Publication Type: Journal Article
Source: Information & Security: An International Journal, Volume 7, p.80-103 (2001)
Keywords: Cyberwar; information society; risk perception; risk society; cyber risks: physical vs. virtual; US policy response; cyber attacks; critical information infrastructures; information warfare; public-private sector partnership.
When combating the risk of cyber attacks on critical infrastructures was adopted as part of the political agenda of the US, it was framed mostly in military terms like “cyberwar” or “information warfare.” The security strategy implemented in 1998 and elaborated in the “National Plan for Information Systems Protection” in January 2000 shows a very different direction. Instead of a military approach, it consists of law enforcement, private-public partnership, and private and public self-help. Three factors led to this outcome: Differing risk perceptions in law enforcement and the private sector, private control over the technical resources, and constraining cultural and legal norms. The American policy against cyber attacks, thus, is an example for a failed “securitization.”