Documente Academic
Documente Profesional
Documente Cultură
discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/233310365
CITATIONS READS
32 175
1 author:
SEE PROFILE
All content following this page was uploaded by Myriam Dunn Cavelty on 13 October 2014.
ABSTRACT. For some years, experts and government officials have warned of cyber-terrorism
as a looming threat to national security. However, if we define cyber-terror as an attack or series of
attacks that is carried out by terrorists, that instills fear by effects that are destructive or disruptive,
and that has a political, religious, or ideological motivation, then none of the disruptive cyber-inci-
dents of the last years qualify as examples of cyber-terrorism. So why has this fear been so persis-
tent? Instead of trying to answer how long cyber-terror is likely to remain a fictional scenario, this
paper analyzes the US cyber-terror discourse from a constructivist security studies angle: It looks
at how cyber-threats in general, and cyber-terror in particular are framed, and speculates on
characteristics that are responsible for the rapid and considerable political impact of the widespread
conceptualization of aspects of information technology as a security problem in the 1990s.
doi:10.1300/J516v04n01_03 [Article copies available for a fee from The Haworth Document Delivery Service:
1-800-HAWORTH. E-mail address: <docdelivery@haworthpress.com> Website: <http://www.HaworthPress.
com> © 2007 by The Haworth Press. All rights reserved.]
Myriam Dunn Cavelty, PhD, is Head of the New Risks Research Unit, Center for Security Studies (CSS), ETH
Zurich, Switzerland; Coordinator of the Crisis and Risk Network (CRN), a Swiss-Swedish Internet and workshop
initiative for international dialog on national-level security risks and vulnerabilities; and Lecturer at the University
of Zurich and the Swiss Federal Institute of Technology. Dr. Dunn Cavelty holds a degree in political science, mod-
ern history, and international law from the University of Zurich.
Address correspondence to: Myriam Dunn Cavelty, Center for Security Studies (CSS), ETH Zurich, WEC,
Weinbergstrasse 11, CH-8092 Zurich, Switzerland (E-mail: dunn@sipo.gess.ethz.ch).
This paper has won the “Millennium Award 2006 for an Outstanding Research Paper by a Younger Scholar”
from the Comparative Interdisciplinary Studies Section of the International Studies Association. The author would
like to thank seven anonymous reviewers for their insightful comments and suggestions for improvements.
Journal of Information Technology & Politics, Vol. 4(1) 2007
Available online at http://jitp.haworthpress.com
© 2007 by The Haworth Press. All rights reserved.
doi:10.1300/J516v04n01_03 19
20 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS
cept that was closely linked to the critical infra- which these two groups differ is whether or to
structure protection (CIP) debate on the what degree there is a credible or likely connec-
national security agenda. tion between terrorism and cyber-terrorism be-
While governments and the media repeat- yond the suspected vulnerability of critical
edly distribute information about cyber- infrastructures (cf. Nicander & Ranstorp, 2004,
threats, real cyber-attacks resulting in deaths p. 15) and consequently, at what point in future
and injuries remain largely the stuff of Holly- time such an attack might occur. While it is
wood movies or conspiracy theory. In fact, undisputed in both communities that cyber-at-
menacing scenarios of major disruptive occur- tacks and cyber-incidents cause major incon-
rences in the cyber-domain, triggered by mali- veniences and have cost billions of US dollars
cious actors, have remained just that– in lost intellectual property, maintenance and
scenarios. Nonetheless, for the US government repair, lost revenue, and increased security in
(and to a lesser degree other governments the last couple of years (Cashell, Jackson,
around the world), the decision has been far Jickling, & Webel, 2004), these two groups dif-
more straightforward: it considers the threat to fer considerably in their assessment of the fu-
national security to be real, has extensively ture point in time at which such an attack might
studied various aspects of cyber-threats, and occur, and some even doubt whether there truly
spends considerable sums on a variety of coun- is a national security threat linked to the Internet
termeasures (Abele-Wigert & Dunn, 2006). and the information infrastructure.
This observation raises interesting questions The main reason for this controversy is that
from a security studies perspective: Why and cyber-threats have not materialized as a na-
how is a threat that has little or no relation to tional security threat, even granted that there
real-world occurrences included on the secu- have been some few incidents with at least
rity political agenda? Are there specific some potential for grave consequences. Inter-
characteristics that make it particularly likely to estingly enough, both hypers and de-hypers
be there? tend to agree on this point. But while the first
Due to its vague nature, cyber-terrorism is a group assumes that vicious attacks that wreak
playfield for very different and diverse commu- havoc and paralyze whole nations are immi-
nities, concerned with topics such as freedom nent, more cautious researchers often point to
of speech and Internet censorship (Gladman, the practical difficulties of a serious cyber-
1998; Weimann, 2004a); cyber crime in con- attack (Ingles-le Nobel, 1999), question the as-
nection with terrorism (Sofaer & Goodman, sumption of critical infrastructure vulnerabilities
2000); or information warfare and sub-state (Lewis, 2002; Smith, 1998, 2000), or point to
groups (Devost, Houghton, & Pollard, 1997; unclear benefits of cyber-attacks for terrorist
Rathmell, Overill, Valeri, & Gearson, 1997). groups (Barak, 2004). Despite this caution,
This article will focus on cyber-threats and however, even the second group contends that
cyber-terror broadly framed as a national secu- one “cannot afford to shrug off the threat”
rity issue. Previous research on the topic has (Denning, 2001a) due to unclear and rapid fu-
generally been highly specific and policy-ori- ture technological development as well as dy-
ented (Alberts & Papp, 1997; Arquilla & namic change of the capabilities of terrorism
Ronfeldt, 1996) and has often uncritically groups themselves (Technical Analysis Group,
adopted arguments on the nature and scale of 2003). To summarize the debate in a nutshell:
cyber-terrorism from official statements or due to too many uncertainties concerning the
pieces of media coverage.2 This is epitomized scope of the threat, experts are unable to con-
in the tendency of many authors to hype the is- clude whether cyber-terror is fact or fiction, or,
sue with rhetorical dramatization and alarmist since they are unwilling to dismiss the threat
warnings (cf. Arquilla, 1998; Schwartau, completely, how long it is likely to remain fic-
1994). On the other hand, the considerable hype tion.
has brought forth a counter-movement of more So far, relatively few attempts have been
cautious voices that are deliberately more spe- made to apply IR theory in analyzing this devel-
cific in their estimates of the threat (cf. Lewis, opment, with a few exceptions (Eriksson &
2002; Wilson, 2003). The key question on Giacomello, 2006; Giacomello & Eriksson,
Myriam Dunn Cavelty 21
2007; partly Latham, 2003). Research that has considering the salience of this threat rather
focused particularly on aspects of the construc- than simply arguing over its significance, it
tion of information-age security threats is also pushes the debate in a new direction and pro-
little influenced by theory or is mostly outdated vides much-needed grounding and reference
(Bendrath, 2001, 2003; Eriksson, 2001b; newer: for the public debate on cyber-security.
Bendrath, Eriksson, & Giacomello, 2007; Dunn This paper has three parts. First, the theoreti-
Cavelty, in press). There is an agreement, cal framework is introduced. Second, the paper
though, that the elusive and unsubstantiated na- reconstructs how cyber-threats in general and
ture of cyber-threats means that approaches cyber-terror in particular have been framed and
rooted in the constructivist mindset with a sub- treated over the years. Third, specific traits of
jective ontology are particularly suitable for its cyber-threat frames are analyzed.
analysis. Such approaches are typically linked
to the constructivist research agenda and apply
critical self-reflection to the inherently contra- THE FRAMING
dictory and problematic concept of security. OF SECURITY THREATS
These approaches were particularly influenced
by the question of how and why new threats As the end of the Cold War by and large coin-
were moved onto the security agendas after the cided with the beginnings of the information
end of the Cold War. revolution, this technological development–
Traditional security policy research views which is about a special set of technologies, of-
threat images as given and actually out there, ten subsumed under the heading of information
and assumes that security policies are re- and communication technologies (ICT) (Al-
sponses to an objective increase of threats and berts, Papp, & Kemp, 1997)–had a consider-
risks (Walt, 1991). With constructivist ap- able impact on the perception and shaping of
proaches however, the focus is on how, when, new threats. Next to the vast opportunities of an
and with what consequences political actors ICT-dominated age in terms of economic de-
frame something–anything–as a security issue, velopment and democratization (Dutton, 1999;
with a strong emphasis on speech acts, that is, Loader, 1997; Thornton, 2001) worries about
political language, and the implications this has the security or rather the insecurity of digital
for political agenda-setting and political rela- networks were of major concern from the be-
tions (Adler, 1997; Buzan, Wæver, & Wilde, ginning. While extensively discussed on the
1998; Reus-Smit, 1996; Wæver, 1995). In or- technical level under the heading of IT-secu-
der to analyze why cyber-threats occupy such a rity, the information revolution was early on
prominent position on the security political perceived to have a number of negative impli-
agenda, this paper introduces a framework for cations for national security (Abele- Wigert &
the analysis of threat frames (Eriksson, 2001b; Dunn, 2006; Dunn & Wigert, 2004; Hundley &
Eriksson & Noreen, 2002; Eriksson, 2001a), Anderson, 1997).
partly based on the Copenhagen school’s secu- It has become common in the information
ritization approach (Buzan, Wæver, & Wilde, age to coin new terms by simply placing the pre-
1998). Threat framing refers to the process fixes cyber, computer, or information before
whereby particular agents develop specific in- another word. Thus, an entire arsenal of expres-
terpretive schemas about what should be con- sions–among them cyber-crime, information
sidered a threat or risk, how to respond to this warfare, and cyber-terrorism–has been created.
threat, and who is responsible for it. Due to the newness of the topic and the sensa-
The paper focuses on the characteristics that tionalist nature of the discourse on it, there have
might be responsible for the swiftness and con- been few semantic walls erected around the rel-
siderable political impact of the widespread evant concepts in the information security tax-
conceptualization of IT as a security problem. onomy, with the result that these terms have so
In doing so, it aims to shed light on how the is- many meanings and nuances that the words
sue of cyber-terrorism is perceived and repre- quickly become confusing or lose their mean-
sented by the US government, and what the ing altogether (Dunn, 2007; Fisher, 2001).3 The
consequences of this perception are. Thus, by term cyber-threats, for example, denotes a rather
22 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS
vague notion signifying the malicious use of in- ism at the top of his list of modern threats to the
formation and communication technologies ei- American way of life in 1999, when he said that
ther as a target or as a weapon. Cyber-terrorism “in my opinion, neither missile proliferation nor
is one clear case of a cyber-threat. As the issue weapons of mass destruction are as serious as the
of cyber-terrorism has grown in popularity over threat [of cyberterrorism]” (Poulsen, 1999). In
the years, it has also acquired a range of mean- September 2002, Richard Clarke, former Spe-
ings, depending on the context in which it is cial White House Adviser for Cyberspace Secu-
used. rity, told ABC News: “[Cyber- terrorism is]
The term cyber-terrorism was allegedly much easier to do than building a weapon of
coined in the 1980s by Barry Collin, a senior re- mass destruction. Cyber-attacks are a weapon of
search fellow at the Institute for Security and mass disruption, and they’re a lot cheaper and
Intelligence in California, as a hybrid term that easier” (Wallace, 2002).
encompasses the concepts of cybernetics and What is the meaning of such statements, one
terrorism (Collin, 1997; Conway, 2002). In might ask? At all times, the cyber-threats de-
subsequent years, the term cybernetics was re- bate was (and is) highly political. It is not only
placed by the term cyberspace, so that the con- about predicting the future, but also about how
cept is now composed of two elements: cyber- to prepare for it in the present. As a result of this,
space and terrorism. As both concepts are noto- turf battles on different levels of government
riously difficult to define, cyber-terror itself are the rule and ongoing. As there have been no
was and still is a very elusive and poorly-de- major destructive attacks on the cyber-level,
fined concept. Academics agree in general that different scenarios, which are stories about
to be labeled cyber-terrorism, cyber-incidents possible futures, are providing the grounds on
must be mounted by sub-national terrorist which decisions have to be made. The different
groups,4 be aimed at parts of the information in- actors involved–ranging from government
frastructure, instill terror by effects that are suf- agencies to the technology community to insur-
ficiently destructive or disruptive to generate ance companies–with their divergent interests
fear, and must have a political, religious, or are therefore competing with each other by
ideological motivation (Denning, 2000, 2001a, means of constructed versions of the future
2001b; Devost, Houghton, & Pollard, 1997; (Bendrath, 2001, 2003). Ultimately, it is about
Nelson, Choi, Iacobucci, Mitchell, & Gagnon, resources and about who is in charge to counter
1999; Pollitt, 1997). the threat.
According to this definition, none of the The so-called Copenhagen School of Secu-
larger and smaller disruptive cyber-incidents rity, in particular, developed an approach that
that we have experienced in the last couple of focuses on the process of bringing an issue from
years has been an example of cyber-terrorism. a politicized or even non-politicized stage into
Even though most terrorist groups have seized the security domain. This process is called se-
on the opportunity accorded by the information curitization (Buzan, Wæver, & Wilde, 1998).
revolution through an established multiple The process is seen as a socially constructed,
Web presence, access to uncensored propa- contextual speech act (Austin, 1962; Searle,
ganda, and by using the Web as an auxiliary re- 1969), meaning that by uttering the word secu-
cruitment and fundraising tool (Thomas, 2003; rity or another term expressing the need for ex-
Weimann, 2004a; Weimann, 2004b), cyber- ceptional measures, a professional of security,
space has so far mainly served as a force-multi- most often a state representative, claims a spe-
plier in intelligence gathering and target-acqui- cial right to use any means necessary to counter
sition for terrorist groups and not as an a certain threat (Wæver, 1995). Ultimately, this
offensive weapon. Despite this, the term is used means that issues become security issues not
frequently in the political domain, detached necessarily because a real existential threat ex-
from any academic definition of the issue, as a ists, but because the issue is successfully pre-
specter depicting a terrorist and a keyboard, sented and established by key actors in the
wreaking havoc that can disrupt an entire soci- political arena as such a threat. Securitization
ety. Somewhat exemplary, Congressman Curt studies aim to gain an understanding of who
Weldon (R-Pennsylvania) placed cyber-terror- securitizes (the actor) which issues (the threat
Myriam Dunn Cavelty 23
subject), for whom or what (the referent ob- tests for the legitimate definition of reality are
ject), why (the intentions and purposes), with held by ways of different categories as ex-
what results (the outcome), and under what pressed in frames. In the case of threat framing,
conditions (the structure) (Buzan, Wæver, & the process of categorizing something as a par-
Wilde, 1998, p. 32). ticular threat has practical consequences when
To explain why certain issues seem more key actors begin seeing the world according to
susceptible to securitization than others, and these categories.
this is also the focus of this article, some schol- Framing theory addresses three main ques-
ars have established a stronger link to (cogni- tions, the second of which will be our main
tive) framing research that looks at special traits focus: (a) how frames influence social action;
of the threat frames employed by key actors (b) which frames are particularly successful for
(Eriksson, 2001a; Eriksson, 2001b; Eriksson & what reasons; and (c) how frames can be changed
Noreen, 2002). Frame theory is rooted in lin- (Snow & Benford, 1988). There are three types
guistic studies of interaction and points to the of framing (ibid. 199-202):
way shared assumptions and meanings shape
the interpretation of any particular event (Oli- a. diagnostic framing, which is about
ver & Johnston, 2000). We understand fram- clearly defining a problem and assigning
ing to refer to the subtle selection of certain blame for the problem to an agent or
aspects of an issue in order to cue a specific re- agencies. In other words, this is about
sponse; the way an issue is framed explains designating that which appears to be
who is responsible and suggests potential solu- threatening (the subject of the threat im-
tions conveyed by images, stereotypes, mes- age or threat subject) and what is per-
sengers, and metaphors (Ryan, 1991, p. 59; ceived as threatened (the object of the
Snow & Benford, 1992; Snow, Rocheford, threat image or referent object);
Worden, & Benford, 1986). In threat framing, b. prognostic framing, which is about of-
government officials and experts use certain fering solutions, and proposing specific
phrases and also certain types of stories to add strategies, tactics, and objectives by
urgency to their case. Specific uses of language which these solutions may be achieved;
dramatize the actual threat: the use of specific c. motivational framing, to rally the troops
phrases and words make its construction as a behind the cause or a call for action.
national security threat possible in the first
place. Since there is no real-world reference for To this list, they add a fourth key element, frame
the threat, constant persuasion is required to resonance, meaning that the frame content
sustain the sense that it is a real danger. And be- must appeal to the existing values and beliefs of
cause the national security dimension is not
the target audience to become effective.
completely obvious, it is necessary to use spe-
In the following, we will conduct a mini-case
cific analogies (Cohn, 1987).
Frame analysis can be seen as a strand of dis- study on the framing of the US cyber-terror
course analysis that mainly focuses on relevant discourse. Even though such an approach does
content and argumentation (Gamson, 1992). not help to determine whether cyber-terror is
Framing is an empirically observable activity: fact or fiction or how long it will remain fiction,
frames are rooted in and constituted by we can identify those traits that have made
group-based social interaction, which is avail- cyber-threats such prominent features on the
able for first-hand observation, examination, national security policy agendas. Data for the
and analysis of texts (Snow & Benford, 1992). case study was collected from official policy
The high relevance of frames as social patterns papers, hearings, and other statements of key
is an outcome of the fact that frames define actors. Top-level documents reflect actual
meaning and determine actions. Specifically, presidential intentions, as opposed to public
socially accepted frames influence the actions statements of purpose, which frequently leave
of actors and define meaning in the public mind out sensitive details and, on occasion, directly
(Gamson, 1992, p. 110; Snow, Rocheford, conflict with the stated goals of the administra-
Worden, & Benford, 1986, p. 464). Social con- tion.
24 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS
One of the biggest threats to the future is 2001), terms that are frequently used in
going to be cyberterrorism–people fool- hearings, interviews, and press articles.
ing with your computer networks, trying The events of 11 September 2001 served to
to shut down your phones, erase bank re- further increase the awareness of vulnerabili-
cords, mess up airline schedules, do ties and the sense of urgency in protecting criti-
things to interrupt the fabric of life. cal infrastructures (Bush, 2001a, 2001b). First
and foremost, the attacks of 9/11 provided a
(Bowman, 2000, para. 7)
reason to restructure the overall organizational
framework of critical infrastructure protection
Both the PDD 62 and 63 and the National
(CIP) in the US. In the immediate aftermath of
Plan follow the PCCIP’s reasoning and cement 9/11, President George W. Bush signed two
the winning and dominant threat frame. After Executive Orders (EO) affecting CIP. With EO
that date, all the threat frames that are employed 13,228, entitled Establishing the Office of
in public hearings and other documents resem- Homeland Security and the Homeland Security
ble the PCCIP’s threat frame. In the report, it is Council of 8 October 2001, Bush set up an Of-
stressed that dependence on the information fice of Cyberdefense at the White House, as
and communications infrastructure have cre- part of the new Homeland Security Office,
ated new cyber-vulnerabilities (PCCIP, 1997, which in turn was part of the National Security
p. 5) and that potential adversaries include a Council (Executive Order No. 13,228, 2001).
very broad range of actors–“from recreational The mission of this office was to “develop and
hackers to terrorists to national teams of infor- coordinate the implementation of a compre-
mation warfare specialists” (ibid., p. 15). This hensive national strategy to secure the US from
very broad and indeterminate framing of the terrorist threats and attacks.” The second Exec-
threat subject is one of the hallmarks of the utive Order, EO 13,231 Critical Infrastructure
cyber-threat frame. On the referent object Protection in the Information Age, established
side, it was clearly established that “the nation the President’s Critical Infrastructure Protec-
is so dependent on our infrastructures that we tion Board, whose responsibility was to “rec-
must view them through a national security ommend policies and coordinate programs for
lens. They are essential to the nation’s security, protecting information systems for critical
economic health, and social well being” (ibid, infrastructure” (Executive Order No. 13,231,
p. vii). The dependence of society on the 2001).
information and communication infrastructure The Bush administration’s policy regarding
on the one hand, and the ever-more complex in- critical infrastructure protection represented a
terdependencies between infrastructures on the continuation of PDD-63 in many respects: The
other, were identified as creating new dimen- fundamental policy statements are essentially
sions of vulnerability, “which, when combined the same, as are the infrastructures identified
with an emerging constellation of threats, poses as critical, although they were expanded and
unprecedented national risk” (ibid., p. ix). emphasis was placed on targets that would re-
In the PCCIP report, cyber-threats are de- sult in large numbers of casualties (Moteff,
scribed as being even more dangerous than 2007, p. 12). There was one primary difference,
other new threats, especially because the neces- however. First, the Office of Homeland Secu-
sary weapons are so easy to acquire (PCCIP, rity was given overall authority for coordinat-
1997, p. 14). On the whole, there is little empha- ing critical infrastructure protection against
sis on the foreign intelligence threat, though it terrorist threats and attacks. Those responsibil-
still remains a concern. Among the far more vir- ities associated with information systems of
ulent topics are scenarios of states using infor- critical infrastructures were delegated to the
mation warfare means, or sub-state actors using President’s Critical Infrastructure Protection
the information infrastructures for their attack. Board. Furthermore, the board’s responsibili-
This development was accompanied by an ex- ties for protecting the physical assets of the na-
pansion of the vocabulary to incorporate new tion’s information systems were to be defined
terminology such as cyber-war, cyber-terror- by the assistant to the president for national se-
ism, or electronic Pearl Harbor (Bendrath, curity and the assistant to the president for
Myriam Dunn Cavelty 27
homeland security. While Clinton’s PDD-63 formation contained in the database, it contin-
focused primarily on cyber-security, it gave the ues to draw criticism for including thousands of
national coordinator responsibility to coordi- assets that many believe have more local im-
nate the physical and virtual security for all portance than national importance. A DHS re-
critical infrastructures. The above-mentioned port summarizing the results of Cyber Storm, a
Executive Orders not only segregated respon- four-day exercise designed to test how industry
sibility for protecting the nation’s information and the government would respond to a con-
infrastructure, but also considerably strength- certed cyber-attack on key information sys-
ened the physical aspect vis-à-vis the aspect of tems, was seen as another indicator for
cyber- attacks. insufficient progress made (DHS, 2006).
As a result of this, many critical voices were Cyber Storm suggested that government and
heard disapproving of the extent of the atten- private-sector participants had trouble recog-
tion given to the cyber-dimension. The fact that nizing the coordinated attacks, determining
the government’s first cyber-security chief whom to contact, and organizing a response.
abruptly resigned after one year with the US Despite this, it can be argued that the attacks
Department of Homeland Security raised seri- of 11 September 2001 did not bring many
ous questions in the press about the Bush ad- changes for the overall strategy–and, regard-
ministration’s ability to quickly improve the less of what might be commonly expected, did
nation’s cyber-security (cf. Gross, 2004; Mark, not bring any changes in the threat frames.
2004; Verton, 2004). Negative press was part
What we do see, however, is that at least ini-
of the reason why the second secretary of home-
land security, Michael Chertoff, proposed to tially, one main focus in public hearings was on
restructure the IAIP Directorate responsible the possibility of terrorists using cyber-means
for CIP and rename it the Directorate of Pre- for attacks. In addition, a number of studies
paredness as one of his Second Stage Review were conducted in the aftermath of 9/11 that fo-
recommendations in 2005 (Chertoff, 2005). cused on Muslim terrorists and their cyber-ca-
Later, the Information Analysis function was pabilities (National Infrastructure Protection
merged into a new Office of Intelligence and Center, 2002; TAG, 2001; Vatis, 2001). At this
Analysis. The Infrastructure Protection func- time, officials’ attention shifted from hackers
tion, with the same missions as outlined in the depicted as terrorists towards terrorist hackers,
Homeland Security Act, remained, but was and specifically Muslim ones. The few exam-
joined by other existing and new entities. In ples cited below again show how volatile and
addition, the restructuring established the po- unfounded the cyber-threat assessments still
sition of an assistant secretary for cyber secu- were. In his Senate testimony on The Terrorist
rity and telecommunications, which had long Threat Confronting the United States in Febru-
been advocated by many within the cyber- ary 2002, Dale L. Watson, the FBI’s executive
security community, and of an assistant secretary assistant director on counter-terrorism and
forinfrastructureprotection(Moteff,2007,p.15). counterintelligence, talked about an emerging
Generally speaking, the Bush administra- threat:
tion became bogged down in the details of im-
plementing its own strategy. Shortly before the Beyond criminal threats, cyber space also
beginning of Operation Iraqi Freedom in 2003, faces a variety of significant national se-
the DHS identified a list of 160 assets or sites curity threats, including increasing threats
that it considered critical to the nation, based on from terrorists . . . . Cyberterrorism–
their vulnerability to attack and potential con- meaning the use of cyber tools to shut
sequences. Over time, according to the DHS in- down critical national infrastructures
spector general, this initial priority list evolved (such as energy, transportation, or gov-
into what is now called the National Asset Data- ernment operations) for the purpose of
base, which, as of January 2006, contained over coercing or intimidating a government or
77,000 entries (Moteff, 2006; Moteff, 2007, civilian population–is clearly an emerg-
p. 25). While the DHS has reportedly made ing threat. (Watson, 2002, Cyber/Na-
progress on improving the reliability of the in- tional Infrastructure section, para. 2, 3)
28 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS
In March of 2002, the intelligence commu- hand, the prevalent threat frame was widely ac-
nity’s new global threat estimate was presented cepted and therefore highly stable. Not only
to Congress. CIA director George J. Tenet, was the diagnosis–a very wide range of poten-
when discussing possible cyber-attacks, talked tial perpetrators–accepted, but so was the prog-
mostly about terrorists, after having focused his nosis: Whether cyber-terror or cyber-warfare,
attention on the whole range of actors in previ- the countermeasures as laid out in the National
ous years (Tenet, 1997, 1998, 1999): Plan and Bush’s National Strategy to Secure
Cyberspace seemed to satisfy decision-mak-
We are also alert to the possibility of ers. In addition, all the turf battles between vari-
cyber warfare attack by terrorists . . . . At- ous agencies had been fought in the 1990s, so
tacks of this nature will become an in- that this specific threat occurred in a more set-
creasingly viable option for terrorists as tled phase: The lead of the law enforcement
they and other foreign adversaries be- community and the crucial importance of pub-
come more familiar with these targets, lic-private partnerships were widely accepted
and the technologies required to attack by all actors involved. The establishment of the
them. (Tenet, 2002, terrorism section, DHS, propagated as a step towards pulling
para. 9) down the artificial walls between institutions
that deal with internal threats and others that
In the CIA Answers to Questions for the Re- deal with external ones, did not fundamentally
cord, dated April 8, 2002, it is further specified change this perception: it merely changed parts
that of the organizational setting.
combines two of the great fears of the late 20th groups as the most dangerous threat. He said,
century: The fear of random and violent victim- “There are terrorist groups that are interested
ization and the distrust or outright fear of com- [in conducting cyber attacks]. We now know
puter technology, which both feed on the fear of that al Qaeda was interested. But the real major
the unknown (Pollitt, 1997). Terrorism is threat is from the information-warfare brigade
feared, and is meant to be feared, because it is or squadron of five or six countries” (Cha &
perceived as being random, incomprehensible, Krim, 2002, p. A02).
and uncontrollable. Technology, including in- Given this uncertainty, it is not surprising
formation technology, is feared because it is that the prognostic part of the frame remained
seen as complex, abstract, and arcane in its im- far more contested than the diagnostic part dur-
pact on individuals. Because computers do ing the entire debate. Issues of how to counter
things that used to be done by humans, there is the threat, mainly questions concerning re-
a notion of technology being out of control, a sponsibilities, were discussed until approxi-
recurring theme in political and philosophi- mately 1997, when the PCCIP threat frame
cal thought (Winner, 1977) that is even offered a solution that appealed to everyone.
strengthened by the increase in connectivity Notions of cyber-threats have originated
that the information revolution brings. They are among military as well as civilian actors. In the
ultimately seen as a threat to society’s core val- law enforcement community, cyber-crime has
ues, especially national security, and to the eco- become a particularly salient threat image.
nomic and social well-being of a nation. Within the military bureaucracy, the perceived
Therefore, they are inevitably presented as a threats have been framed as information war-
national security issue. fare, information operations, and cyber-war.
That officials in various agencies struggle to Both communities refer to cyber-terror, a
identify the most dangerous actors or to decide threat image that has remained very fuzzy.
whether states or non-state actors are more Among computer scientists, technicians, and
likely to become a threat is a consequence of the network operators, the threat images are usu-
very wide prognostic threat frame, especially ally much narrower, with an emphasis on at-
on the threat subject side. At the end of the tacks, exploits, and disruptions perpetrated
1990s the general consensus emerged that against computer networks, software conflicts,
states were the ones to worry about, because and other bugs which can lead to systems
they had greater capabilities–but that it was crashes. From the very beginning, the law en-
more likely that terrorists or criminals would at- forcement community played a strong role in
tack. As DIA Director Thomas Wilson said in the process due to existing resources, norms,
2000: and institutions. Members of the military took
the place of a framing, but not of an executing
Foreign states have the greatest potential actor: they gave cyber-threats a new face, but
capability to attack our infrastructure be- then had to cede responsibility and admit that
cause they possess the intelligence assets they could not provide the answer to them (De-
to assess and analyze infrastructure vul- fense Science Board, 1994, 1996; Joint Secu-
nerabilities, and the range of weap- rity Commission, 1994). The perceived nature
ons–conventional munitions, WMD, and of the threat as well as restraints stemming
information operations tools–to take ad- from norms and institutions made a bigger role
vantage of vulnerabilities. (Wilson, of the military establishment unfeasible. As a
2000, the growing asymmetric threat result, they became more or less marginalized
section, para. 5) in the broader debate after a certain point. Only
in the domain of information warfare, framed
The renewed focus on cyber-terrorists after as a traditional military task, did they retain pri-
9/11 proved a fairly temporary thing, too. mary responsibility and strive to advance de-
About a year after 9/11, Richard Clarke, then velopments in the domain.
head of the White House Office for Cyber Secu- Nonetheless, even though the issue of
rity, told the press that the government had be- cyber-threat is clearly linked to national secu-
gun to regard nation-states rather than terrorist rity on a rhetorical level, there are, in general,
30 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS
no exceptional measures envisaged that would infrastructure on the one hand, and ever-more
traditionally fall under the purview of national complex interdependencies between infra-
security apparatus. Therefore, the cyber- structures on the other. The information infra-
threats debate is an example of a failed securiti- structure, including its physical and cyber-
zation (cf. Bendrath, 2001). If we turn once components, is often named as a concrete target
again to securitization theory, the criterion of cyber-terror and, more generally, of cyber-
given by securitization theory is that issues be- threats. In the agent dimension, a danger has
come securitized when they are taken out of the been constructed that emanates from an enemy
“normal bounds of political procedure,” which who is located outside of the US, both in geo-
in turn amounts to a call for exceptional mea- graphical and in moral terms. This picture of a
sures (Buzan, Wæver & Wilde, 1998, p. 24). In dangerous other reinforces the idea of the na-
addition, securitization moves are only suc- tion as a collective self. The use of phrases like
cessful if an audience accepts the security argu- our computers or our infrastructures amplifies
ment (ibid., p. 25). A study of cyber-threat this effect. The reference object of security is
frames offer a possible interpretation of this: the entire US society. The logical and political
Even though the diagnostic part of current implication of this is that defense against
cyber-threat frames establishes a forceful link cyber-attacks comes under the purview of
to national security, the prognostic part does national security policy.
not. And apparently, the prognostic part, However, it was argued that the prognostic
which is about offering solutions, and propos- frame is more important than the diagnostic
ing specific strategies, tactics, and objectives threat frame. In fact, it is likely that the PCCIP
by which these solutions may be achieved, is threat frame has prevailed due to its prognostic
more important, as it is, ultimately, about real part rather than to its diagnostic one. Despite
consequences. the fact that there is national security rhetoric in
abundance, the actual countermeasures in
place rely on risk analysis and risk manage-
CONCLUDING REMARKS ment. This business rationale is forced upon
governments due to the fact that the private in-
In this paper, it was shown that terrorists dustry owns and operates about 85% to 95% of
have not used cyberspace as a weapon or target the US critical infrastructures and key assets,
so far, though they routinely make use of com- depending on the source. Therefore, much of
puters, the Internet, or cryptography for organi- the expertise and many of the resources re-
zational purposes. However, there is a lot of quired for planning and taking better protective
uncertainty as to the future development of this measures lie outside the federal government
threat. To answer the question of “how (Baird, 2002; Bosch, 2002; Goodman et al.,
likely–how soon” we would need concrete in- 2002). As a result, it is necessary to delegate a
telligence data of which non-state actor is likely large part of the responsibility for the protection
to employ cyber-tools as an offensive weapon of critical infrastructure to the private owners
at what point in time (Nicander & Ranstorp, and operators. Whereas the traditional logic of
2004, pp. 12-13)–data which is not available. A national security suggests unilateral govern-
different approach has therefore been chosen in ment action and policy, CIP policies are inevi-
this paper: It looked at the cyber-threat dis- tably blurred by domestic considerations and
course from a constructivist security studies other policy imperatives. In contrast to the logic
perspective and identified key aspects of the of security, the logic of risk is not binary, but
cyber-threat frame (and cyber-terror frame) in probabilistic. It is a constant process towards a
order to determine what aspects might be re- desired outcome. Thus, managing risk is essen-
sponsible for its strong position on the national tially about accepting that one is insecure, but
security agenda. constantly patching this insecurity, working to-
We find that on the rhetorical level, the dan- wards a future goal of more security (Kristen-
ger is said to be caused by new and poorly un- sen, in press).
derstood vulnerabilities due to dependence of Ultimately, all of this has a desecuritizing ef-
society on the information and communication fect. Desecuritization as the unmaking of secu-
Myriam Dunn Cavelty 31
rity has been considered a technique for cyber-security, which could reduce much of the
defining down threats, in other words, a nor- insecurity of the information infrastructure,
malization of threats that were previously con- and thus also diminish the vulnerability of
structed as extraordinary. This normalization is society.
a process by which security issues lose their se-
curity aspect, making it possible to interpret
them in multiple ways, and therefore, allows
more freedom both at the level of interpretation NOTES
and in actual politics or social interaction
(Aradau, 2001). Despite the fact that the securi-
1. Data availability and possibility for replication:
tization of cyber-threats has failed, as shown in This study tries to incorporate the notion that the manner
this article, the national security logic is upheld in which people and institutions interpret and represent
on the rhetorical level. This, on the one hand, phenomena and structures makes a difference for the
makes it easier in theory to start new securitiza- outcomes. This ontology reflects an epistemology that
tion moves and to challenge the current prog- is based on intersubjectivity, which sees subject and
nostic frame. On the other hand, it means that object in the historical world as a reciprocally interre-
the fuzzy notions of cyber-threats and cyber- lated whole (Adler and Haas, 1992, p. 370; Cox, 1992,
p. 135). Data is analyzed using a hermeneutical interpre-
terror will most certainly remain on the national tive method of text analysis, which is the most suitable
security agenda. Therefore, decision-makers approach for questions raised by post-positivist theories
should be careful not to foment cyber-angst to an and speech act theory in particular (Adler, 1997). There
unnecessary degree, even if the threat cannot be is no claim that hypotheses need to be falsified in Pop-
completely shrugged off. In seeking a prudent per’s sense; instead, the entire research community acts
policy, the difficulty for decision-makers is to as “ultimate tribunal of truth” (Howarth, 2000, p. 142)
navigate the rocky shoals between hysterical so that the analysis is ultimately legitimate when it is
persuasive, consistent, and coherent.
doomsday scenarios and uninformed compla- 2. The media routinely features sensationalist head-
cency. It is clear that the focus should continue lines that cannot serve as a measure of the problem’s
to be on a broad range of potentially dangerous scope. Examples of such articles include the following:
occurrences involving cyber- means and tar- Christensen, J. (1999, April 6). Bracing for guerrilla
gets, including failure due to human error or warfare in cyberspace. CNN Interactive; Kelley, J.
technical problems apart from malicious at- (2001, February 6). Terror groups hide behind Web en-
tacks. This not only does justice to the complex- cryption. USA Today; McWilliams, B. (2001, December
17). Suspect claims Al Qaeda hacked Microsoft–Expert.
ity of the problem but also prevents us from Newsbytes; FBI: Al Qaeda may have probed govern-
carelessly invoking the specter of terrorism. ment sites. (2002, January 17). CNN.; and Islamic
It has in fact been argued that one solution to cyberterror: Not a matter of if but of when. (2002, May
the problem of cyber-security is to focus on 20). Newsweek.
economic and market aspects of the issue rather 3. As Geoffrey French put it, referring to the diver-
than on suitable technical protection mecha- sity of terminology in a variety of information warfare
nisms (Andersson, 2001). If we apply this articles (French, 2000), “Before too long, the articles
seem to have been written by Lewis Carroll, with dire
viewpoint, we quickly realize that the insecu- warnings of the Jabberwock, the Jubjub bird, and the
rity of the Internet can be compared to environ- frumious Bandersnatch.”
mental pollution and that cyber-security in fact 4. This definition’s main weakness is that it does not
shows strong traits of a public good that will be apply a critical approach to the concept of terrorism. By
underprovided or fail to be provided at all in the deliberately not addressing the problem at the heart of
private market. Public goods provide a very im- all definitions of terrorism (“one person’s terrorist is an-
portant example of market failure, in which in- other person’s freedom fighter”), we avoid investigating
the difficulty and subjectivity of labelling a person or
dividual behavior seeking to gain profit from group terrorist.
the market does not produce efficient results 5. Computer Security Act of 1987, Public Law
(Dunn & Mauer, 2007; Suter, 2007). Clearly, 100-235, H.R. 145, (1988), (100th Congress).
looking at cyber-security as an economic prob- 6. The Counterfeit Access Device and Computer
lem means to desecuritize the issue even fur- Fraud Abuse Act, 18 U.S.C. § 1030 (1984).; Computer
ther. At the same time, to focus on market Fraud and Abuse Act (U.S.) 18 U.S.C. § 1030(a) (1986).
aspects of the issue can help create a market for 7. 18 U.S.C. § 1385 (1878).
32 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS
Gladman, B. (1998, September). Wassenaar controls, Mark, R. (2004, October 1). U.S. cybersecurity chief re-
cyber-crime and information terrorism. Leeds, UK: signs. eSecurity Planet. Retrieved May 3, 2007 from
Cyber-Rights & Cyber-Liberties (UK). Retrieved http://www.esecurityplanet.com/trends/article.php/
May 2, 2007 from http://www.cyber-rights.org/crypto/ 3416161
wassenaar.htm Molander, R. C., Riddle, A. S, & Wilson, P. A. (1996).
Gross, G. (2004, October 1). U.S. cybersecurity chief re- Strategic information warfare: A new face of war.
signs: Amit Yoran, said to be frustrated with prog- Santa Monica, CA: RAND.
ress, gives one-day notice. IDG News Service. Moteff, J. (2006, September 14). Critical infrastruc-
Retrieved May 2, 2007 from http://www.infoworld. ture: The national asset database. (CRS Report for
com/article/04/10/01/HNchiefresigns_1.html? Congress, RL33648). Washington, DC: Congressio-
DISASTER%20RECOVERY nal Research Service.
Howarth, D. (2000). Discourse. Buckingham, England: Moteff, J. (2007, March 13). Critical infrastructures:
Open University Press. Background, policy, and implementation (Congres-
Hundley, R. O. & Anderson, R. H. (1997). Emerging sional Research Report for Congress, RL30153).
challenge: Security and safety in cyberspace. In J. Washington, DC: Congressional Research Service.
Arquilla & D. Ronfeldt (Eds.), In Athena’s camp: Mueller, R. S. (2003, February 11). Testimony of Rob-
Preparing for conflict in the information age (pp. 231- ert S. Mueller, III, Director, Federal Bureau of Inves-
252). Santa Monica, CA: RAND. tigation before the Select Committee on Intelligence
Ingles-le Nobel, J. J. (1999, October 21). Cyberterrorism of the United States Senate Washington. In Current
hype. Jane’s Intelligence Review. Retrieved May 3, and projected national security threats to the United
2007 from http://212.111.49.124/cyberterror/resources/ States: Hearing before the Select Committee on In-
janes/jir0525.htm telligence of the United States Senate, One Hundred
Jacoby, L. (2003, February 11). Statement for the record Eighth Congress, First Session (pp. 31-47). Wash-
of Vice Admiral Lowell E. Jacoby, USN, Director, ington, DC: Government Printing Office. Retrieved
Defense Intelligence Agency before the Senate Se-
May 3, 2007 from http://purl.access.gpo.gov/
lect Committee on Intelligence. In Current and pro-
GPO/LPS42906
jected national security threats to the United States:
National Academy of Sciences (NAS), Computer Sci-
Hearing before the Select Committee on Intelligence
ence and Telecommunications Board (1991). Com-
of the United States Senate, One Hundred Eighth
puters at risk: Safe computing in the information age.
Congress, First Session (pp. 48-67). Washington, DC:
Washington, DC: National Academy Press.
Government Printing Office. Retrieved May 3, 2007
National Infrastructure Protection Center (NIPC).
from http://purl.access.gpo.gov/GPO/LPS42906
Joint Security Commission (JSC). (1994, February 28). (2002, 30 January). Terrorist interest in water supply
Redefining security: A report to the Secretary of De- and SCADA systems. Information Bulletin 02-001.
fense and the Director of Central Intelligence. Wash- Nelson, B., Choi, R., Iacobucci, M., Mitchell, M., &
ington, DC: US Government Printing Office. Gagnon, G. (1999). Cyberterror: Prospects and im-
Kolet, K. S. (2001). Asymmetric threats to the United plications. White Paper prepared for the Defense In-
States. Comparative Strategy, 20, 277-292. telligence Agency Office for Counterterrorism
Kristensen, K. S. (in press). ‘The absolute protection of Analysis. Monterey, CA: Center for the Study of
our citizens’: Critical infrastructure protection and Terrorism and Irregular Warfare (CSTIW).
the practice of Security. In M. Dunn Cavelty & K. S. Nicander, L. & Ranstorp, M. (Eds.). (2004). Terrorism
Kristensen (Eds.), The politics of securing the home- in the information age–New frontiers? Stockholm:
land: Critical infrastructure, risk and securitisation. Swedish National Defense College.
London: Routledge. Oliver, P. E. & Johnston, H. (2000). What a good idea:
Lacey, M. (2000, December 9). Clinton gives a final for- Frames and ideologies in social movements research.
eign policy speech. The New York Times. Mobilization, 5, 37-54.
Latham, R. (Ed.). (2003). Bombs and bandwidth: The Pollitt, M. M. (1997). Cyberterrorism–Fact or fancy?
emerging relationship between IT and security. New Proceedings of the 20th National Information Sys-
York: The New Press. tems Security Conference, 1997, 285-289. Retrieved
Lewis, J. A. (2002, December). Assessing the risks of May 3, 2007 from http://csrc.nist.gov/nissc/1997/
cyber-terrorism, cyber war and other cyber threats. proceedings/nissc97.zip
Washington, DC: Center for Strategic and Interna- Poulsen, K. (1999, September 8). Info war or electronic
tional Studies. Retrieved May 3, 2007 from http:// sabre rattling? ZDNet. Retrieved May 3, 2007 from
www.csis.org/media/csis/pubs/021101_risks_of_ http://news.zdnet.com/2100-9595_22-515631.html?
cyberterror.pdf legacy=zdnn
Loader, B. D. (1997). The governance of cyberspace: President’s Commission on Critical Infrastructure Pro-
Politics, technology, and global restructuring. In B. tection (PCCIP). (1997). Critical foundations: Pro-
D. Loader (Ed.), The governance of cyberspace tecting America’s infrastructures. Washington, DC:
(pp. 1-19). London and New York: Routledge. Government Printing Office.
Myriam Dunn Cavelty 35
Rathmell, A., Overill, R., Valeri, L., & Gearson, J. Tenet, George J. (1998, June 24). Testimony by Director
(1997, June). The IW threat from sub-state groups: of Central Intelligence George J. Tenet before the
An interdisciplinary approach. Paper presented at the Senate Committee on Government Affairs. Retrieved
Third International Symposium on Command and May 3, 2007 from http://www.fas.org/irp/congress/
Control Research and Technology, Institute for Na- 1998_hr/980624-dci_testimony.htm
tional Strategic Studies–National Defense Univer- Tenet, George J. (1999, February 2). Statement of the
sity, Washington, DC. Retrieved May 8, 2007 from Director of Central Intelligence George J. Tenet As
http://www.kcl.ac.uk/orgs/icsa/Old/terrori.html Prepared for Delivery Before the Senate Armed Ser-
Reus-Smit, C. (1996). The constructivist turn: Critical vices Committee Hearing on Current and Projected
theory after the Cold War. (Working Paper No. National Security Threats.. Retrieved May 3, 2007
1996/4). Canberra: Australian National University. from https://www.cia.gov/cia/public_affairs/speeches/
Ryan, C. (1991). Prime time activism: Media strategies 1999/ps020299.html
for grass roots organizing. Boston: South End Press. Tenet, George J. (2000, February 2). The Worldwide
Schwartau, W. (1994). Information warfare. Cyber- Threat in 2000: Global Realities of Our National Se-
terrorism: Protecting your personal security in the curity. Statement by Director of Central Intelligence
electronic age (2nd ed.). New York: Thundermouth George J. Tenet Before the Senate Select Committee
Press. on Intelligence. Retrieved May 3, 2007 from https://
Searle, J. R. (1969). Speech acts: An essay in the philos- bcia.gov/cia/public_affairs/sh_ 032100.html
ophy of language. Cambridge, England: Cambridge Tenet, George J. (2002, March 19). Worldwide Threat–
University Press. Converging Dangers in a Post 9/11 World. Testi-
Smith, G. (1998, Fall). An electronic Pearl Harbor? Not mony of the Director of Central Intelligence before
likely. Issues in Science and Technology, 15. Re- the Senate Select Committee on Intelligence. Re-
trieved May 3, 2007 from http://www.issues.org/ trieved May 3, 2007 from http://www.fas.org/
15.1/smith.htm irp/congress/2002_hr/020602tenet.html
Smith, G. (2000). How vulnerable is our interlinked in- The White House (1984, September 17). National Pol-
frastructure? In D. S. Alberts & D. S. Papp (Eds.), icy on Telecommunications and Automated Informa-
The information age: An anthology of its impacts and tion Systems Security. National Security Decision
consequences (Vol. II, pp. 507-523). Washington Directive Number 145. Washington, DC: President
DC: National Defense University Press. of the United States. Retrieved May 3, 2007 from
Snow, D. A. & Benford, R. D. (1992). Master Frames http://www.fas.org/irp/offdocs/nsdd145.htm
and Cycles of Protest. In Morris, A. D. & Mueller, C. The White House, Office of the Press Secretary (1998a,
M. (Eds.), Frontiers in social movement theory (pp. May 22). Fact Sheet. Combating Terrorism: Presi-
133-155). New Haven, CT: Yale University Press. dential Decision Directive 62. Washington, DC: Pres-
Snow, D. A., Rocheford, E. B., Jr., Worden, S. K., & ident of the United States. Retrieved May 3, 2007
Benford, R. D. (1986). Frame alignment processes, from http://www.fas.org/irp/offdocs/pdd-62.htm
micromobilization and movement participation. The White House. (1998b, May 22). Protecting Amer-
American Sociological Review, 51, 464-481. ica’s critical infrastructures: Presidential decision
Sofaer, A. D. & Goodman, S. D. (2000). A proposal for directive 63. Washington, DC: President of the
an international convention on cyber-crime and ter- United States.
rorism. Stanford, CA: Center for International Secu- The White House. (2000). Defending America’s
rity and Cooperation, Stanford University. cyberspace: National plan for information systems
Suter, M. (in press). Improving information security in protection: An invitation to a dialogue (Version 1.0).
companies: How to meet the need for threat informa- Washington, DC: President of the United States.
tion. In M. Dunn Cavelty, V. Mauer, & S. Thomas, T. L. (2003, Spring). Al Qaeda and the
Krishna-Hensel (Eds.), Power and security in the in- Internet: The danger of cyberplanning. Parameters
formation age: Investigating the role of the state in (Spring), 112-123.
cyberspace. Aldershot, England: Ashgate. Thornton, A. (2001). Does the Internet create democ-
Technical Analysis Group (TAG), Institute for Security racy? Ecquid Novi, 22, 126-147.
Technology Studies, Dartmouth College (2003, No- Tilford, E. H., Jr. (1995). The revolution in military af-
vember). Examining the cyber capabilities of Islamic fairs: Prospects and cautions. Carlisle Barracks, PA:
terrorist groups. Hanover, NH: Dartmouth College. Strategic Studies Institute.
Retrieved May 3, 2007 from https://www.ists. Vatis, M. A. (1998, February 10) Statement by Michael
dartmouth.edu/TAG/ITB/ITB_032004.pdf Vatis, deputy assistant director and chief of the Fed-
Tenet, G. J. (1997, February 5). Statement by Acting Di- eral Bureau of Investigation’s National Infrastruc-
rector of Central Intelligence George J. Tenet before ture Protection Center (NIPC) before the Senate
the Senate Select Committee on Intelligence Hearing Judiciary Subcommittee on Terrorism, Technology
on Current and Projected National Security Threats and Government Information. Retrieved May 3,
to the United States. Retrieved May 3, 2007 from 2007 from http://www.fas.org/irp/congress/ 1998_hr/
http://www.fas.org/irp/congress/1997_hr/s970205t.htm 98061101_ppo.html
36 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS
Vatis, M. A. (2001). Cyber attacks during the war on ter- Weimann, G. (2004a, March). www.terror.net. How
rorism: A predictive analysis. (Working Paper). modern terrorism uses the Internet. (United States
Hanover: Institute for Security Technology Studies at Institute of Peace, Special Report 116).Washington,
Dartmouth College. Retrieved May 3, 2007 from DC: United States Institute of Peace.
http://www.ists.dartmouth.edu/analysis/cyber_a1.pdf Weimann, G. (2004b). Cyberterrorism–How real is the
Verton, D. (2004, October 1). Nation’s cybersecurity threat? (United States Institute of Peace, Special Re-
chief abruptly quits DHS post: ‘I’m not a long-term port 119). Washington, DC: United States Institute
government kind of guy,’ says Amit Yoran. of Peace.
Computerworld. Retrieved May 3, 2007 from Wilson, C. (2003, October 17). Computer Attack and
http://www.computerworld.com/managementtopics/ Cyber-terrorism: Vulnerabilities and Policy Issues
management/story/0,10801,96369,00.html for Congress (CRS Report for Congress, RL32114).
Wæver, O. (1995). Securitization and desecuritization. Washington, DC: Congressional Research Service.
In R. Lipschutz (Ed.), On security (pp. 46-86). New Wilson, T. R. (2000, February 2). Military threats and
York: Columbia University Press. security challenges through 2015. Statement before
Wallace, C. (2002, September 16). Will next terror at- the Senate Select Committee on Intelligence given by
tack be electronic? Experts fear terrorists may attack Vice Admiral Thomas R. Wilson Director, Defense
through cyberspace. ABC News.com. Retrieved May Intelligence Agency. Retrieved May 3, 2007 from
3, 2007 from http://abcnews.go.com/WNT/story? http://www.fas.org/irp/congress/2000_hr/000202-
id=130108&page=1 wilson.htm
Walt, S. (1991). The renaissance of security studies. In- Winner, L. (1977). Autonomous technology: Technics-
ternational Studies Quarterly, 35, 211-239. out-of-control as a theme in political thought. Cam-
Watson, D. L. (2002, February 6). The Terrorist Threat bridge MA: MIT Press.
Confronting the United States, Statement for the Re-
cord of the Executive Assistant Director on Counter- Received: 01/05/2007
terrorism and Counterintelligence, Federal Bureau Revised: 04/30/2007
of Investigation, before the Senate Select Committee
on Intelligence, Washington, DC. Retrieved May 3, Accepted: 05/06/2007
2007 from http://www.fbi.gov/congress/congress02/
watson020602.htm
doi:10.1300/J516v04n01_03