Abstract
Current approaches to cyber-security are not working. Rather than producing more security, we seem to be facing less and less. The reason for this is a multi-dimensional and multi-faceted security dilemma that extends beyond the state and its interaction with other states. It will be shown how the focus on the state and “its” security crowds out consideration for the security of the individual citizen, with detrimental effects on the security of the whole system. The threat arising from cyberspace to (national) security is presented as possible disruption to a specific way of life, one building on information technologies and critical functions of infrastructures, with relatively little consideration for humans directly. This non-focus on people makes it easier for state actors to militarize cyber-security and (re-)assert their power in cyberspace, thereby overriding the different security needs of human beings in that space. Paradoxically, the use of cyberspace as a tool for national security, both in the dimension of war fighting and the dimension of mass-surveillance, has detrimental effects on the level of cyber-security globally. A solution out of this dilemma is a cyber-security policy that is decidedly anti-vulnerability and at the same time based on strong considerations for privacy and data protection. Such a security would have to be informed by an ethics of the infosphere that is based on the dignity of information related to human beings.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
Several governments have released or updated cyber-security or cyber-defense strategies in the last several years. See http://www.ccdcoe.org/328.html for a good overview.
A focus on discursive expressions should not be understood as a denial that there are “real world” issues at stake. The reality of network incidents is undisputed; however, the analysis goes explicitly beyond the impacts of “real” (objective) threats arising from cyberspace to look at their representation in the political process.
References
Amoore, L., & De Goede, M. (2005). Governance, risk and dataveillance in the war on terror. Crime, Law and Social Change, 43(2–3), 149–173.
Anderson, B. (2010). Preemption, precaution, preparedness: Anticipatory action and future geographies. Progress in Human Geography, 34(6), 777–798.
Anderson, R., & Moore, T. (2006). The economics of information security. Science, 314, 610–623.
Axworthy, L. (2001). Human security and global governance: Putting people first. Global Governance, 7(1), 19–24.
Barlow, J. P. (1996). A declaration of the independence of cyberspace, electronic frontier foundation website. http://homes.eff.org/~barlow/Declaration-Final.html.
Barnard-Wills, D., & Ashenden, D. (2012). Securing virtual space: Cyber war, cyber terror, and risk. Space and Culture, 15(2), 110–123.
Barrett, E. T. (2013). Warfare in a new domain: The ethics of military cyber-operations. Journal of Military Ethics, 12(1), 4–17.
Böhme, R. (2005). Vulnerability markets—What is the economic value of a zero-day exploit? Paper held at the 2005 Chaos Communication Congress Berlin, Germany. http://events.ccc.de/congress/2005/fahrplan/attachments/542-Boehme2005_22C3_VulnerabilityMarkets.pdf.
Booth, K., & Wheeler, N. (2008). The security dilemma: Fear, cooperation and trust in world politics. New York: Palgrave.
Boulanin, V. (2013). Cybersecurity and the arms industry. SIPRI Yearbook 2013: Armaments, disarmament and international security (pp. 218–226). Oxford: Oxford University Press.
Brito, J., & Watkins, T. (2011). Loving the cyber bomb? The dangers of threat inflation in cybersecurity policy. Mercatus Center George Mason University, Working Paper No. 11-24, April 2011.
Brunner, E., Dunn Cavelty, M., Giroux, J., & Suter, M. (2010). Protection goals. Focal report on Critical Infrastructure Protection for the Federal Office for Civil Protection, No. 4. Zurich: Center for Security Studies.
Burgess, J. P. (2007). Social values and material threat: The European Programme for Critical Infrastructure Protection. International Journal of Critical Infrastructures, 3(3–4), 471–487.
Burgess, J. P. & Owen, T. (Eds.) (2004). Special section: What is ‘human security’?, Security Dialogue, 35(3), 345–346.
Buzan, B., Wæver, O., & de Wilde, J. (1998). Security: A new framework for analysis. Boulder: Lynne Rienner.
Capurro, R. (2006). Towards an ontological foundation of information ethics. Ethics and Information Technology, 8(4), 175–186.
Clarke, R. A., Morell, M. J., Stone, G. R., Sunstein, C. R., & Swire, P. (2013). Liberty and security in a changing world: Report and Recommendations of The President’s Review Group on Intelligence and Communications Technologies. Washington, DC. http://www.whitehouse.gov/sites/default/files/docs/2013-12-12_rg_final_report.pdf.
Coaffee, J., & Murakami Wood, D. (2006). Security is coming home: Rethinking scale and constructing resilience in the global urban response to terrorist risk. International Relations, 20(4), 503–517.
Collier, S. J. & Lakoff, A. (2008). The vulnerability of vital systems: How critical infrastructure became a security problem. In M. Dunn Cavelty & K. S. Kristensen (Eds.), The politics of securing the homeland: Critical infrastructure, risk and securitization (pp. 17–39). New York: Routledge.
Conway, M. (2008). The media and cyberterrorism: A study in the construction of ‘reality. In M. Dunn Cavelty & K.S. Kristensen (Eds.), The politics of securing the homeland: Critical infrastructure, risk and securitisation (pp. 109–129). London: Routledge.
Coward, M. (2009). Network-centric violence, critical infrastructure and the urbanization of security. Security Dialogue, 40(4–5), 399–418.
CSIS Center for Strategic and International Studies (2008). Securing Cyberspace for the 44th Presidency A Report of the CSIS Commission on Cybersecurity for the 44th Presidency. Washington, DC. http://csis.org/files/media/csis/pubs/081208_securingcyberspace_44.pdf.
Deibert, R. J. (2013). Black code: Inside the battle for cyberspace. Toronto: McClelland & Stewart.
Deibert, R. J., Palfrey, J. G., Rohozinski, R., & Zittrain, J. (2008). The practice and policy of global internet filtering. Cambridge: MIT Press.
Demchak, C. & Dombrowski, P. (2011). Rise of a cybered westphalian age. Strategic Studies Quarterly, Spring, pp. 32–61.
Der Derian, J. & Finkelstein, J. (2008). Critical infrastructures and network pathologies: The semiotics and biopolitics of heteropolarity. In M. Dunn Cavelty & K. S. Kristensen (Eds.), The politics of securing the homeland: critical infrastructure, risk and securitisation (pp. 84–105). London: Routledge.
Dillon, M., & Lobo-Guerrero, L. (2008). Biopolitics of security in the 21st century: An introduction. Review of International Studies, 34(2), 265–292.
Dipert, R. R. (2010). The ethics of cyberwarfare. Journal of Military Ethics, 9(4), 384–410.
Dunn Cavelty, M. (2008). Cyber-security and threat politics: US efforts to secure the information age. London: Routledge.
Dunn Cavelty, M. (2012). Militarizing cyberspace: Why less may be better. In C. Czosseck, R. Ottis, & K. Ziolkowski (Eds.), Proceedings of the 4th International Conference on cyber conflict (pp. 141–153). Tallinn: CCD COE Publications.
Dunn Cavelty, M. & Kristensen, K.S. (2008). Introduction: Securing the homeland: Critical infrastructure, risk, and (in)security. In M. Dunn Cavelty & K. S. Kristensen (Eds.), The politics of securing the homeland: Critical infrastructure, risk and securitization (pp. 1–14). New York: Routledge.
Dunn Cavelty, M. & Suter, M. (2012). The art of CIIP strategy: Taking stock of content and processes. In J. Lopez, R. Setola, S. D. Wolthusen (Eds.). Critical infrastructure protection: Information infrastructure models, analysis, and defense (pp. 15–38). Springer: Berlin.
Dynes, S., Goetz, E., & Freeman, M. (2008). Cyber Security: Are economic incentives adequate? In E. Goetz & S. Shenoi (Eds.), Critical infrastructure protection, IFIP International Federation for Information Processing (Vol. 253, pp. 15–27). Boston: Springer.
Floridi, L. (1998). Does information have a moral worth in itself? Paper presented at Computer Ethics: Philosophical Enquiry in Association with the ACM SIG on Computers and Society, London School of Economics and Political Science, London, December 14–15, 1998. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=144548.
Floridi, L. (1999). Information ethics: On the theoretical foundations of computer ethics. Ethics and Information Technology, 1(1), 37–56.
Floridi, L. (2001). Ethics in the Infosphere. The Philosophers’ Magazine, 6, 18–19.
Floridi, L. & Sanders, J. W. (1999). Entropy as evil in information ethics. Etica & Politica, special issue on Computer Ethics, 1(2).
Floridi, L., & Sanders, J. W. (2001). Artificial evil and the foundation of computer ethics. Ethics and Information Technology, 3(1), 55–66.
Fung, B. (2013). The NSA hacks other countries by buying millions of dollars’ worth of computer vulnerabilities. Washington Post. http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/31/the-nsa-hacks-other-countries-bybuying-millions-of-dollars-worth-of-computer-vulnerabilities/.
Greenwald, G. & MacAskill, E. (2013). Obama orders US to draw up overseas target list for cyber-attacks, The Guardian. http://www.theguardian.com/world/2013/jun/07/obama-china-targets-cyber-overseas.
Hagmann, J., & Dunn Cavelty, M. (2012). National risk registers: Security scientism and the propagation of permanent insecurity. Security Dialogue, 43(1), 80–97.
Hoogensen, G., & Stuvøy, K. (2006). Gender, resistance and human security. Security Dialogue, 37(2), 207–228.
Jervis, R. (1978). Cooperation under the security dilemma. World Politics, 30(2), 167–214.
Kerr, P. (2007). Human security. In A. Collins (Ed.), Contemporary security studies (pp. 122–134). Oxford: Oxford University Press.
Kristensen, K.S. (2008). The absolute protection of our citizens: Critical infrastructure protection and the practice of security. In M. Dunn Cavelty & K. S. Kristensen (Eds.), The politics of securing the homeland: Critical infrastructure, risk and securitisation (pp. 63–83). London: Routledge.
Kuehn, A. (2013). Extending cybersecurity, securing private internet infrastructure: The U.S. Einstein Program and its Implications for Internet Governance. In R. Radu, J.-M. Chenou & R.H. Weber (Eds.) The evolution of global internet governance (pp. 157–167). Schulthess: Zürich.
McCue, C. (2007). Data mining and predictive analysis: Intelligence gathering and crime analysis. Oxford: Butterworth Heinemann.
Miller, C. (2007). The legitimate vulnerability market: The secretive world of 0-day exploit sales. In 6th Workshop on the Economics of Information Security (WEIS 2007). http://weis2007.econinfosec.org/papers/29.pdf.
Morozov, E. (2013). To save everything, click here: Technology, solutionism, and the urge to fix problems that don’t exist. London: Allen Lane.
Mueller, M., Schmidt, A., & Kuerbis, B. (2013). Internet security and networked governance in international relations. International Studies Review, 15(19), 86–104.
NIST (2002). NIST Special Publication 800-30, Risk Management Guide for Information Security.
PCCIP President’s Commission on Critical Infrastructure Protection. (1997). Critical foundations: Protecting America’s infrastructures. Washington: US Government Printing Office.
Perlroth, N., & Sanger, D. E. (2013). Nations buying as hackers sell knowledge of software flaws. The New York Times, 14, A1.
Perry, W. L., McInnis, B., Price, C. C., Smith, S. C., & Hollywood, J. S. (2013). Predictive policing: The role of crime forecasting in law enforcement operations. Santa Monica: RAND.
Rowe, N. C. (2010). The ethics of cyberweapons in warfare. International Journal of Techoethics, 1(1), 20–31.
Rueter, N. (2011). The Cybersecurity Dilemma. MA thesis. Duke University.
Schneier, B. (2012a). The vulnerabilities market and the future of security. Forbes, May 30. http://www.forbes.com/sites/bruceschneier/2012/05/30/the-vulnerabilities-market-and-the-future-ofsecurity/.
Schneier, B. (2012b). When it comes to security, we’re back to Feudalism. Wired, http://www.wired.com/opinion/2012/11/feudal-security/.
Schneier, B. (2013). The battle for power on the internet. The Atlantic, http://www.theatlantic.com/technology/archive/2013/10/the-battle-for-power-on-the-internet/280824.
Simonite, T. (2013). NSA’s own hardware backdoors may still be a “problem from hell”, http://www.technologyreview.com/news/519661/nsas-own-hardware-backdoors-may-still-be-a-problem-from-hell/.
Stevens, T., & Betz, D. J. (2013). Analogical reasoning and cyber security. Security Dialogue, 44(2), 147–164.
Swyngedouw, E. (2007). Impossible/undesirable sustainability and the post-political condition. In J. R. Krueger & D. Gibbs (Eds.), The sustainable development paradox (pp. 13–40). New York: Guilford Press.
Wagner, B. (2014). The politics of internet filtering: The United Kingdom and Germany in a comparative perspective. Politics, 34(1), 58–71.
Waltz, E. (1998). Information warfare: Principles and operations. Boston: Artech House.
Zittrain, J. (2011). Freedom and anonymity: Keeping the internet open, http://www.scientificamerican.com/article/freedom-and-anonymity/.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Dunn Cavelty, M. Breaking the Cyber-Security Dilemma: Aligning Security Needs and Removing Vulnerabilities. Sci Eng Ethics 20, 701–715 (2014). https://doi.org/10.1007/s11948-014-9551-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11948-014-9551-y