ASRK22107U The politics of cybersecurity: Governance, strategy and practice

Volume 2022/2023
Education

Security Risk Management

Political Science students: Limited intake

SRM students has priority

 

 

Content

Cybersecurity, as one of the latest additions to the vocabulary of international security, has received increasing attention in the past decades accompanying the growing dependence on digital technology, infrastructure and data processing. We have witnessed an intensification of concerns over cyberwar and cyber-doom scenarios, destructive cyberattacks and most lately the increasing significance of cyberespionage, disinformation and ransomware campaigns. The priority of cybersecurity is reflected in the number of national cybersecurity strategies and military cyber doctrines published in the past decade, as well as the proliferation of military cyber commands. In addition, multilateral debate on cyber norms and cyber diplomacy has intensified.

Cybersecurity is, however, not monolithic issue. It is an inherently political and contested issue that cuts across a wide range of complex socio-material associations. Conventional IR and security studies conceptions of technology, temporality, spatiality, sovereignty, authority and accountability are all challenged in the context of digitized and interconnected security practices.

This course explores the politics of cybersecurity and its relationship to strategy, governance and practice by exploring a wide selection of literature at the intersection of International Relations (IR) and security studies. It covers

a) the application of strategic studies concepts such as war, deterrence and attribution to cybersecurity,

b) questions of governance concerning critical infrastructure protection, regulation and public-private relations and c) critical security studies perspectives highlighting the importance of practice, discourse, assemblage and actor-networks.

An important element of the course is interaction with practitioners from outside academia working with the themes and issues mentioned above. The practitioners represent a broad range of public and private entities.  

Learning Outcome

Knowledge:

Students will be introduced to a broad range of political and democratic challenges related to cybersecurity strategy, governance and practice.

They will obtain knowledge on the history of cyberspace, cyber incidents and cybersecurity politics.

Student will be acquainted with IR theoretical advances and debates on cybersecurity from a wide range of approaches.

Skills:

Students will enhance their ability to analyze cybersecurity incidents, issues and controversies in a reflexive and productive manner.

They will be able to critically reflect on the political and democratic implications of different understandings of and approaches to cybersecurity.

They will face cybersecurity – as strategy, governance and practice – from the perspective of various practitioners.

Competences:

The students will be able to engage competently in both academic, policy and practitioner debates on cybersecurity.

They will develop expertise in the political, technological and socio-scientific contexts of cybersecurity.

They will be able to analyse social, political and technical aspects of cybersecurity.

Covering the three overarching clusters of the course, these texts represents examples of what we might read. 

Governance

Backman, S. Conceptualizing cyber crises. J Contingencies and Crisis Management. 2020; 00: 1– 10.

Boeke, Sergei (2017) National cyber crisis management: Different European approaches, Governance 31:3, 449-464.

Bossong R and Wagner B (2017) A Typology of Cybersecurity and Public-Private Partnerships in the Context of the EU. Crime, Law and Social Change 67(3). 265-288 

Carr, Madeleine (2016). Public–private partnerships in national cyber-security strategies, International Affairs 92: 1, pp. 43–62

Carrapico, H., & Barrinha, A. (2017) The EU as a coherent (cyber) security actor?. JCMS: Journal of Common Market Studies, 55(6), 1254-12172 

Cavelty D. Myriam and Manuel Suter (2009). Public–private partnerships are no silver bullet: an Cavelty expanded governance model for critical infrastructure protection, International Journal of Critical Infrastructure Protection 2: 4, 2009

Cavelty D. Myriam (2018) Europe's cyber-power, European Politics and Society, 19:3, 304-320,

Christensen, K. K., & Liebetrau, T. (2019). A new role for ‘the public’? Exploring cyber security controversies in the case of WannaCry. Intelligence and National Security, 34(3), 395–408.

Christensen, K. K., & Petersen, K. L. (2017). Public–private partnerships on cyber security: a practice of loyalty. International Affairs, 93(6), 1435–1452

McCarthy, R. Daniel (2018) Privatizing Political Authority: Cybersecurity Public-Private Partnerships and the Reproduction of Liberal Political Order. Politics and Governance, 6(2), 5–12

Tanczer, L. M (2020) 50 shades of hacking: How IT and cybersecurity industry actors perceive good, bad, and former hackers, Contemporary Security Policy, 41:1, 108-128

Weiss, M, Jankauskas, V. Securing cyberspace: How states design governance arrangements. Governance. 2019; 32: 259– 275

Wolff, J. (2016). What we talk about when we talk about cybersecurity: Security in internet governance debates. Internet Policy Review. https:/​/​doi.org/​10.14763/​2016.3.430

Critical Security Studies

Balzacq, T., & Cavelty, M. D. (2016). A theory of actor-network for cyber-security. European Journal of International Security, 1(02), 176–198.

Barnard-Wills, D., & Ashenden, D. (2012). Securing Virtual Space: Cyber War, Cyber Terror, and Risk. Space and Culture, 15(2), 110–123.

Christou, G. (2019). The collective securitisation of cyberspace in the European Union. West European Politics, 42(2), 278–301.

Collier, J. (2018). Cyber Security Assemblages: A Framework for Understanding the Dynamic and Contested Nature of Security Provision. Politics and Governance, 6(2), 13–21.

Deibert, R. J., & Rohozinski, R. (2010). Risking Security: Policies and Paradoxes of Cyberspace Security. International Political Sociology, 4(1), 15–32.

Dunn Cavelty, M. (2007). Cyber-security and threat politics: US efforts to secure the information age. Routledge.

Dunn Cavelty, M. (2019). The materiality of cyberthreats: Securitization logics in popular visual culture. Critical Studies on Security, 7(2), 138–151.

Dwyer Andrew, Clare Stevens, Lilly Pijnenburg Muller, Myriam Dunn Cavelty, Lizzie Coles-Kemp, Pip Thornton (2022), What Can a Critical Cybersecurity Do?, International Political Sociology, Volume 16, Issue 3

Jacobsen T Jeppe (2020) From neurotic citizen to hysteric security expert: a Lacanian reading of the perpetual demand for US cyber defence, Critical Studies on Security, 8:1, 46-58

Liebetrau, T., & Christensen, K. K. (2021). The ontological politics of cyber security: Emerging agencies, actors, sites, and spaces. European Journal of International Security, 6(1), 25–43. Cambridge Core.

Nissenbaum, H., & Hansen, L. (2009). Digital Disaster, Cyber Security, and the Copenhagen School. International Studies Quarterly, 53(4), 1155–1175.

Slupska, J. (2019). Slupska, Julia, Safe at Home: Towards a Feminist Critique of Cybersecurity. St. Anthony’s International Review, 15.

Stevens Clare (2020) Assembling cybersecurity: The politics and materiality of technical malware reports and the case of Stuxnet, Contemporary Security Policy, 41:1, 129-152

Stevens, T. (2016). Cyber security and the politics of time. Cambridge University Press.

Strategic studies

Betz, D., & Stevens, T. (2011). Cyberspace and the state: Toward a strategy for cyber-power. IISS, The International Institute for Strategic Studies.

Borghard, Erica D. & Shawn W. Lonergan (2017) The Logic of Coercion in Cyberspace, Security Studies, 26:3, 452-481.

Buchanan, Ben (2016) The Cybersecurity Dilemma: Hacking, Trust and Fear Between Nations. New York: Oxford University Press 

Fischerkeller, Michael P. and Richard J. Harknett (2017) Deterrence is Not a Credible Strategy for Cyberspace. Orbis, 61: 381-393.

Fischerkeller P. Michael and Richard J. Harknett (2019). Persistent Engagement, Agreed Competition, and Cyberspace Interaction Dynamics and Escalation. The Cyber Defense Review, special edition, pp 267-287

Gartzke, Erik & Jon R. Lindsay (2015) Weaving Tangled Webs: Offense, Defense, and Deception in Cyberspace, Security Studies, 24:2, 316-348

Healy, Jason (2019). The implications of persistent (and permanent) engagement in cyberspace. Journal of Cybersecurity 5:1, 1-15.

Harknett J. Richard and Emily Goldman (2016). The search for cyber fundamentals. Journal of Information Warfare 15: 2, pp 81-88;

Kello, Lucas. (2017). The Virtual Weapon and International Order. New Haven and London: Yale University Press.

Lawson T. Sean. 2020. Cybersecurity discourse in the United States: cyber-doom rhetoric and beyond. Abingdon: Routledge.

Libicki, Martin C (2009) Cyberdeterrence and Cyberwar. Santa Monica: Rand Corporation.

Liebetrau, Tobias (2022) Cyber conflict short of war: a European strategic vacuum, European Security, 31:4, 497-516,

Lindsay, J. R. (2015). Tipping the scales: The attribution problem and the feasibility of deterrence against cyberattack. Journal of Cybersecurity, 1, 53–67.

Lindsay, R. Jon (2021). Cyber conflict vs. Cyber Command: hidden dangers in the American military solution to a large-scale intelligence problem, Intelligence and National Security 36: 2, pp 260-278

Nye, Jr., Joseph S. (2016/2017) Deterrence and Dissuasion in Cyberspace. International Security 41.3: 44-71.

Rid, T. (2013). Cyber war will not take place. Oxford University Press.

Slayton, Rebecca (2017) What is the Cyber Offense-Defense Balance? Conceptions, Causes and Assessment. International Security 41(3): 72-109

Smeet, Max (2020). U.S. cyber strategy of persistent engagement & defending forward: implications for the alliance and intelligence collection. Intelligence and National Security 35:3, 444-453

Stone, John (2012). Cyber War Will Take Place!, Journal of Strategic Studies, 36:1, 101-108.

Valeriano, Brandon, Benjamin Jensen, and Ryan C. Maness (2018). Cyber Strategy: The Evolving Character of Cyber Power and Coercion. Oxford University Press

It is recommended that the students have knowledge in IR theory and security studies, including realist strategic studies, constructivism, securitisation theory and poststructuralist IR.

Knowledge about computer science or information and communication technology is an advantage but not a prerequisite.
The course will consist of a combination of lectures, student presentations and discussions, case study exercises and talks by guest lecturers. Much emphasis will be placed on exercises and discussions combining the literature and the practitioner-based guest lecturers. The course hence presupposes preparations, i.e. active reading of the texts.
  • Category
  • Hours
  • Class Instruction
  • 28
  • Total
  • 28
Oral
Collective
Continuous feedback during the course
Peer feedback (Students give each other feedback)
Credit
7,5 ECTS
Type of assessment
Written examination
Written examination
Type of assessment details
Free written assignment
Marking scale
7-point grading scale
Censorship form
No external censorship
Re-exam

- In the semester where the course takes place: Free written assignment

- in subsequent semesters. Free written assignment

Criteria for exam assesment

Criteria for achieving the goals:

  • Grade 12 is given for an outstanding performance: the student lives up to the course's goal description in an independent and convincing manner with no or few and minor shortcomings
  • Grade 7 is given for a good performance: the student is confidently able to live up to the goal description, albeit with several shortcomings
  • Grade 02 is given for an adequate performance: the minimum acceptable performance in which the student is only able to live up to the goal description in an insecure and incomplete manner