives
by which these solutions may be achieved, is
more important, as it is, ultimately, about real
consequences.
CONCLUDING REMARKS
In this paper, it was shown that terrorists
have not used cyberspace as a weapon or target
so far, though they routinely make use of com-
puters, the Internet, or cryptography for organi-
zational purposes. However, there is a lot of
uncertainty as to the future development of this
threat. To answer the question of “how
likely–how soon” we would need concrete in-
telligence data of which non-state actor is likely
to employ cyber-tools as an offensive weapon
at what point in time (Nicander & Ranstorp,
2004, pp. 12-13)–data which is not available. A
different approach has therefore been chosen in
this paper: It looked at the cyber-threat dis-
course from a constructivist security studies
perspective and identified key aspects of the
cyber-threat frame (and cyber-terror frame) in
order to determine what aspects might be re-
sponsible for its strong position on the national
security agenda.
We find that on the rhetorical level, the dan-
ger is said to be caused by new and poorly un-
derstood vulnerabilities due to dependence of
society on the information and communication
infrastructure on the one hand, and ever-more
complex interdependencies between infra-
structures on the other. The information infra-
structure, including its physical and cyber-
components, is often named as a concrete target
of cyber-terror and, more generally, of cyber-
threats. In the agent dimension, a danger has
been constructed that emanates from an enemy
who is located outside of the US, both in geo-
graphical and in moral terms. This picture of a
dangerous other reinforces the idea of the na-
tion as a collective self. The use of phrases like
our computers or our infrastructures amplifies
this effect. The reference object of security is
the entire US society. The logical and political
implication of this is that defense against
cyber-attacks comes under the purview of
national security policy.
However, it was argued that the prognostic
frame is more important than the diagnostic
threat frame. In fact, it is likely that the PCCIP
threat frame has prevailed due to its prognostic
part rather than to its diagnostic one. Despite
the fact that there is national security rhetoric in
abundance, the actual countermeasures in
place rely on risk analysis and risk manage-
ment. This business rationale is forced upon
governments due to the fact that the private in-
dustry owns and operates about 85% to 95% of
the US critical infrastructures and key assets,
depending on the source. Therefore, much of
the expertise and many of the resources re-
quired for planning and taking better protective
measures lie outside the federal government
(Baird, 2002; Bosch, 2002; Goodman et al.,
2002). As a result, it is necessary to delegate a
large part of the responsibility for the protection
of critical infrastructure to the private owners
and operators. Whereas the traditional logic of
national security suggests unilateral govern-
ment action and policy, CIP policies are inevi-
tably blurred by domestic considerations and
other policy imperatives. In contrast to the logic
of security, the logic of risk is not binary, but
probabilistic. It is a constant process towards a
desired outcome. Thus, managing risk is essen-
tially about accepting that one is insecure, but
constantly patching this insecurity, working to-
wards a future goal of more security (Kristen-
sen, in press).
Ultimately, all of this has a desecuritizing ef-
fect. Desecuritization as the unmaking of secu-
 Myriam Dunn Cavelty
rity has been considered a technique for
defining down threats, in other words, a nor-
malization of threats that were previously con-
structed as extraordinary. This normalization is
a process by which security issues lose their se-
curity aspect, making it possible to interpret
them in multiple ways, and therefore, allows
more freedom both at the level of interpretation
and in actual politics or social interaction
(Aradau, 2001). Despite the fact that the securi-
tization of cyber-threats has failed, as shown in
this article, the national security logic is upheld
on the rhetorical level. This, on the one hand,
makes it easier in theory to start new securitiza-
tion moves and to challenge the current prog-
nostic frame. On the other hand, it means that
the fuzzy notions of cyber-threats and cyber-
terror will most certainly remain on the national
security agenda. Therefore, decision-makers
should be careful not to foment cyber-angst to an
unnecessary degree, even if the threat cannot be
completely shrugged off. In seeking a prudent
policy, the difficulty for decision-makers is to
navigate the rocky shoals between hysterical
doomsday scenarios and uninformed compla-
cency. It is clear that the focus should continue
to be on a broad range of potentially dangerous
occurrences involving cyber- means and tar-
gets, including failure due to human error or
technical problems apart from malicious at-
tacks. This not only does justice to the complex-
ity of the problem but also prevents us from
carelessly invoking the specter of terrorism.
It has in fact been argued that one solution to
the problem of cyber-security is to focus on
economic and market aspects of the issue rather
than on suitable technical protection mecha-
nisms (Andersson, 2001). If we apply this
viewpoint, we quickly realize that the insecu-
rity of the Internet can be compared to environ-
mental pollution and that cyber-security in fact
shows strong traits of a public good that will be
underprovided or fail to be provided at all in the
private market. Public goods provide a very im-
portant example of market failure, in which in-
dividual behavior seeking to gain profit from
the market does not produce efficient results
(Dunn & Mauer, 2007; Suter, 2007). Clearly,
looking at cyber-security as an economic prob-
lem means to desecuritize the issue even fur-
ther. At the same time, to focus on market
aspects of the issue can help create a market for
31
cyber-security, which could reduce much of the
insecurity of the information infrastructure,
and thus also diminish the vulnerability of
society.
NOTES
1. Data availability and possibility for replication:
This study tries to incorporate the notion that the manner
in which people and institutions interpret and represent
phenomena and structures makes a difference for the
outcomes. This ontology reflects an epistemology that
is based on intersubjectivity, which sees subject and
object in the historical world as a reciprocally interre-
lated whole (Adler and Haas, 1992, p. 370; Cox, 1992,
p. 135). Data is analyzed using a hermeneutical interpre-
tive method of text analysis, which is the most suitable
approach for questions raised by post-positivist theories
and speech act theory in particular (Adler, 1997). There
is no claim that hypotheses need to be falsified in Pop-
per’s sense; instead, the entire research community acts
as “ultimate tribunal of truth” (Howarth, 2000, p. 142)
so that the analysis is ultimately legitimate when it is
persuasive, consistent, and coherent.
2. The media routinely features sensationalist head-
lines that cannot serve as a measure of the problem’s
scope. Examples of such articles include the following:
Christensen, J. (1999, April 6). Bracing for guerrilla
warfare in cyberspace. CNN Interactive; Kelley, J.
(2001, February 6). Terror groups hide behind Web en-
cryption. USA Today; McWilliams, B. (2001, December
17). Suspect claims Al Qaeda hacked Microsoft–Expert.
Newsbytes; FBI: Al Qaeda may have probed govern-
ment sites. (2002, January 17). CNN.; and Islamic
cyberterror: Not a matter of if but of when. (2002, May
20). Newsweek.
3. As Geoffrey French put it, referring to the diver-
sity of terminology in a variety of information warfare
articles (French, 2000), “Before too long, the articles
seem to have been written by Lewis Carroll, with dire
warnings of the Jabberwock, the Jubjub bird, and the
frumious Bandersnatch.”
4. This definition’s main weakness is that it does not
apply a critical approach to the concept of terrorism. By
deliberately not addressing the problem at the heart of
all definitions of terrorism (“one person’s terrorist is an-
other person’s freedom fighter”), we avoid investigating
the difficulty and subjectivity of labelling a person or
group terrorist.
5. Computer Security Act of 1987, Public Law
100-235, H.R. 145, (1988), (100th Congress).
6. The Counterfeit Access Device and Computer
Fraud Abuse Act, 18 U.S.C. § 1030 (1984).; Computer
Fraud and Abuse Act (U.S.) 18 U.S.C. § 1030(a) (1986).
7. 18 U.S.C. § 1385 (1878).
32 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS
REFERENCES
Abele-Wigert, I. & Dunn, M. (2006). The international
CIIP handbook 2006: An inventory of protection pol-
icies in 20 countries and 6 international organiza-
tions (Vol I). Zurich, Switzerland: Center for
Security Studies.
Adler, E. (1997). Seizing the middle ground: Construc-
tivism in world politics. European Journal of Inter-
national Relations, 3, 319-363.
Adler, E., & Haas, P. M. (1992). Conclusion: Epistemic
communities, world order, and the creation of a re-
flective research program. International Organiza-
tion, 46, 367-390.
Alberts, D. S., & Papp, D. S. (Eds.). (1997). The informa-
tion age: An anthology of its impacts and conse-
quences (Vol. 1). Washington, DC: National Defense
University.
Alberts, D. S., Papp, D. S., & Kemp, W. T., III. (1997).
The technologies of the information revolution. In D.
S. Alberts & D. S. Papp (Eds.), The information age:
An anthology of its impacts and consequences (pp.
83-116). Washington DC: National Defense Univer-
sity.
Andersson, R. (2001). Why Information Security is Hard:
An Economic Perspective. In IEEE Computer Society
(Ed.), Proceedings of the 17th Annual Computer Se-
curity Applications Conference (pp. 358-365). Wash-
ington, DC: IEEE Computer Society.
Aradau, C. (2001, December). Beyond good and evil:
Ethics and securitization/desecuritization tech-
niques. Rubikon, Retrieved May 1, 2007 from http://
venus.ci.uw.edu.pl/~rubikon/forum/claudia2.htm
Arquilla, J. (1998, February 6). The great cyberwar of
2002: A WIRED Scenario. WIRED, 122-127,
160-170.
Arquilla, J., & Ronfeldt, D. (Eds.). (2001). Networks
and netwars: The future of terror, crime, and mili-
tancy. Santa Monica, CA: RAND.
Arquilla, J., & Ronfeldt, D. F. (1996). The advent of
netwar. Santa Monica, CA: RAND.
Austin, J. L. (1962). How to do things with words. Lon-
don: Oxford University Press.
Barak, S. (2004). Between violence and ‘e-jihad’: Mid-
dle Eastern terror organizations in the information
age. In L. Nicander & M. Ranstorp (Eds.), Terrorism
in the information age–new frontiers? (pp. 83-96).
Stockholm: Swedish National Defence College.
Bendrath, R. (2001). The cyberwar debate: Perception
and politics in US critical infrastructure protection.
Information & Security: An International Journal, 7,
80-103.
Bendrath, R. (2003). The American cyber-angst and the
real world–any link? In R. Latham (Ed.), Bombs and
bandwidth: The emerging relationship between IT
and security (pp. 49-73). New York: The New Press.
Bendrath, R., Eriksson J., & Giacomello G. (2006).
Cyberterrorism to cyberwar, back and forth: How the
United States securitized cyberspace. In J. Eriksson
& G. Giacomello (Eds.), International relations and
security in the digital age (pp. 57-82). London:
Routledge.
Berkowitz, B. D. (1997). Warfare in the information
age. In J. Arquilla & D. Ronfeldt (Eds.), In Athena’s
camp: Preparing for conflict in the information age
(pp. 175-189). Santa Monica, CA: RAND.
Bowman, L. M. (2000, December 10). Cybercrime fight-
ers: The feds want you! ZDNet News. Retrieved May
2, 2007 from http://news.zdnet.com/2100-9595_
22-526271.html?legacy=zdnn
Buzan, B., Wæver, O., & de Wilde, J. (1998). Security:
A new framework for analysis. Boulder, CO:
Rienner.
Campen, A. (1992). The first information warfare.
Fairfax, VA: AFCEA International Press.
Cashell, B., Jackson, W. D., Jickling, M., & Webel, B.
(2004). The economic impact of cyber-attacks (Con-
gressional Research Service Documents, CRS
RL32331). Washington, DC: Congressional Re-
search Service.
Castells, M. (1996). The rise of the network society. Ox-
ford, England: Blackwell.
Cha, A. E., & Krim, J. (2002, August 22). White House
officials debating rules for cyberwarfare. The Wash-
ington Post, p. A02.
Chertoff, M. (2005, July 14). Statement of Secretary Mi-
chael Chertoff, U.S. Department of Homeland Secu-
rity, before the United States Senate Committee on
Homeland Security and Government Affairs, Wash-
ington, DC. Retrieved May 2, 2007 from http://
www.homelandsecurity.ms.gov/docs/Chertoff
Testimony_Senate_07142005.pdf
CIA. (2002, April 8). The Questions for the Record from
the Worldwide Threat Hearing on 6 February 2002.
Retrieved May 3, 2007 from http://www.fas.org/
irp/congress/2002_hr/020602cia.html
Cohn, C. (1987). Sex and death in the rational world of
defense intellectuals. Signs: Journal of Women in
Culture and Society, 12, 687-718.
Collin, B. C. (1997). The future of cyberterrorism:
Where physical and virtual worlds converge. Crime
& Justice International, 13, 15-18.
Conway, M. (2002, November 4). Reality bytes:
Cyberterrorism and terrorist ‘use’ of the Internet.
Firstmonday, 7. Retrieved May 2, 2007 from http://
firstmonday.org/issues/issue7_11/Conway
Cox, R. W. (1992). Towards a post-hegemonic concep-
tualization of world order: Reflections on the rele-
vancy of Ibn Khaldun. In J. N. Rosenau & E.
Czempiel (Eds.), Governance without government:
Order and change in world politics, Cambridge
Studies in International Relations Nr. 20 (pp.
132-158). Cambridge, England: Cambridge Univer-
sity Press.
DCI Center for Security Evaluation Standards Group.
(1995, September 15). An inventory of standards af-
fecting security, 7th annual edition. Retrieved May 2,
 Myriam Dunn Cavelty
2007 from http://www.fas.org/sgp/othergov/inventory.
html
Defense Science Board (DSB). (1994). Report of the
Defense Science Board Summer Study Task Force on
information architecture for the battlefield. Wash-
ington, DC: Department of Defense.
Defense Science Board (DSB). (1996). Report of the
Defense Science Board Task Force on Information
Warfare–Defense (IW-D). Washington, DC: Depart-
ment of Defense.
Denning, D. (2000, May 23). Cyberterrorism: Testi-
mony before the Special Oversight Panel on Terror-
ism. Committee on Armed Services, U.S. House of
Representatives. Retrieved May 2, 2007 from http://
www.cs.georgetown.edu/~denning/infosec/cyberterror.
html
Denning, D. (2001a). Is Cyber-terror next? Essay for the
Social Science Research Council. Retrieved May 2,
2007 from http://www.ssrc.org/sept11/essays/denning.
htm
Denning, D. E. (2001b). Activism, hacktivism, and
cyberterrorism: The Internet as a tool for influencing
foreign policy. In J. Arquilla & D. Ronfeldt (Eds.),
Networks and netwars: The future of terror, crime,
and militancy (pp. 239-288). Santa Monica, CA:
RAND.
Department of Homeland Security (DHS). (2006, Sep-
tember 12). Cyber storm: Exercise report. Washing-
ton, DC. Retrieved May 3, 2007 from http://www.
dhs.gov/xlibrary/assets/prep_cyberstormreport_sep06.
pdf
Deutch, J. (1996, June 25). Testimony of the Director of
U.S. Central Intelligence before the Senate Govern-
mental Affairs Committee, Permanent Subcommittee
on Investigations.
Devost, M. G. (1995). National security in the informa-
tion age. Unpublished master’s thesis, University of
Vermont, Burlington. Retrieved May 7, 2007 from
http://www.devost.net/papers/national_security_in_the_
information_age.html
Devost, M. G., Houghton, B. K., & Pollard, N. A.
(1997). Information terrorism: Political violence in
the information age. Terrorism and Political Vio-
lence, 9, 72-83.
Dunn Cavelty, M. (in press). Cyber-security and threat
politics: US efforts to secure the information age.
London: Routledge.
Dunn Cavelty, M. & Mauer, V. (in press). Concluding
remarks: The role of the state in securing the infor-
mation age–challenges and prospects. In M. Dunn
Cavelty, V. Mauer, & S. Krishna-Hensel (Eds.).
Power and security in the information age: Investi-
gating the role of the state in cyberspace. Aldershot,
England: Ashgate.
Dunn, M. & Wigert, I. (2004). The international CIIP
handbook 2004: An inventory of protection policies
in fourteen countries. Zurich, Switzerland: Center
for Security Studies.
33
Dunn, M. (2002). Information age conflicts: A study on
the information revolution and a changing operating
environment (Zürcher Beiträge zur Sicherheit-
spolitik und Konfliktforschung, No. 64). Zurich,
Switzerland: Center for Security Studies.
Dutton, W. H. (Ed.). (1999). Society on the line: Infor-
mation politics in the digital age. Oxford, England:
Oxford University Press.
Ellison, R. J., Fisher, D. A., Linger, R. C., Lipson, H. F.,
Longstaff T., & Mead, N. R. (1997, November). Sur-
vivable network systems: An emerging discipline.
(Technical Report. CMU/SEI-97-TR-013. ESC-TR-
97-013). Pittsburgh, PA: Carnegie Mellon Univer-
sity, Software Engineering Institute. Retrieved May
2, 2007 from http://www.cert.org/research/97tr013.
pdf
Eriksson, A. E. (1999). Information warfare: Hype or
reality? The Non-Proliferation Review, 6, 57-64.
Eriksson, J. (Ed.). (2001a) Threat politics: New per-
spectives on security, risk and crisis management.
Aldershot, England: Ashgate.
Eriksson, J. (2001b). Cyberplagues, IT, and security:
Threat politics in the information age. Journal of
Contingencies and Crisis Management, 9, 211-222.
Eriksson, J. & Giacomello, G. (2006). The information
revolution, security, and international relations:
(IR)relevant theory? International Political Science
Review, 27, 221-244.
Eriksson, J., & Noreen, E. (2002). Setting the agenda of
threats: An explanatory model (Uppsala Peace Re-
search Papers, 6). Uppsala, Sweden: Uppsala
Universitet. Retrieved May 2, 2007 from http://
www.pcr.uu.se/publications/UPRP_pdf/uprp_no_6.
pdf
Exec. Order No. 13,228, 3 C.F.R. 796 (2001).
Exec. Order No. 13,231, 66 Fed. Reg. 53,063 (2001).
Fisher, U. (2001, November). Information age state se-
curity: New threats to old boundaries. Journal for
Homeland Security. Retrieved May 2, 2007 from
http://www.homelandsecurity.org/journal/articles/
fisher.htm
Freeh, L. J. (1997, May 13). Statement of Louis J. Freeh,
Director, Federal Bureau of Investigation, Depart-
ment of Justice. In U.S. Senate Committee on Appro-
priations, Counterterrorism: Hearing before the
Committee on Appropriations, United States Senate,
One Hundred Fifth Congress, first session: Special
Hearing. Retrieved May 2, 2007 from http://www.
fas.org/irp/congress/1997_hr/sh105-383.htm
French, G. S. (2000). Shunning the frumious band-
ersnatch: Current literature on information warfare
and deterrence. The Terrorism Research Center, Inc.
Retrieved May 2, 2007 from http://www.terrorism.
com
Gamson, W. A. (1992). Talking politics. Cambridge,
England: Cambridge University Press.
Giacomello, G. & Eriksson J. (Eds.). (2007). Interna-
tional relations and security in the digital age. Lon-
don: Routledge.
34 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS
Gladman, B. (1998, September). Wassenaar controls,
cyber-crime and information terrorism. Leeds, UK:
Cyber-Rights & Cyber-Liberties (UK). Retrieved
May 2, 2007 from http://www.cyber-rights.org/crypto/
wassenaar.htm
Gross, G. (2004, October 1). U.S. cybersecurity chief re-
signs: Amit Yoran, said to be frustrated with prog-
ress, gives one-day notice. IDG News Service.
Retrieved May 2, 2007 from http://www.infoworld.
com/article/04/10/01/HNchiefresigns_1.html?
DISASTER%20RECOVERY
Howarth, D. (2000). Discourse. Buckingham, England:
Open University Press.
Hundley, R. O. & Anderson, R. H. (1997). Emerging
challenge: Security and safety in cyberspace. In J.
Arquilla & D. Ronfeldt (Eds.), In Athena’s camp:
Preparing for conflict in the information age (pp. 231-
252). Santa Monica, CA: RAND.
Ingles-le Nobel, J. J. (1999, October 21). Cyberterrorism
hype. Jane’s Intelligence Review. Retrieved May 3,
2007 from http://212.111.49.124/cyberterror/resources/
janes/jir0525.htm
Jacoby, L. (2003, February 11). Statement for the record
of Vice Admiral Lowell E. Jacoby, USN, Director,
Defense Intelligence Agency before the Senate Se-
lect Committee on Intelligence. In Current and pro-
jected national security threats to the United States:
Hearing before the Select Committee on Intelligence
of the United States Senate, One Hundred Eighth
Congress, First Session (pp. 48-67). Washington, DC:
Government Printing Office. Retrieved May 3, 2007
from http://purl.access.gpo.gov/GPO/LPS42906
Joint Security Commission (JSC). (1994, February 28).
Redefining security: A report to the Secretary of De-
fense and the Director of Central Intelligence. Wash-
ington, DC: US Government Printing Office.
Kolet, K. S. (2001). Asymmetric threats to the United
States. Comparative Strategy, 20, 277-292.
Kristensen, K. S. (in press). ‘The absolute protection of
our citizens’: Critical infrastructure protection and
the practice of Security. In M. Dunn Cavelty & K. S.
Kristensen (Eds.), The politics of securing the home-
land: Critical infrastructure, risk and securitisation.
London: Routledge.
Lacey, M. (2000, December 9). Clinton gives a final for-
eign policy speech. The New York Times.
Latham, R. (Ed.). (2003). Bombs and bandwidth: The
emerging relationship between IT and security. New
York: The New Press.
Lewis, J. A. (2002, December). Assessing the risks of
cyber-terrorism, cyber war and other cyber threats.
Washington, DC: Center for Strategic and Interna-
tional Studies. Retrieved May 3, 2007 from http://
www.csis.org/media/csis/pubs/021101_risks_of_
cyberterror.pdf
Loader, B. D. (1997). The governance of cyberspace:
Politics, technology, and global restructuring. In B.
D. Loader (Ed.), The governance of cyberspace
(pp. 1-19). London and New York: Routledge.
Mark, R. (2004, October 1). U.S. cybersecurity chief re-
signs. eSecurity Planet. Retrieved May 3, 2007 from
http://www.esecurityplanet.com/trends/article.php/
3416161
Molander, R. C., Riddle, A. S, & Wilson, P. A. (1996).
Strategic information warfare: A new face of war.
Santa Monica, CA: RAND.
Moteff, J. (2006, September 14). Critical infrastruc-
ture: The national asset database. (CRS Report for
Congress, RL33648). Washington, DC: Congressio-
nal Research Service.
Moteff, J. (2007, March 13). Critical infrastructures:
Background, policy, and implementation (Congres-
sional Research Report for Congress, RL30153).
Washington, DC: Congressional Research Service.
Mueller, R. S. (2003, February 11). Testimony of Rob-
ert S. Mueller, III, Director, Federal Bureau of Inves-
tigation before the Select Committee on Intelligence
of the United States Senate Washington. In Current
and projected national security threats to the United
States: Hearing before the Select Committee on In-
telligence of the United States Senate, One Hundred
Eighth Congress, First Session (pp. 31-47). Wash-
ington, DC: Government Printing Office. Retrieved
May 3, 2007 from http://purl.access.gpo.gov/
GPO/LPS42906
National Academy of Sciences (NAS), Computer Sci-
ence and Telecommunications Board (1991). Com-
puters at risk: Safe computing in the information age.
Washington, DC: National Academy Press.
National Infrastructure Protection Center (NIPC).
(2002, 30 January). Terrorist interest in water supply
and SCADA systems. Information Bulletin 02-001.
Nelson, B., Choi, R., Iacobucci, M., Mitchell, M., &
Gagnon, G. (1999). Cyberterror: Prospects and im-
plications. White Paper prepared for the Defense In-
telligence Agency Office for Counterterrorism
Analysis. Monterey, CA: Center for the Study of
Terrorism and Irregular Warfare (CSTIW).
Nicander, L. & Ranstorp, M. (Eds.). (2004). Terrorism
in the information age–New frontiers? Stockholm:
Swedish National Defense College.
Oliver, P. E. & Johnston, H. (2000). What a good idea:
Frames and ideologies in social movements research.
Mobilization, 5, 37-54.
Pollitt, M. M. (1997). Cyberterrorism–Fact or fancy?
Proceedings of the 20th National Information Sys-
tems Security Conference, 1997, 285-289. Retrieved
May 3, 2007 from http://csrc.nist.gov/nissc/1997/
proceedings/nissc97.zip
Poulsen, K. (1999, September 8). Info war or electronic
sabre rattling? ZDNet. Retrieved May 3, 2007 from
http://news.zdnet.com/2100-9595_22-515631.html?
legacy=zdnn
President’s Commission on Critical Infrastructure Pro-
tection (PCCIP). (1997). Critical foundations: Pro-
tecting America’s infrastructures. Washington, DC:
Government Printing Office.
 Myriam Dunn Cavelty
Rathmell, A., Overill, R., Valeri, L., & Gearson, J.
(1997, June). The IW threat from sub-state groups:
An interdisciplinary approach. Paper presented at the
Third International Symposium on Command and
Control Research and Technology, Institute for Na-
tional Strategic Studies–National Defense Univer-
sity, Washington, DC. Retrieved May 8, 2007 from
http://www.kcl.ac.uk/orgs/icsa/Old/terrori.html
Reus-Smit, C. (1996). The constructivist turn: Critical
theory after the Cold War. (Working Paper No.
1996/4). Canberra: Australian National University.
Ryan, C. (1991). Prime time activism: Media strategies
for grass roots organizing. Boston: South End Press.
Schwartau, W. (1994). Information warfare. Cyber-
terrorism: Protecting your personal security in the
electronic age (2nd ed.). New York: Thundermouth
Press.
Searle, J. R. (1969). Speech acts: An essay in the philos-
ophy of language. Cambridge, England: Cambridge
University Press.
Smith, G. (1998, Fall). An electronic Pearl Harbor? Not
likely. Issues in Science and Technology, 15. Re-
trieved May 3, 2007 from http://www.issues.org/
15.1/smith.htm
Smith, G. (2000). How vulnerable is our interlinked in-
frastructure? In D. S. Alberts & D. S. Papp (Eds.),
The information age: An anthology of its impacts and
consequences (Vol. II, pp. 507-523). Washington
DC: National Defense University Press.
Snow, D. A. & Benford, R. D. (1992). Master Frames
and Cycles of Protest. In Morris, A. D. & Mueller, C.
M. (Eds.), Frontiers in social movement theory (pp.
133-155). New Haven, CT: Yale University Press.
Snow, D. A., Rocheford, E. B., Jr., Worden, S. K., &
Benford, R. D. (1986). Frame alignment processes,
micromobilization and movement participation.
American Sociological Review, 51, 464-481.
Sofaer, A. D. & Goodman, S. D. (2000). A proposal for
an international convention on cyber-crime and ter-
rorism. Stanford, CA: Center for International Secu-
rity and Cooperation, Stanford University.
Suter, M. (in press). Improving information security in
companies: How to meet the need for threat informa-
tion. In M. Dunn Cavelty, V. Mauer, & S.
Krishna-Hensel (Eds.), Power and security in the in-
formation age: Investigating the role of the state in
cyberspace. Aldershot, England: Ashgate.
Technical Analysis Group (TAG), Institute for Security
Technology Studies, Dartmouth College (2003, No-
vember). Examining the cyber capabilities of Islamic
terrorist groups. Hanover, NH: Dartmouth College.
Retrieved May 3, 2007 from https://www.ists.
dartmouth.edu/TAG/ITB/ITB_032004.pdf
Tenet, G. J. (1997, February 5). Statement by Acting Di-
rector of Central Intelligence George J. Tenet before
the Senate Select Committee on Intelligence Hearing
on Current and Projected National Security Threats
to the United States. Retrieved May 3, 2007 from
http://www.fas.org/irp/congress/1997_hr/s970205t.htm
35
Tenet, George J. (1998, June 24). Testimony by Director
of Central Intelligence George J. Tenet before the
Senate Committee on Government Affairs. Retrieved
May 3, 2007 from http://www.fas.org/irp/congress/
1998_hr/980624-dci_testimony.htm
Tenet, George J. (1999, February 2). Statement of the
Director of Central Intelligence George J. Tenet As
Prepared for Delivery Before the Senate Armed Ser-
vices Committee Hearing on Current and Projected
National Security Threats.. Retrieved May 3, 2007
from https://www.cia.gov/cia/public_affairs/speeches/
1999/ps020299.html
Tenet, George J. (2000, February 2). The Worldwide
Threat in 2000: Global Realities of Our National Se-
curity. Statement by Director of Central Intelligence
George J. Tenet Before the Senate Select Committee
on Intelligence. Retrieved May 3, 2007 from https://
bcia.gov/cia/public_affairs/sh_ 032100.html
Tenet, George J. (2002, March 19). Worldwide Threat–
Converging Dangers in a Post 9/11 World. Testi-
mony of the Director of Central Intelligence before
the Senate Select Committee on Intelligence. Re-
trieved May 3, 2007 from http://www.fas.org/
irp/congress/2002_hr/020602tenet.html
The White House (1984, September 17). National Pol-
icy on Telecommunications and Automated Informa-
tion Systems Security. National Security Decision
Directive Number 145. Washington, DC: President
of the United States. Retrieved May 3, 2007 from
http://www.fas.org/irp/offdocs/nsdd145.htm
The White House, Office of the Press Secretary (1998a,
May 22). Fact Sheet. Combating Terrorism: Presi-
dential Decision Directive 62. Washington, DC: Pres-
ident of the United States. Retrieved May 3, 2007
from http://www.fas.org/irp/offdocs/pdd-62.htm
The White House. (1998b, May 22). Protecting Amer-
ica’s critical infrastructures: Presidential decision
directive 63. Washington, DC: President of the
United States.
The White House. (2000). Defending America’s
cyberspace: National plan for information systems
protection: An invitation to a dialogue (Version 1.0).
Washington, DC: President of the United States.
Thomas, T. L. (2003, Spring). Al Qaeda and the
Internet: The danger of cyberplanning. Parameters
(Spring), 112-123.
Thornton, A. (2001). Does the Internet create democ-
racy? Ecquid Novi, 22, 126-147.
Tilford, E. H., Jr. (1995). The revolution in military af-
fairs: Prospects and cautions. Carlisle Barracks, PA:
Strategic Studies Institute.
Vatis, M. A. (1998, February 10) Statement by Michael
Vatis, deputy assistant director and chief of the Fed-
eral Bureau of Investigation’s National Infrastruc-
ture Protection Center (NIPC) before the Senate
Judiciary Subcommittee on Terrorism, Technology
and Government Information. Retrieved May 3,
2007 from http://www.fas.org/irp/congress/ 1998_hr/
98061101_ppo.html
 36 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS
Vatis, M. A. (2001). Cyber attacks during the war on ter-
rorism: A predictive analysis. (Working Paper).
Hanover: Institute for Security Technology Studies at
Dartmouth College. Retrieved May 3, 2007 from
http://www.ists.dartmouth.edu/analysis/cyber_a1.pdf
Verton, D. (2004, October 1). Nation’s cybersecurity
chief abruptly quits DHS post: ‘I’m not a long-term
government kind of guy,’ says Amit Yoran.
Computerworld. Retrieved May 3, 2007 from
http://www.computerworld.com/managementtopics/
management/story/0,10801,96369,00.html
Wæver, O. (1995). Securitization and desecuritization.
In R. Lipschutz (Ed.), On security (pp. 46-86). New
York: Columbia University Press.
Wallace, C. (2002, September 16). Will next terror at-
tack be electronic? Experts fear terrorists may attack
through cyberspace. ABC News.com. Retrieved May
3, 2007 from http://abcnews.go.com/WNT/story?
id=130108&page=1
Walt, S. (1991). The renaissance of security studies. In-
ternational Studies Quarterly, 35, 211-239.
Watson, D. L. (2002, February 6). The Terrorist Threat
Confronting the United States, Statement for the Re-
cord of the Executive Assistant Director on Counter-
terrorism and Counterintelligence, Federal Bureau
of Investigation, before the Senate Select Committee
on Intelligence, Washington, DC. Retrieved May 3,
2007 from http://www.fbi.gov/congress/congress02/
watson020602.htm
doi:10.1300/J516v04n01_03
View publication stats
Weimann, G. (2004a, March). www.terror.net. How
modern terrorism uses the Internet. (United States
Institute of Peace, Special Report 116).Washington,
DC: United States Institute of Peace.
Weimann, G. (2004b). Cyberterrorism–How real is the
threat? (United States Institute of Peace, Special Re-
port 119). Washington, DC: United States Institute
of Peace.
Wilson, C. (2003, October 17). Computer Attack and
Cyber-terrorism: Vulnerabilities and Policy Issues
for Congress (CRS Report for Congress, RL32114).
Washington, DC: Congressional Research Service.
Wilson, T. R. (2000, February 2). Military threats and
security challenges through 2015. Statement before
the Senate Select Committee on Intelligence given by
Vice Admiral Thomas R. Wilson Director, Defense
Intelligence Agency. Retrieved May 3, 2007 from
http://www.fas.org/irp/congress/2000_hr/000202-
wilson.htm
Winner, L. (1977). Autonomous technology: Technics-
out-of-control as a theme in political thought. Cam-
bridge MA: MIT Press.
Received: 01/05/2007
Revised: 04/30/2007
Accepted: 05/06/2007