Securitization Theory
Over the past 15 years, the Copenhagen School has been successful in capturing the middle ground of the widening debate in Security Studies. Known most prominently for its concepts of securitization and societal security it has been applied to a number of empirical contexts and problems including ethnic conflict, HIV/AIDS and trafficking, It has become the focal point for important theoretical debates on the normative implications of security discourse, the consequences of speech act epistemology, the Western-centric status of security, and the importance of the media and visual representations[1]
The Copenhagen School has three main theoretical roots, one in debates in Security Studies over whether to widen the concept beyond its traditional state-centric, military focus, one in speech act theory, and one in a classical, Schmittian understanding of the state and security politics[2]. Combining these influences, the general concept of „security‟ is drawn from its constitution within national security discourse, which implies an emphasis on authority, the confronting – and construction - of threats and enemies, an ability to make decisions and the adoption of emergency measures. Security has a particular discursive and political force and is a concept that does something – securitize - rather than an objective (or subjective) condition. „Thus the exact definition and criteria of securitization is constituted by the intersubjective establishment of an existential threat with a saliency sufficient to have substantial political effects‟. „Saying‟ security defines something as threatening and in need of urgent response, and securitization should therefore be studied in discourse, „When does an argument with this particular rhetorical and semiotic structure achieve sufficient effect to make an audience tolerate violations of rules that would otherwise have to be obeyed?‟ Security „frames the issue either as a special kind of politics or as above politics‟ and a spectrum can therefore be defined ranging public issues from the nonpoliticized („the state does not deal with it and it is not in any other way made an issue of public debate and decision‟), through politicized („the issue is part of public policy, requiring government decision and resource allocations or, more rarely, some other form of communal governance‟) to securitization (in which case an issue is no longer debated as a political question, but dealt with at an accelerated pace and in ways that may violate normal legal and social rules)[3]. This however effectively constitutes the nonpoliticized as an empty category (for an issue to be public rather than private it must presumably be either the subject of public policy, or it must be brought to the attention of the public) and since virtually all public issues are subjected to some form of regulation we find it more appropriate to redefine nonpoliticized issues as those which do not command political and/or media attention and which are regulated through consensual and technical measures; and politicized issues as those which are devoted close media and political scrutiny, generating debate and usually multiple policy approaches, while not commanding the threat-urgency modality of securitization.
Having emphasized the urgency requirement of security, the Copenhagen School argues that security discourse may constitute other referent objects than the state/nation as threatened and bring in other sectors than the military as long as this happens with the drama and saliency of national/international security and is accepted by the relevant audience. This broadening led to an explicit theorization of „societal security‟ as „the ability of a society to persist in its essential character under changing conditions and possible or actual threats‟, an expansion that allowed for the identification of security problems where national, religious, ethnic or racial groups feel threatened rather than protected by „their‟ state [4] The discursive articulation of urgency and extreme measures is thus central to the Copenhagen School’s delineation of the boundary between „security proper‟ and concepts that bear only a semantic semblance to „security‟ and hence also to how referent objects are defined. Thus „social security‟ is for instance defined as „about individuals‟ (and thus not about collective referent objects as in „international security‟) and „largely economic‟ (rather than „security‟) – neither are „investment securities‟, or insecurities related to crime or unemployment „real‟ securities. Methodologically, there is a certain ambiguity in securitization theory as it argues that the utterance of the word „security‟ is not the decisive criteria and that a securitization might consist of „only a metaphorical security reference‟[5]. Yet what this entails has not been further explored, and the majority of the theory leans in the direction of a more explicit verbal speech act methodology.
The Copenhagen School has modified its earlier refusal of a concept of individual security, but it still privileges collective security concepts and tends to replicate Security Studies‟ traditional juxtaposition of individual and collective security [6]„In practice, the middle scale of limited collectivities has proved the most amenable to securitization of durable referent objects‟, and „Security is an area of competing actors, but it is a biased one in which the state is still generally privileged as the actor historically endowed with security tasks and most adequately structured for this purpose‟[7]. This state/nation-individual dichotomy does however lock the Copenhagen School - and Security Studies - into a ritualized debate which downplays how political thought from the mid 17th century onwards has constituted security as a „relationship between individuals and states or societies‟ not as an either-or[8]. The individual and the state are united in that the principle of state sovereignty implies that the individual allocates authority and power to the state in exchange for the state‟s protection of her/his security. To define security as „national security‟ is thus implicitly to articulate an abstract conception of individual security as provided by the (idealized) state. On the other hand, to articulate security as „individual security‟ – as most of Human Security, Critical Security Studies, and Feminist approaches still do - necessitates a collective conception of how and by whom the securities of individuals are going to be negotiated. Since „individuals‟ do not appear in political discourse as free-standing entities, but with gendered, racial, religious, class and other collective identities, there is always going to be a tension between the different forms in which the individual can be constituted. A call for individual security against the atrocities - or even, merely overreaching - of the state is thus always also implicitly a call for an alternative political community and authority.
The concept of national security has proved remarkably stable precisely because it is linked to the principle of state sovereignty which offers a powerful resolution to questions of identity, order and authority. Yet, while „security‟ in the form of the political modality of national security (that is as threats, dangers, and emergency decisions) is as resilient as the state, neither the state nor „security‟ is uncontested or incontestable. Both depend on political and academic practices for the reproduction of their status, and the question thus becomes whether the discourse on cyber security reinforces the state/nation as a referent object, how individual responsibility is articulated to support (or challenge) collective security and authority, and whether this rearticulates the understanding of „security politics‟ itself.
Securitizing digital systems: the referent objects of cyber security
The history of cyber security as a securitizing concept begins with the disciplines of Computer and Information Science. Security comprised technical as well as human aspects and „it has significant procedural, administrative, physical facility, and personnel components‟. Crucially, threats to cyber security do not only arise from (usually) intentional agents, but also from systemic threats. These systemic threats, defined by Hundley and Anderson (1995/96, 232) as „cyberspace safety‟ stems from the inherent unpredictability of computers and information systems which by themselves „create unintended (potentially or actually) dangerous situations for themselves or for the physical and human environments in which they are embedded‟. Threats arise from software as well as hardware failures and cannot be corrected through perfecting digital technology and programming, there is in short an inherent ontological insecurity within computer systems[9].
„Computer security‟ would not however in most cases by itself qualify as a security concept according to the Copenhagen School. As Helen Nissenbaum points out, the majority of computer scientists adopt a technical discourse that is focused on developing good programs with a limited number of (serious) bugs and systems that are difficult to penetrate by outside attackers. In the move from „computer security‟ to „cyber security‟, this technical discourse is however linked to the securitizing discourse „developed in the specialized arena of national security‟[10]. „Cyber security‟ can in short be seen as „computer security‟ plus „securitization‟. In the 1991 CSTB report it is argued that „We are at risk‟ and in a remarkable mobilization of securitizing prose that „Tomorrow‟s terrorist may be able to do more damage with a keyboard than with a bomb‟. No major attacks have been launched so far, but it is a key element of securitizing discourse to argue that if action is not undertaken then serious incidents will materialize in the near future, thus „there is reason to believe that our luck will soon run out‟. The constitution of a much too complacent audience that does not realize the magnitude of these dangers is another key staple of securitizing discourse, „Very few individuals not professionally concerned with security … have ever been directly involved in or affected by a computer security incident. … Most people have difficulty relating to the intricacies of malicious computer actions‟. Although a large-scale cyber attack has not yet taken place, this is no time to „be too sanguine‟ as „the attack tools and methodologies are becoming widely available, and the technical capability and sophistication of users bent on causing havoc or disruption is improving‟[11]
Key to understanding the potential magnitude of cyber threats is the networked character of computer systems. These networks „control physical objects such as electrical transformers, trains, pipeline pumps, chemical vats, and radars‟ and attacks – or „cyberdisasters‟ - would „compromise systems and networks in ways that could render communications and electric power distribution difficult or impossible, disrupt transportation and shipping, disable financial transactions, and result in the theft of large amounts of money”. Although not necessarily directly connected the magnitude and simultaneity of these attacks would have cascading effects and thus networked consequences for referent objects beyond networks themselves. Networked computers have also dissolved the traditional boundary protecting the territorial nation state, „the infrastructure that makes up cyberspace – software and hardware – is global in its design and development‟ and cyber attacks may operate at a distance obfuscating „their identities, locations, and paths of entry”.[12]
There is RAND‟s scenario which shows aptly how cyber security discourse moves seamlessly across distinctions normally deemed crucial to Security Studies: between individual and collective security, between public authorities and private institutions, and between economic and political-military security. The private sector’s fear of hackers stealing large sums of money, intellectual property owner’s worry that file sharing compromises their rights and revenues,[13] and public, private, and civil society scares that bugged software and computer viruses will have damaging consequences produce a powerful blending of private-economic and public-national security concerns. Not only are large parts of the networks, the hardware, and software privately produced and owned and thus governed by financial considerations, but the security logics of the economic and the cyber sector have crucial similarities. The economic sector is also „rich in referent objects, ranging from individuals through classes and states to the abstract and complex system of the global market itself‟ [14]and in liberal economies instability and risk taking is built into the logic of capitalism itself. The modern economic system is, like the cyber network, constituted by trans-border flows, and authority and sovereignty is more ambiguously located than in traditional national-military security. It is in both sectors often difficult to identify where an attack originated, and with the global reach of the Internet/world economy, tricky questions of responsibility and enforcement are continuous sources of fraught cross-border and international treaty negotiations. That said, cyber security does not fully mirror the economic sector either: its securitizing potential exceeds that of the economic sector as strictly defined[15] and this in turn allows – or is an indication of – a much stronger link to national military security. Cyber security is not left to the liberal market, but implies a complex constellation of public-private responsibility and governmental authority.
Drawing upon the individual-collective resolution laid out above, the government consistently holds the private sector co-responsible for cyber security: not only does the latter own major parts of the computer network, it also possesses the knowledge – In general, the private sector is best equipped and structured to respond to an evolving cyber threat, Mobilizing civil liberties discourse further invokes a crucial balance between the public and the private that should not be violated: „The federal government should likewise not intrude into homes and small businesses, into universities, or state and local agencies and departments to create secure computer networks‟[16] To the government this allows for a distribution of the financial and political burden and it strategically engages critics who point to privacy violations. To the private sector, these securitizations boost its calls for the protection of intellectual property rights, for vigilant prosecution of cyber crimes, and for combating digital anonymity. Negotiation of the boundaries between the public and the private and between the economic and the political thus couples the network-fragmentation implied by „cyber‟ with an understanding of business and government as sharing the same goal. At the same time the political center still constitutes the private sector as responsible for major parts of the digital realm.
This academic and policy discourse articulates in sum a wide array of threats to government, business, individuals, and society as a whole perpetuated by hackers, criminals, terrorists, commercial organizations, and nations that adopt cyber strategies for financial, ideological, political or military gain. Yet obviously not all political or societal actors concur with the manner in which official American cyber security discourse has attempted to keep the public-private and individual-state resolutions in place. As Ronald J. Deibert (2002) and Diana Saco (1999) have argued cyber security is a terrain on which multiple discourses and (in) securities compete. Privacy advocates and cyber libertarians point to governmental violations of personal security (Saco 1999), and authoritarian (and not so authoritarian) regimes securitize transborder information flows as threats to regime/state security and national (societal) identity in a way that expands the threat-referent object constellation considerably (Deibert 2002). The question is therefore how we incorporate this complexity into our theoretical framework without loosing the sense of cyber security discourse as a distinct phenomenon?[17] argues that cyber security is constituted through four separate discourses with distinct referent objects, threats, policy options, and world orders: national security, state security (comprising external threats to state sovereignty as well as internal threats to regime security), private security, and network security and Saco holds that national and personal security compete. [18]
We agree with Deibert and Saco that cyber security should be theorized as a sector where multiple discourses may be found, yet we think that understanding this multi-discursivity as arising from competing articulations of constellations of referent objects, rather than separate referent objects, better captures the securitizing and political dynamic of the field. To see cyber security discourse as fragmenting along the lines of distinct referent objects downplays the ways in which cyber security discourse gains its coherence from making connections between referent objects rather than operating at separate tracks. Particularly crucial in the case of cyber security is the linkage between „networks‟ and „individual‟ and human collective referent objects. Thus it is not the case that a private security discourse constitutes the individual as its referent object, but rather that „the individual‟ of this discourse is linked to societal and political referent objects. Take the example of post-September 11 battles between governmental discourses legitimizing digital surveillance and data-mining through securitizing reference to the War on Terror and citizens groups fighting this legislation through reference to basic civic liberties and privacy issues. These are not two separate discourses with unrelated referent objects, but competing articulations of the appropriate individual-state contracts of the liberal state.[19] Moreover, it is not fully clear from Deibert‟s and Saco‟s accounts whether private security discourse operates through the political rather than the semantic modality of security. This does not mean that cyber „privacy‟ cannot be securitized, but this has to be mediated through a collective referent object, either a political-ideological one, questioning the appropriateness of the individual-state balance, and/or a national-societal one, mobilizing the values held to be the core of the community‟s identity. Similarly, a securitization of the network cannot, and does not, stop at the network itself: it is the implications of network break-downs for other referent objects, „society‟, „the regime‟, or „the economy‟ (which is again in turn linked to „state‟ and „society‟) that makes cyber securitization a plausible candidate for political and media attention. Securitization works in short by tying referent objects together, particularly by providing a link between those that do not explicitly invoke a bounded human collectively, such as „network‟ or „individual‟, with those that do. Contestation and multi-discursivity is thus found between competing articulations of linked referent objects as well as by tracing the potential internal instability of each discourse.
The Copenhagen School has argued that sectors are defined by the specific ways in which distinct „sub-forms‟ or grammars of securitization tie referent objects, threats and securitizing actors together. This section delineates three security modalities that are specific to the cyber sector. [20]
Hypersecuritization
The first concept, hypersecuritization, has been introduced by Barry Buzan to describe an expansion of securitization beyond a „normal‟ level of threats and dangers by defining „a tendency both to exaggerate threats and to resort to excessive countermeasures‟. [21] This definition has an objectivist ring to it in that to identify „exaggerated‟ threats implies that there are „real‟ threats that are not exaggerated. Moreover, the question of whether a securitization is seen as „exaggerating‟ concerns the degree to which it is successful (unsuccessful securitizations are seen as „exaggerating‟) and is not part of the grammatical specificities of sectors. Thus we suggest to drop the „exaggerated‟ from the definition of hypersecuritization and to apply it to the cyber sector to identify the striking manner in which cyber security discourse hinges on multi-dimensional cyber disaster scenarios that pack a long list of severe threats into a monumental cascading sequence and the fact that neither of these scenarios has so far taken place.[22]
The hypersecuritization of the entire network in cyber security creates an obvious resemblance to environmental security discourse where the fate of the planet is claimed at stake. Both discourses also emphasize irreversibility: once a species is extinct or a digital system gone, they can never be recreated in full. Yet, there are also crucial differences between the two discourses. First, the speed of the threat scenarios differ with cyber security gaining its power from the instantaneity of the cascading effects whereas environmental security usually allows for a gradual accumulation of threats and dangers until a certain threshold may be reached and events accelerate. This establishes different modalities of urgency and hence different spaces for political intervention. Second, there is a crucial difference in terms of the possibility of visualizing threats, and hence for how securitizing actors communicate to their audiences.[23] The digital, networked character of cyber security – and the absence of prior disasters – is hard to represent through images, whereas environmental security discourse may mobilize for example endangered and extinct species as well as melting ice caps and forests devastated by acid rain or clear-cutting.
Everyday security practice
The second grammar of cyber security, everyday security practices, points to the way in which securitizing actors, including private organizations and businesses, mobilize „normal‟ individuals‟ experiences in two ways: to secure the individual‟s partnership and compliance in protecting network security and to make hypersecuritization scenarios more plausible by linking elements of the disaster scenario to experiences familiar from everyday life. Everyday security practices do not reinstall a de-collectivized concept of individual security, but underscore that the acceptance of public security discourses may be facilitated by a resonance with an audience‟s lived, concrete experiences. The concept of audience is only briefly defined by Buzan, Wæver and de Wilde (1998, 41) as „those the securitizing act attempts to convince‟ and Thierry Balzacq has in a further development of the concept suggested that „the success of securitization is highly contingent upon the securitizing actor‟s ability to identify with the audience‟s feelings, needs and interests‟, and that „the speaker has to tune his/her language to the audience‟s experience‟.[24] Although elements of everyday securizations may be found in other sectors as well, they come out particularly strikingly in the case of cyber security.
Cyber securitizations of everyday life are distinct furthermore in their constitution of the individual not only as a responsible partner in fighting insecurity, but also as a liability or indeed a threat. Hence both public and private actors mobilize expert positions and rhetoric constituting „its‟ audience as one who should be concerned with its security. Adopting a simultaneously educational and securitizing discourse, OnGuard Online, set up by the Federal Trade Commission, warns for instance that through peer-to-peer file sharing „You may download material that is protected by the copyright laws and find yourself mired in legal issues. You may download a virus or facilitate a security breach. Or you may unwittingly download pornography labeled as something else‟.[25] The constitution of the digital as a dangerous space and the „ordinary‟ individual as an ambiguous partner and a potential threat is supported by medical metaphors like „viruses‟ and „infected computers‟ that underscore the need for „caution‟ and „protection‟. As in discourses of epidemics and contagion, cyber insecurities are generated by individuals who behave irresponsibly thus compromising the health of the whole.[26] proclaims that „Each American who depends on cyberspace, the network of information networks, must secure the part that they own or for which they are responsible‟ and FBI officials have suggested driver licenses for computer-owners (The Economist 2007a). A particular concern stems from the fact that computers may be infected with software that allows them to be used by attackers to route emails or launch denial of service attacks with no immediate effect to the owner. Connecting everyday security practices with hyper cascading scenarios, it is this inadvertent or careless behavior within a networked system that move cyber security out of the realm of „corporate security‟ or „consumer trust‟ and into the modality of „proper‟ national/societal security.
The challenges generated by the securitization of digital everyday life for governmental authorities as well as private businesses are thus quite significant. Neither wishes the broader public to become so petrified that it evacuates the digital, but they simultaneously install an individual moral responsibility that may easily move the subject from helpless to careless to dangerous. The broad institutional support behind initiatives such as OnGuard Online, which is set up by the Federal Trade Commission and a long series of partners, including the Department for Homeland Security, the National Consumers League and a series of other nonprofit nongovernmental organizations may furthermore be one that makes resistance difficult. Linking back to the critical argument of securitization theory, namely that „security‟ provides governments with the discursive and political legitimacy to adopt radical measures, the question becomes at which point and how these strategies, and their harmonious constitution of state-society relations, can become contested.
Technification
The strong emphasis on the hypothetical in cyber securitizations creates a particular space for technical, expert discourse. The knowledge required to master the field of computer security is daunting and often not available to the broader public, including Security Studies scholars. The breathtaking pace at which new technologies and hence methods of attacks are introduced further adds to the legitimacy granted to experts and the epistemic authority which computer and information scientists hold allow them the privileged role as those who have the authority to speak about the unknown. In the case of cyber security, experts have been capable of defying Huysmans‟[27] description of the invisible role of security experts as they have transcended their specific scientific locations to speak to the broader public in a move that is both facilitated by and works to support cyber securitizations claimed by politicians and the media.
As in most academic fields, computer scientists have disagreed on the likelihood of different forms of attacks, and since the field is also cloaked in military or business secrecy, the „normal‟ follower of these debates learns that „that much is withheld or simply not known, and estimates of damage strategically either wildly exaggerated or understated‟[28]. In the future, working with a computer, the Internet, or any other cyber system may become as dependable as turning on the lights or the water‟.[29] Leaving aside that for the majority of the world‟s poor, and even for the impoverished American, turning on the light or water may not be entirely dependable this echoes a technological utopianism that sidesteps the systemic, inherent ontological insecurity that computer scientists consistently emphasize. It also invokes an inherent tension between disaster and utopia as the future of cyber security.
The constitution of expert authority in cyber technifications invokes furthermore the tenuous relationship between „good‟ knowledge and „bad‟ knowledge, between the computer scientist and the hacker. The hacker, has undergone a critical shift in Western policy and media discourse, moving from a previous subject position as geeky, apolitical, and driven by the boyish challenge of breaking the codes to one of thieves, vandals and even terrorists.1 Although „hackers‟ as well as others speaking on behalf of „hacktivista‟ – the use of hacking for dissident, normatively desirable purposes – have tried to reclaim the term, both official and dissident discourse converge in their underscoring of the general securitization of the cyber sector insofar as past political hacker naivety is no longer possible.
The privileged role allocated to computer and information scientists within cyber security discourse is in part a product of the logic of securitization itself: if cyber security is so crucial it should not be left to amateurs. Computer scientists and engineers are however not only experts, but technical ones and to constitute cyber security as their domain is to technify cyber security. Technifications are, as securitizations, speech acts that „do something‟ rather than merely describe and they construct an issue as reliant upon technical, expert knowledge, but they also simultaneously presuppose a politically and normatively neutral agenda that technology serves. The mobilization of technification within a logic of securitization is thus one that allows for a particular constitution of epistemic authority and political legitimacy.[30] It constructs the technical as a domain requiring an expertise that the public (and most politicians) do not have and this in turn allows „experts‟ to become securitizing actors while distinguishing themselves from the „politicking‟ of politicians and other „political‟ actors. Cyber security discourse‟s simultaneous securitization and technification work to prevent it from being politicized in that it is precisely through rational, technical discourse that securitization may „hide‟ its own political roots.
The technical and the securitized should therefore not be seen as opposed realms or disjunct discursive modalities, but as deployable in complex, interlocking ways; not least by those securitizing actors who seek to depoliticize their discourses‟ threat and enemy constructions through linkages to „neutral‟ technologies. A securitization by contrast inevitably draws public attention to what is done in the name of security and this provides a more direct point of critical engagement for those wishing to challenge these practices than if these were constituted as technical. [31]
[1] Hansen, Lene. 2008. “Visual Securitization: Taking Discourse Analysis from the Word to the Image.” Paper
presented at the 49th International Studies Convention, San Francisco, March 26-29.
[2] Huysmans, Jef. 2006. The Politics of Insecurity: Fear, migration and asylum in the EU. London: Routledge
[3] Buzan, Barry, Ole Wæver, and Jaap de Wilde. 1998. Security: A New Framework For Analysis. Boulder: Lynne Rienner p.23
[4] Wæver, Ole, Barry Buzan, Morten Kelstrup, and Pierre Lemaitre. 1993. Identity, Migration and the New Security Agenda in Europe. London: Pinter. P 23-26
[5] Buzan, Barry, Ole Wæver, and Jaap de Wilde. 1998. Security: A New Framework for Analysis. Boulder: Lynne Rienner p.27
[6] Hansen, Lene. 2000. “The Little Mermaid‟s Silent Security Dilemma and the Absence of Gender in the Copenhagen School.” Millennium 29 (2): 285-306
[7] Buzan, Barry, Ole Wæver, and Jaap de Wilde. 1998. Security: A New Framework For Analysis. Boulder: Lynne Rienner.p36-37
[8] Rothschild, Emma. 1995. “What is Security?” Dædalus 124 (3), p61
[9] Denning, Dorothy E. 1999. Information Warfare and Security. Reading, Massachusetts: Addison-Wesley 290-292
[10] Nissenbaum, Helen. 2005. “Where computer security meets national security.” Ethics and Information Technology 7 (2): 61-73.
[11] The National Strategy to Secure Cyberspace. 2003. Washington, D.C.: The White House VIII
[12] Hansen Lene and Helen Nissenbaum Digital Disaster, Cyber Security and the Copenhagen School1 Dec 2009, p2
[13] Nissenbaum, Helen. 2005. “Where computer security meets national security.” Ethics and Information Technology 7 (2): 65
[14] Buzan, Barry, Ole Wæver, and Jaap de Wilde. 1998. Security: A New Framework For Analysis. Boulder: Lynne Rienner. p100
[15]Buzan, Barry, Ole Wæver, and Jaap de Wilde. 1998. Security: A New Framework For Analysis. Boulder: Lynne Rienner.116-117
[16] The National Strategy to Secure Cyberspace. 2003. Washington, D.C.: The White House p 11
[17] Deibert, Ronald J. 2002. “Circuits of Power: Security in the Internet Environment.” In Information Technologies and Global Politics: The Changing Scope of Power and Governance, eds. James N. Rosenau and J. P. Singh. Albany: State University of New York, 115-142.
[18] Hansen Lene and Helen Nissenbaum Digital Disaster, Cyber Security and the Copenhagen School1 Dec 2009, p8
[19] Saco, Diana. 1999. “Colonizing Cyberspace: “National Security” and the Internet.” In Cultures of Insecurity: States, Communities, and the Production of Danger, eds. Jutta Weldes, Mark Laffey, Hugh Gusterson and Raymond Duvall. Minneapolis: University of Minnesota Press, 290.
[20] Buzan, Barry, Ole Wæver, and Jaap de Wilde. 1998. Security: A New Framework For Analysis. Boulder: Lynne Rienner. p 27
[21] Buzan, Barry 2004. The United States and the Great Powers: World Politics in the Twenty-First Century. Cambridge: Polity. p 172
[22] Hansen Lene and Helen Nissenbaum Digital Disaster, Cyber Security and the Copenhagen School1 Dec 2009, p 9
[23] Williams, Michael C. 2003. “Words, Images, Enemies: Securitization and International Politics.” International Studies Quarterly 47 (4): 511-529.
[24] Balzacq, Thierry. 2005. “The Three Faces of Securitization: Political Agency, Audience and Context.” European Journal of International Relations 11 (2): p 184
[25] OnGuard. 2008. “P2P Security.” Posted at http://www.onguardonline.gov/topics/p2p-security.aspx, accessed on October 31, 2008.
[26] The National Strategy to Secure Cyberspace. 2003. Washington, D.C.: The White House. p 11
[27] Huysmans, Jef. 2006. The Politics of Insecurity: Fear, migration and asylum in the EU. London: Routledge. p 9
[28] Nissenbaum, Helen. 2005. “Where computer security meets national security.” Ethics and Information Technology 7 (2): 72
[29] The National Strategy to Secure Cyberspace. 2003. Washington, D.C.: The White House. p 35
[30] Huysmans, Jef. 2006. The Politics of Insecurity: Fear, migration and asylum in the EU. London: Routledge p 6
[31] Hansen Lene and Helen Nissenbaum Digital Disaster, Cyber Security and the Copenhagen School1
Dec 2009, p 13
