Securitisation and the Role of the State in Delivering UK Cyber Security in a New-Medieval Cyberspace

Hallows, Richard David (2020) Securitisation and the Role of the State in Delivering UK Cyber Security in a New-Medieval Cyberspace. Doctoral thesis, University of Buckingham.

Preview

Text 1502910 Securitisation and the Role of the State in Delivering UK Cyber Security in a New-Medieval Cybersp.pdf Available under License Creative Commons Attribution Non-commercial No Derivatives. Download (2MB) | Preview

Abstract

Both the 2010 and the 2015 UK National Security Strategies identified threats from cyberspace as being among the most significant ‘Tier One’ threats to UK national security. These threats have been constructed as a threat to the state, a threat to the country’s Critical National Infrastructure (CNI), a threat to future economic success and a threat to businesses and individual citizens. As a result, the response to this threat has historically been seen as being a shared responsibility with most potential victims of cyber-attack responsible for their own security and the UK state agencies operating as a source of advice and guidance to promote best practice in the private sector. A range of government departments, including the Cabinet Office, MI5 and GCHQ among others, have been responsible for the government’s own cyber security. However, despite a budget allocation of £860 million for the 2010 – 2015 period, progress on reducing the frequency and cost of cyber-attacks was limited and the 2010 strategy for dealing with cyber security was widely seen as having failed. This led to a new National Cyber Security Strategy (NCSS) in 2016 which indicated a significant change in approach, in particular with a more proactive role for the state through the formation of the National Cyber Security Centre (NCSC) and a £1.6 billion budget for cyber security between 2016 and 2021. However, cyber-attacks remain a significant issue for many organisations in both the public and private sector, and attacks such as the Wannacry ransomware/wiper attack, UK specific data breaches such as those witnessed in 2017 at Debenhams, Three, Wonga and ABTA, and breaches outside the UK that impacted UK citizens such as Equifax show that the frequency and impact of cyber security issues remain significant. The underlying cause of the insecurity of cyberspace is reflected in the metaphorical description of cyberspace as the wild-west or as an ungoverned space. This is a result of cyberspace features such as anonymity, problematic attribution and a transnational nature that can limit the effective reach of law enforcement agencies. When these features are combined with an increasing societal and economic dependence on information technology and mediated data, this increases the potential economic impact of disruption to these systems and enhances the value of the data for both legitimate and illegitimate purposes. This thesis argues that cyberspace is not ungoverned, and that it is more accurate to consider cyberspace to be a New Medieval environment with multiple overlapping authorities. In fact, cyberspace has always been far from ungoverned, it is just differently governed from a realspace Westphalian nation state system. The thesis also argues that cyberspace is currently experiencing a ‘Westphalian transformation’ with the UK state (among many others) engaged in a process designed to assert its authority and impose state primacy in cyberspace. This assertion of state authority is being driven by an identifiable process of securitisation in response to the constructed existential threat posed by unchecked cyberattacks by nation states and criminal enterprises. The Copenhagen School’s securitisation theory has been used to inform an original analysis of key speech acts by state securitising actors that has highlighted the key elements of the securitisation processes at work. This has clearly shown the development of the securitisation discourse, and the importance of referent objects and audience in asserting the state’s authority through the securitisation process. Original qualitative data collected through in-depth semi-structured interviews with elite members of the cyber security community has provided insights to the key issues in cyber security that support the view that cyberspace has New Medieval characteristics. The interview data has also allowed for the construction of a view of the complexities of the cyberspace environment, the overlapping authorities of state and private sector organisations and some of the key issues that arise. These issues are identified as being characteristic of a particularly complex form of policy problem referred to as a ‘wicked problem’. An understanding of cyber security as a wicked problem may aid in the identification of future possible policy approaches for cyber security policy in the UK.

Actions (login required)

View Item